a2727a274888f2eb0c061675ca3ef363

Sharing

Copy URL Twitter E-mail

General

Target

a2727a274888f2eb0c061675ca3ef363
Size

158KB
MD5

a2727a274888f2eb0c061675ca3ef363
SHA1

9e32fe67f9d527cc5f972b34e7e3e4090f36a41b
SHA256

3da0262260928921f97eb320741c7bddae017162d46cac402fcca0f98603d2e9
SHA512

b57b3160a4d9985ac4c8bc719119c250a7623163c7b221f1d173a0a9515ab48fdab3d84992680d81c2242e1e566c55f6710df288e59a2cb331c7557082fd3b4c
SSDEEP

3072:h3jxPGORgz8idNx8H5N8NdExmcRimNR8MgSLEs+qpje7JpsSlUGCC7Lnv1:FxP9mz8wnM5N8nE1RPN7WsAFtUsN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2727a274888f2eb0c061675ca3ef363

Files

a2727a274888f2eb0c061675ca3ef363
.exe windows:1 windows x86 arch:x86

3ddfd974589f91e0b96b84606ed389ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
TerminateProcess
GetEnvironmentStringsW
Module32First
GetEnvironmentVariableA
FreeEnvironmentStringsA
GetTimeFormatA
GetStartupInfoA
ResetEvent
GetConsoleMode
HeapCreate
VerLanguageNameA
TerminateThread
CreateFileA
SetLastError
ReadProcessMemory
GetSystemDirectoryA
SetFilePointer
GetProcessHeap
GetModuleHandleA
WaitForSingleObject
GetStringTypeW
GetTickCount
lstrcmpiA

user32

DestroyWindow
DefMDIChildProcA
DrawMenuBar
DeleteMenu
DrawIconEx
IsDialogMessageA
ScreenToClient
IsDlgButtonChecked
GetWindowRect
ReleaseDC
MoveWindow
ShowWindow
SetWindowPos
SetTimer
MessageBoxA
BeginPaint
InvalidateRect
GetDlgCtrlID
GetKeyState
GetClassNameA
DefFrameProcA

gdi32

GetTextExtentPoint32A
CreateSolidBrush
SaveDC
ExtTextOutA
RectInRegion
CreatePen
LineTo
GetObjectA
SelectObject
SetTextColor
DeleteObject
EndPage
SetBkColor
RestoreDC
StartDocA
MoveToEx
GetStockObject
GetBkColor
SetTextAlign

msvcrt

putc
swprintf
_ismbcl2
_mbsrchr
_safe_fprem1
_safe_fdiv
__set_app_type
_gmtime64
__setusermatherr
_adj_fptan
__p__commode
_setjmp
_get_osfhandle
__p__fmode
_purecall
atof
_chmod
_beep
_adj_fdivr_m32i
_wrmdir
_mktime64
_exit
_adjust_fdiv
_wfopen
wcspbrk
_except_handler3
memcpy
_XcptFilter
_scwprintf
_controlfp
_getmbcp
_initterm
_pipe
_acmdln
_snwscanf
exit
__getmainargs

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ddfd974589f91e0b96b84606ed389ae

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msvcrt

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 184KB

.rsrc Size: 127KB - Virtual size: 126KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 184KB

.rsrc
Size: 127KB - Virtual size: 126KB