2756ddc24d2f9695563da826a7351bbf13a01febe2a03b7a00d62b9f3f5807d2

Sharing

Copy URL

Twitter E-mail

General

Target

2756ddc24d2f9695563da826a7351bbf13a01febe2a03b7a00d62b9f3f5807d2
Size

6.3MB
MD5

10a5953fc7996a0d5746ff2e57de9ad8
SHA1

cc25c01456c167f51b1c566960c4f7879b0acc63
SHA256

2756ddc24d2f9695563da826a7351bbf13a01febe2a03b7a00d62b9f3f5807d2
SHA512

a267aa7aa8b228eb848fb64308db5abfacc843fb5b9e24630201c74bbb88f5572598b98c0175cd1e2ee1baebc355211650ae4c137d584e0a260ef18a59e9d656
SSDEEP

98304:FDrQcTSgSaUm0sKn9JE/mVxfbHEXr68jVLWieiB9pIA74+:FDMcT640suE/KVbkXOKViizPpI+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2756ddc24d2f9695563da826a7351bbf13a01febe2a03b7a00d62b9f3f5807d2

Files

2756ddc24d2f9695563da826a7351bbf13a01febe2a03b7a00d62b9f3f5807d2
.exe windows:6 windows x86 arch:x86

410a0b262f1c4d9a86c700f5864e57ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

wsprintfA

gdi32

CreateCompatibleBitmap

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CoInitialize

ws2_32

WSAStartup

crypt32

CryptUnprotectData

shlwapi

PathFindExtensionA

gdiplus

GdipGetImageEncoders

setupapi

SetupDiEnumDeviceInfo

ntdll

RtlUnicodeStringToAnsiString

rstrtmgr

RmStartSession

Exports

Exports

Start

Sections

.text
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp|$PA
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp|$PA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp|$PA
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

410a0b262f1c4d9a86c700f5864e57ee

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

ws2_32

crypt32

shlwapi

gdiplus

setupapi

ntdll

rstrtmgr

Exports

Exports

Sections

.text Size: - Virtual size: 1.0MB

.rdata Size: - Virtual size: 142KB

.data Size: - Virtual size: 18KB

.vmp|$PA Size: - Virtual size: 3.0MB

.vmp|$PA Size: 1KB - Virtual size: 1KB

.vmp|$PA Size: 6.3MB - Virtual size: 6.3MB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 34KB

.text
Size: - Virtual size: 1.0MB

.rdata
Size: - Virtual size: 142KB

.data
Size: - Virtual size: 18KB

.vmp|$PA
Size: - Virtual size: 3.0MB

.vmp|$PA
Size: 1KB - Virtual size: 1KB

.vmp|$PA
Size: 6.3MB - Virtual size: 6.3MB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 34KB