2eb90390054814094907a2dfdc1f59a7b0ba72216241f124a2ce98cd0998e5c0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

2eb90390054814094907a2dfdc1f59a7b0ba72216241f124a2ce98cd0998e5c0.exe
Size

5.6MB
MD5

925fb185ad23c98a866699a17cbd1ec0
SHA1

16d3765efb1f91bce56e057002882b72089e8b5c
SHA256

2eb90390054814094907a2dfdc1f59a7b0ba72216241f124a2ce98cd0998e5c0
SHA512

17d40c23f59da09b32823dd32c4b9d3e702fe5b7173fa777484aa83c121098856d8d641d7dd3d334af7e9878903cba14c7afad756314dda41fa1af2628b73d6b
SSDEEP

98304:o5W+1MdGFBL/OskwDqQ4FXCcOwxA+LPmezNjjBAUZLwMe8n:odBL/Oskw4dOwxADehnVEM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2eb90390054814094907a2dfdc1f59a7b0ba72216241f124a2ce98cd0998e5c0.exe

Files

2eb90390054814094907a2dfdc1f59a7b0ba72216241f124a2ce98cd0998e5c0.exe
.exe windows:6 windows x86 arch:x86

982348d4e4a909e26a27ceef2ba4e187

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

ws2_32

accept
__WSAFDIsSet
bind
closesocket
getservbyname
getservbyport
gethostbyname
gethostbyaddr
ntohs
inet_addr
htons
ntohl
htonl
freeaddrinfo
getaddrinfo
WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup
socket
shutdown
setsockopt
send
select
recv
listen
inet_ntoa
getsockopt
getpeername
ioctlsocket
connect

kernel32

FormatMessageA
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
SetConsoleTextAttribute
GetNumberOfConsoleInputEvents
ReadConsoleInputA
GetConsoleCursorInfo
SetConsoleCursorInfo
WriteConsoleOutputA
SetConsoleTitleA
GetCurrentProcessId
AllocConsole
SetUnhandledExceptionFilter
Sleep
GetCurrentDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
GetDiskFreeSpaceExA
SetEndOfFile
SetFileAttributesA
SetFilePointerEx
CloseHandle
GetLastError
DeviceIoControl
GetModuleFileNameA
WideCharToMultiByte
GetShortPathNameW
CreatePipe
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
CreateProcessW
GenerateConsoleCtrlEvent
TerminateThread
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemInfo
GetSystemTime
SetThreadExecutionState
ExitProcess
GetModuleHandleA
MulDiv
CopyFileA
SetConsoleCtrlHandler
GetConsoleWindow
FormatMessageW
LocalFree
MultiByteToWideChar
DuplicateHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
SystemTimeToFileTime
GetModuleHandleExW
InitializeSRWLock
LoadLibraryA
GetFileInformationByHandle
AcquireSRWLockExclusive
AcquireSRWLockShared
VirtualFree
SwitchToFiber
DeleteFiber
CreateFiberEx
GetSystemDirectoryA
GetEnvironmentVariableW
GetACP
GetFileType
WriteFile
GetModuleHandleW
ConvertFiberToThread
ConvertThreadToFiberEx
GetSystemTimeAsFileTime
LoadLibraryW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetFileAttributesA
GlobalMemoryStatus
DeleteFileA
FindFirstFileA
GetFullPathNameA
ReadFile
SetFilePointer
ResumeThread
ExitThread
CreateThread
DeleteFileW
SetStdHandle
MoveFileExW
GetFullPathNameW
RemoveDirectoryW
CreateDirectoryW
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
RtlUnwind
RaiseException
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
WriteConsoleW
GetCPInfo
GetStringTypeW
GetProcAddress
FreeLibrary
SetHandleInformation
FreeLibraryAndExitThread
ReleaseSRWLockExclusive
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
GetConsoleOutputCP
HeapFree
HeapReAlloc
HeapAlloc
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
GetTimeZoneInformation
GetFileAttributesExW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
GetDriveTypeW
ReleaseSRWLockShared
LCMapStringEx
DecodePointer
TryAcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitializeCriticalSectionEx
EncodePointer

user32

RegisterWindowMessageA
CharToOemBuffA
CharToOemA
DispatchMessageA
TranslateMessage
DefWindowProcA
PeekMessageA
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
LoadImageA
LoadIconA
LoadCursorA
GetWindowThreadProcessId
FindWindowA
SetWindowLongA
GetSysColorBrush
GetSysColor
GetCursorPos
SetCursor
MessageBoxA
ReleaseDC
GetDC
SetForegroundWindow
TrackPopupMenu
GetSubMenu
LoadMenuA
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItem
EndDialog
DialogBoxParamA
ShowWindow
CreateWindowExA
RegisterClassExA
InsertMenuItemA
PostMessageA

gdi32

SetBkColor
GetDeviceCaps
CreateFontA
SetTextColor

shell32

SHGetFolderPathA
SHParseDisplayName
ShellExecuteA
Shell_NotifyIconA
SHOpenFolderAndSelectItems

ole32

CoInitialize

advapi32

CryptDestroyKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyA
RegDeleteValueA
RegOpenKeyA
RegSetValueExA
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
RegCloseKey
CryptReleaseContext
CryptAcquireContextW
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
CloseServiceHandle

winmm

timeEndPeriod
timeBeginPeriod

bcrypt

BCryptGenRandom

Exports

Exports

_libiconv_version
iconv_canonicalize
libiconv
libiconv_close
libiconv_open
libiconv_open_into
libiconvctl
libiconvlist
locale_charset

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 301KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

982348d4e4a909e26a27ceef2ba4e187

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

ws2_32

kernel32

user32

gdi32

shell32

ole32

advapi32

winmm

bcrypt

Exports

Exports

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 37KB - Virtual size: 315KB

.rsrc Size: 301KB - Virtual size: 301KB

.reloc Size: 156KB - Virtual size: 156KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 37KB - Virtual size: 315KB

.rsrc
Size: 301KB - Virtual size: 301KB

.reloc
Size: 156KB - Virtual size: 156KB