2e42dbe551bff292e4164e452022bbbd371c71de9fe1364157d162375c604980

Sharing

Copy URL Twitter E-mail

General

Target

2e42dbe551bff292e4164e452022bbbd371c71de9fe1364157d162375c604980
Size

228KB
MD5

401311a43c0e7660214ea9b434d00500
SHA1

eb0a87e54c447eb4eec00caaa74aad209bed4880
SHA256

2e42dbe551bff292e4164e452022bbbd371c71de9fe1364157d162375c604980
SHA512

977154886edaf0cfb5562e4ef482365f0cea3cb2674127d25ce7ca09f255bb86d2eb96392a7ac628fd7dc0fee9cda4c0e99917927842c2e9e1a9154026071ee0
SSDEEP

6144:dlyijC9SDKnBZEZZPEfQsSlNley50yknDEmgBJocoVnX+3VUbXN0qQwV:dlyivDKnDQsSlNley50yknDEmgBJofXn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e42dbe551bff292e4164e452022bbbd371c71de9fe1364157d162375c604980

Files

2e42dbe551bff292e4164e452022bbbd371c71de9fe1364157d162375c604980
.exe windows:1 windows x86 arch:x86

ddc0988066716b5b0626490552df6a85

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

kernel32

CloseHandle
CreateDirectoryA
CreateFileA
DeleteFileA
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
GetACP
GetCPInfo
GetCommandLineA
GetCurrentProcess
GetCurrentThreadId
GetDateFormatA
GetEnvironmentStrings
GetFileAttributesA
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetTickCount
GetVersion
GetVersionExA
GlobalMemoryStatus
InitializeCriticalSection
LeaveCriticalSection
LocalAlloc
LocalFree
MultiByteToWideChar
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WideCharToMultiByte
WriteFile
lstrcatA
lstrcmpA
lstrcpyA
lstrlenA

gdi32

CreatePen
CreateSolidBrush
DeleteObject
GetStockObject
LineTo
MoveToEx
SelectObject
SetBkMode
SetTextColor
TextOutA

user32

CheckMenuItem
CreateWindowExA
DefWindowProcA
DispatchMessageA
EnableMenuItem
EnumThreadWindows
ExitWindowsEx
FillRect
GetClientRect
GetDC
GetMenu
GetMessageA
InvalidateRect
KillTimer
LoadCursorA
LoadIconA
MessageBeep
MessageBoxA
RegisterClassA
ReleaseDC
SendMessageA
SetClassLongA
SetTimer
SetWindowTextA
ShowWindow
TranslateMessage
UpdateWindow

Exports

Exports

@__lockDebuggerData$qv
@__unlockDebuggerData$qv
__DebuggerHookData
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ddc0988066716b5b0626490552df6a85

Headers

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

Exports

Exports

Sections

.text Size: 188KB - Virtual size: 188KB

.data Size: 24KB - Virtual size: 32KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 4KB

.reloc Size: 9KB - Virtual size: 12KB

.text
Size: 188KB - Virtual size: 188KB

.data
Size: 24KB - Virtual size: 32KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB

.reloc
Size: 9KB - Virtual size: 12KB