2c8b4f4d11e1ca28e94e642b51c9a36f0abba4269bf19891821276cc2ab501af

Sharing

Copy URL Twitter E-mail

General

Target

2c8b4f4d11e1ca28e94e642b51c9a36f0abba4269bf19891821276cc2ab501af
Size

425KB
MD5

037153996cd7868d96cd5cd123aff820
SHA1

8a32ba68468080d25f00d5df5d07479411e8e9cd
SHA256

2c8b4f4d11e1ca28e94e642b51c9a36f0abba4269bf19891821276cc2ab501af
SHA512

ef2ca07219d5f1371ed37320fb526c6222589ec47f00f22db5a2103ecb7306b576f4c0a0d7adfef95de18c67aa0f0da41883b7ecb3421fb5fcfacf6b7b26bee4
SSDEEP

6144:1Mdg7rp5p0FY9m9StuG4UPcaQegrNn6yoVu/JFxOQDSgcXiUOdZyBnzkILYmN2U3:CdM4mm9S8BULBgxVoYJFle1kIEmgJa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c8b4f4d11e1ca28e94e642b51c9a36f0abba4269bf19891821276cc2ab501af

Files

2c8b4f4d11e1ca28e94e642b51c9a36f0abba4269bf19891821276cc2ab501af
.exe windows:4 windows x86 arch:x86

5df72b470599921ccd140045541a7708

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStringsW
LCMapStringA
CompareStringA
DeleteCriticalSection
HeapDestroy
GetACP
HeapAlloc
LoadLibraryA
GetDateFormatA
WriteFile
EnterCriticalSection
GetPrivateProfileStringW
FreeEnvironmentStringsW
GetLocaleInfoA
InterlockedExchange
VirtualFree
GetFileType
IsBadWritePtr
IsValidCodePage
EnumSystemLocalesA
GetStringTypeW
GetStdHandle
IsValidLocale
GetStringTypeA
GetSystemInfo
MultiByteToWideChar
GetVersionExA
InitializeCriticalSection
GetProcAddress
GetCommandLineA
HeapSize
HeapFree
CompareStringW
GetStartupInfoA
FillConsoleOutputCharacterA
SetHandleCount
VirtualQuery
WideCharToMultiByte
SetLastError
GetSystemTimeAsFileTime
GetLastError
TlsAlloc
GetCurrentThread
HeapCreate
HeapReAlloc
VirtualProtect
ExitProcess
GetCPInfo
FreeEnvironmentStringsA
VirtualAlloc
TerminateProcess
QueryPerformanceCounter
GetCurrentProcess
TlsSetValue
GetModuleHandleA
GetTimeZoneInformation
TlsFree
TlsGetValue
GetCurrentThreadId
RtlUnwind
LCMapStringW
GetOEMCP
GetUserDefaultLCID
GetCurrentProcessId
GetModuleFileNameA
UnhandledExceptionFilter
GetLocaleInfoW
SetEnvironmentVariableA
GetTickCount
LeaveCriticalSection
GetEnvironmentStrings
GetTimeFormatA

user32

PostThreadMessageA
EnumDisplayMonitors

comdlg32

ReplaceTextW
ReplaceTextA
ChooseFontA
GetOpenFileNameW
GetOpenFileNameA
PrintDlgA
ChooseColorW
LoadAlterBitmap
PageSetupDlgW
FindTextW
PageSetupDlgA

advapi32

DuplicateTokenEx
RegQueryMultipleValuesW
RegConnectRegistryW
LookupAccountNameA
LookupPrivilegeValueA
CryptDuplicateKey
CryptSetProviderW
CryptContextAddRef
CryptVerifySignatureW
CryptSetHashParam
CryptGetProvParam
RegReplaceKeyA
LogonUserA
LookupPrivilegeDisplayNameA
LogonUserW

Sections

.text
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 272KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5df72b470599921ccd140045541a7708

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

Sections

.text Size: 138KB - Virtual size: 138KB

.data Size: 272KB - Virtual size: 286KB

.rsrc Size: 13KB - Virtual size: 12KB

.text
Size: 138KB - Virtual size: 138KB

.data
Size: 272KB - Virtual size: 286KB

.rsrc
Size: 13KB - Virtual size: 12KB