c2dd284ec2ebe5f2f5b7d602d442d368

Sharing

Copy URL Twitter E-mail

General

Target

c2dd284ec2ebe5f2f5b7d602d442d368
Size

597KB
MD5

c2dd284ec2ebe5f2f5b7d602d442d368
SHA1

272c8d340abbb58e5fe8ebc6c4daa6569d3f68a9
SHA256

bd6a3df8ea8f8120674053c5743ee0f775fcb16d2cf2da7c2a30600a929456fb
SHA512

9ac71e1834b4f4d2b6c094d14871e59dfc100be1cebb5ab053bc21bd06aee03dee6f0abeb7f0f5c3640fb0b3422bcc68d69d68fcf3731acf22e4e8a37f39d7a6
SSDEEP

12288:WVhwrvHotbRVhXIATQkr9DAb7pNJ2AiVCvgaRiKHCo5+f9T:WVjRApkrmb7pNP49aRPCL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c2dd284ec2ebe5f2f5b7d602d442d368

Files

c2dd284ec2ebe5f2f5b7d602d442d368
.exe windows:4 windows x86 arch:x86

cf888e7eca27d2a0fcd6009718e88a6a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ExtractIconA
DoEnvironmentSubstA
SheChangeDirA
RealShellExecuteExA

comdlg32

GetFileTitleW

kernel32

SetHandleCount
GetCurrentProcess
GetProcAddress
CompareStringW
VirtualQuery
HeapCreate
IsValidLocale
FreeEnvironmentStringsW
FreeEnvironmentStringsA
LCMapStringW
GetModuleFileNameW
CreateThread
InterlockedDecrement
SetUnhandledExceptionFilter
GetConsoleMode
HeapSize
GetTickCount
FlushFileBuffers
SetFilePointer
lstrlenA
WriteConsoleA
TerminateThread
DebugBreak
SetLastError
UnhandledExceptionFilter
MultiByteToWideChar
LockFileEx
LeaveCriticalSection
GetModuleHandleW
EnumSystemCodePagesW
GetCommandLineA
RtlUnwind
QueryPerformanceCounter
IsDebuggerPresent
EnumSystemLocalesA
WideCharToMultiByte
GetDateFormatA
HeapAlloc
FreeLibrary
GetTimeFormatA
GetLastError
GetModuleFileNameA
OutputDebugStringW
CompareStringA
GetOEMCP
GetStringTypeA
GetStartupInfoA
LoadLibraryW
TerminateProcess
GetCurrentProcessId
HeapValidate
InitializeCriticalSectionAndSpinCount
TlsAlloc
SetEnvironmentVariableA
IsBadReadPtr
GetConsoleOutputCP
GetLocaleInfoW
InterlockedIncrement
SetStdHandle
ConnectNamedPipe
IsValidCodePage
HeapFree
GetLocaleInfoA
LoadLibraryA
RaiseException
LCMapStringA
EnterCriticalSection
WriteFile
TlsFree
HeapDestroy
GetModuleHandleA
GetFileType
GetCurrentThreadId
TlsGetValue
WriteConsoleW
VirtualAlloc
DeleteAtom
GetCurrentThread
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
GetCompressedFileSizeW
GetStringTypeW
GetTimeZoneInformation
HeapReAlloc
GetEnvironmentStringsW
GetCPInfo
GetPrivateProfileSectionW
TlsSetValue
InterlockedExchange
GetConsoleCP
CreateFileA
Sleep
ExitProcess
GetEnvironmentStrings
WriteConsoleOutputW
VirtualFree
OutputDebugStringA
GetUserDefaultLCID
CloseHandle
GetStdHandle
DeleteCriticalSection
GetACP
WriteConsoleOutputA
GetProcessHeap

user32

ValidateRgn
GetUpdateRgn
IntersectRect
AdjustWindowRectEx
CountClipboardFormats
SendMessageTimeoutW
CheckMenuItem
EnumWindowStationsA
DragObject
CreateWindowExW
GetClassWord
GetSystemMenu
IsWindowEnabled
SetWindowTextW
GetMessageA
GetListBoxInfo
OpenWindowStationW

wininet

InternetCloseHandle
FindNextUrlCacheEntryExW
GopherGetAttributeA

Sections

.text
Size: 255KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf888e7eca27d2a0fcd6009718e88a6a

Headers

File Characteristics

Imports

shell32

comdlg32

kernel32

user32

wininet

Sections

.text Size: 255KB - Virtual size: 255KB

.rdata Size: 44KB - Virtual size: 63KB

.data Size: 284KB - Virtual size: 283KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 255KB - Virtual size: 255KB

.rdata
Size: 44KB - Virtual size: 63KB

.data
Size: 284KB - Virtual size: 283KB

.rsrc
Size: 12KB - Virtual size: 12KB