2f0ef57079a1d6ca14b41e3d42d7d80a3411bf33465b64440e479f0936ddef93 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2f0ef57079a1d6ca14b41e3d42d7d80a3411bf33465b64440e479f0936ddef93
Size

7.6MB
MD5

00bc02d87ae9bf243ba659cc52987969
SHA1

eaae5b7f164739150cf1062cab7727a2af011928
SHA256

2f0ef57079a1d6ca14b41e3d42d7d80a3411bf33465b64440e479f0936ddef93
SHA512

5ad8a91391c3dfde45fd398e32d56c86f4c6c75a562380dfa133c18bba92632d6267d7955b36d8b7220332e312de9d6a99fdac81c305605a55ab5eeee0c1c225
SSDEEP

98304:xh3ZwBWxT7txvY4yMaH8GWxfsRTXiuzoRGvlVK5EFlM7U5m+WDYVipfGjLcysWFo:X32ExvzaHLW9Y7tsRGWeTvEXDYFjfP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f0ef57079a1d6ca14b41e3d42d7d80a3411bf33465b64440e479f0936ddef93

Files

2f0ef57079a1d6ca14b41e3d42d7d80a3411bf33465b64440e479f0936ddef93
.exe windows:6 windows x86 arch:x86

9dffb995196972be44e2ef33d5deccde

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

PostThreadMessageA

advapi32

RegQueryValueExA

urlmon

URLDownloadToCacheFileA

Sections

.text
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

._0T
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.b~9
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.'+|
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

-t�W�u-
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE