a2ac58ea6178c6bfbf2fa5e2bb49ffe7808a33d0e55ba2fa81229eb8d4ecae5c

Sharing

Copy URL

Twitter E-mail

General

Target

a2ac58ea6178c6bfbf2fa5e2bb49ffe7808a33d0e55ba2fa81229eb8d4ecae5c
Size

1010KB
MD5

0210903aeeea2a78e792874eafc4cec0
SHA1

8f3bdda70aac230e55e2a769a7fd89bb612b081a
SHA256

a2ac58ea6178c6bfbf2fa5e2bb49ffe7808a33d0e55ba2fa81229eb8d4ecae5c
SHA512

a1acca46b2a8fd7c4b04ea2af6a61ad52715478eab1ef8c007f692f1b7223a28b40fdc63a48ffa3e9ab7d4fd5141a6c0806eb3b7fc40d6ab044ce7e963eb2c95
SSDEEP

24576:EEpQQJvKPzvYZHTHy7wX7bHsMQ4/O6yMLprOInyT/Swl8Mi9:1KPzvoS7wXvYMLprznyDSga9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2ac58ea6178c6bfbf2fa5e2bb49ffe7808a33d0e55ba2fa81229eb8d4ecae5c

Files

a2ac58ea6178c6bfbf2fa5e2bb49ffe7808a33d0e55ba2fa81229eb8d4ecae5c
.exe windows:4 windows x86 arch:x86

2dfc2c74864b84f5530ab40a343c56d8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

t:\setupexe\x86\ship\0\setup.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

advapi32

RegQueryValueExA
RegFlushKey
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExA

kernel32

lstrcmpW
GetCommandLineW
SetCurrentDirectoryW
GlobalFree
GetModuleFileNameW
TlsFree
LoadLibraryExW
TlsSetValue
TlsGetValue
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc
VerifyVersionInfoW
VerSetConditionMask
RemoveDirectoryW
GetTempPathW
GetFullPathNameW
CopyFileW
DeleteFileW
SetFileAttributesW
GetFileAttributesW
lstrlenW
GetThreadLocale
FreeLibrary
GetModuleHandleW
GetProcAddress
lstrlenA
WriteFile
CreateFileW
SetFilePointer
FindFirstFileW
FindClose
IsProcessorFeaturePresent
GlobalMemoryStatus
GetCurrentProcess
CompareStringW
CompareStringA
FormatMessageW
ExpandEnvironmentStringsW
MultiByteToWideChar
WideCharToMultiByte
GetVersion
CloseHandle
LocalFree
GetTimeZoneInformation
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
SetErrorMode
GetVersionExW
GetLastError
FindNextFileW
SetLastError
TlsAlloc
GetCommandLineA
GetVersionExA
GetStartupInfoA
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetSystemTimeAsFileTime
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
InterlockedIncrement
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
Sleep
HeapSize
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
InterlockedExchange
LoadLibraryA
InitializeCriticalSection
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateFileA
OutputDebugStringA
GetSystemInfo

ole32

CoUninitialize
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleRun
CoInitializeEx

shell32

CommandLineToArgvW
SHCreateDirectoryExW

user32

CharNextA
MessageBoxW
CharUpperA
CharUpperW
CharLowerA
CharLowerW

shlwapi

PathGetCharTypeW

wintrust

WinVerifyTrust

dbghelp

SymGetSymFromAddr64
SymInitialize
SymGetLineFromAddr64

oleaut32

GetErrorInfo
VariantChangeType
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString
VariantInit
VariantClear

msi

ord8
ord159
ord160
ord110
ord117
ord91
ord67
ord172
ord180
ord95
ord31
ord65
ord71
ord141

Sections

.text
Size: 307KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 580KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2dfc2c74864b84f5530ab40a343c56d8

Headers

File Characteristics

PDB Paths

Imports

version

advapi32

kernel32

ole32

shell32

user32

shlwapi

wintrust

dbghelp

oleaut32

msi

Sections

.text Size: 307KB - Virtual size: 307KB

.data Size: 28KB - Virtual size: 30KB

.rsrc Size: 94KB - Virtual size: 93KB

.reloc Size: 580KB - Virtual size: 584KB

.text
Size: 307KB - Virtual size: 307KB

.data
Size: 28KB - Virtual size: 30KB

.rsrc
Size: 94KB - Virtual size: 93KB

.reloc
Size: 580KB - Virtual size: 584KB