ba2b70181b66f289cc874ddb69cc9946

Sharing

Copy URL Twitter E-mail

General

Target

ba2b70181b66f289cc874ddb69cc9946
Size

111KB
MD5

ba2b70181b66f289cc874ddb69cc9946
SHA1

60ee1457c97022be2534acd4a0988451cefa42e5
SHA256

256cab8e3b439d5bd2cb0940f254bab25142c63ea51bf94f475b2e56644029e1
SHA512

16fcb4f6b66ee3ebddb0a5454a3056df56f39efb5baeece0f3124180023518aed903d3aba3d2438a3598f9aebb62b9d8da266beda55556f9d8bf34202c21540b
SSDEEP

3072:VwyAGaoYtoDyXYiiMRvbxWrWGzyhb3JIu9gBnELoGQ:VwPGUtoDyXBiwbxWaQoJIA8nE8GQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba2b70181b66f289cc874ddb69cc9946

Files

ba2b70181b66f289cc874ddb69cc9946
.exe windows:1 windows x86 arch:x86

a424dbf5f7e58c783405a4d1d6330cdf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCurrentDirectoryA
OpenProcess
Sleep
ResetWriteWatch
SetConsoleTextAttribute
DuplicateHandle
lstrcpyA
VirtualFree
BuildCommDCBA
FindClose
FindNextFileA
EnterCriticalSection
GetWindowsDirectoryA
GetModuleFileNameA
GetSystemDirectoryW
CreateFileA
GetFileAttributesA
WriteFile
GetConsoleKeyboardLayoutNameA
VirtualAlloc
LeaveCriticalSection
FindFirstFileA
DeleteFileA
SearchPathA
CloseHandle
lstrcatA
GetModuleHandleA
ReadFile
GetFirmwareEnvironmentVariableW
GlobalUnfix
SetConsoleCursor
CopyFileA
InitializeCriticalSection
GetSystemDirectoryA
SetVDMCurrentDirectories
ClearCommBreak
WritePrivateProfileSectionW
GetFileSizeEx
GetLastError
UnlockFileEx
GetCurrentProcess
lstrcpyW

advapi32

OpenProcessToken
ChangeServiceConfigA
InitiateSystemShutdownExW
RegSetValueExA
CryptDestroyHash
CloseServiceHandle
SetEntriesInAuditListA
RegCreateKeyA
LookupPrivilegeValueA
OpenSCManagerA
BuildExplicitAccessWithNameA
RegCloseKey
EnumServicesStatusA
RegOpenKeyA
RegQueryValueExA
AdjustTokenPrivileges

ntdll

NtQuerySystemInformation
ZwLoadDriver
NtQueryObject
sprintf
wcsstr
memcpy
RtlInitAnsiString
strstr
strlen
vsprintf
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString

ole32

CoCreateGuid

ws2_32

WSAStartup
socket
send
gethostbyname
htons
getservbyname
closesocket
connect
WSANSPIoctl
shutdown

psapi

EnumProcesses
GetProcessImageFileNameA

user32

ExitWindowsEx
OemToCharA
CharLowerW

Sections

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 401B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a424dbf5f7e58c783405a4d1d6330cdf

Headers

File Characteristics

Imports

kernel32

advapi32

ntdll

ole32

ws2_32

psapi

user32

Sections

.data Size: 12KB - Virtual size: 11KB

.text Size: 512B - Virtual size: 401B

.idata Size: 2KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 11KB

.text
Size: 512B - Virtual size: 401B

.idata
Size: 2KB - Virtual size: 2KB