2b5f9518f3ac2431f4f25b5036485c32c3e3878efd47c5bab5a08e4f15d113a1[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2b5f9518f3ac2431f4f25b5036485c32c3e3878efd47c5bab5a08e4f15d113a1.exe
Size

1.1MB
MD5

1259b76f19f4b4e363538d004e195a00
SHA1

800c3c3798d670cb5476ee79a7170ee68cde7e34
SHA256

2b5f9518f3ac2431f4f25b5036485c32c3e3878efd47c5bab5a08e4f15d113a1
SHA512

cce76e089a5bfa73457d1a0f6025c791508e81a829c0574baaa9b1b6edb110f9004d1564e7e08f1ae16a6f200df2db49e08f8548a08d14bb301ff8143e9a6877
SSDEEP

24576:cyGmXEzuqhW7PyoidPy+Wf8VRlxUDl8MzKP8xv:1WsPyFbWf8VRj8k+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b5f9518f3ac2431f4f25b5036485c32c3e3878efd47c5bab5a08e4f15d113a1.exe

Files

2b5f9518f3ac2431f4f25b5036485c32c3e3878efd47c5bab5a08e4f15d113a1.exe
.exe windows:5 windows x86 arch:x86

f96c40a4fb8d9bde39f2de8072e6b272

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
ReleaseSemaphore
SetUnhandledExceptionFilter
FormatMessageW
CreateMutexW
WriteFile
CreateSemaphoreW
GetVersionExW
OpenProcess
WideCharToMultiByte
WinExec
CreateProcessA
GetQueuedCompletionStatus
WaitNamedPipeW
CreateIoCompletionPort
CreateNamedPipeW
ConnectNamedPipe
ReadFile
GetCurrentDirectoryW
GetFullPathNameA
FindFirstFileExA
GetDriveTypeA
FindClose
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
ExpandEnvironmentStringsA
FreeLibrary
PeekNamedPipe
SleepEx
lstrcmpiW
InterlockedIncrement
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
CreateFileW
GetCurrentThreadId
GetCurrentProcessId
SetEnvironmentVariableA
SetEndOfFile
CreatePipe
GetFileAttributesA
CompareStringW
LoadLibraryW
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
CreateFileA
WriteConsoleW
SetStdHandle
IsValidCodePage
GetOEMCP
GetACP
GetTimeZoneInformation
GetTickCount
QueryPerformanceCounter
GetFileType
WaitForMultipleObjects
SetLastError
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
GetStdHandle
HeapCreate
IsDebuggerPresent
UnhandledExceptionFilter
LCMapStringW
CreateThread
ExitThread
CloseHandle
lstrlenW
InterlockedDecrement
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
DuplicateHandle
GetDateFormatA
GetTimeFormatA
MoveFileA
DeleteFileA
ExitProcess
SetFilePointer
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetStartupInfoW
EnterCriticalSection
RaiseException
HeapSetInformation
GetCommandLineW
CreateEventW
SetEvent
InitializeCriticalSection
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
HeapFree
HeapAlloc
GetProcessHeap
lstrcmpW
Sleep
GetModuleFileNameA
FormatMessageA
LoadLibraryA
VirtualAlloc
VirtualFree
TryEnterCriticalSection
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
CreateEventA
PulseEvent
LocalFree
GetCPInfo
ConvertThreadToFiber
SwitchToFiber
ConvertFiberToThread
DeleteFiber
CreateFiberEx
InterlockedCompareExchange
InterlockedPushEntrySList
IsProcessorFeaturePresent
InterlockedPopEntrySList
HeapDestroy
HeapReAlloc
HeapSize
InterlockedExchange
EncodePointer
DecodePointer
RtlUnwind
GetDriveTypeW

user32

TranslateMessage
GetMessageW
PeekMessageW
CharNextW
DispatchMessageW
LoadStringW
SetWindowLongW
SendMessageA
GetWindowThreadProcessId
FindWindowW
OpenIcon
MessageBoxW
DefWindowProcW
GetCursorPos
SetForegroundWindow
GetSubMenu
TrackPopupMenu
PostQuitMessage
SendMessageW
MonitorFromPoint
DestroyMenu
EnableMenuItem
UnregisterClassA
DestroyWindow
CreateDialogParamW
RegisterWindowMessageW
LoadMenuW
LoadIconW
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
GetClientRect
MapWindowPoints
SetWindowPos
GetDlgItem
GetParent
GetWindowLongW
IsIconic
ShowWindow
SetTimer

shell32

Shell_NotifyIconW

ole32

CoSetProxyBlanket
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeSecurity
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VarUI4FromStr

advapi32

OpenProcessToken
CryptAcquireContextW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
CloseServiceHandle
OpenSCManagerW
ControlService
QueryServiceStatus
OpenServiceW
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptReleaseContext
CryptGenRandom

rasapi32

RasDialW
RasGetConnectStatusW
RasEnumConnectionsW
RasHangUpW
RasGetEntryPropertiesW
RasSetEntryPropertiesW
RasGetErrorStringW
RasSetEntryDialParamsW
RasGetErrorStringA

comctl32

InitCommonControlsEx

dbghelp

MiniDumpWriteDump

ws2_32

recv
send
getsockname
ntohs
bind
htons
getsockopt
getpeername
setsockopt
connect
socket
WSASetLastError
gethostbyname
sendto
recvfrom
accept
listen
__WSAFDIsSet
select
ioctlsocket
WSAGetLastError
closesocket
WSAStartup
WSACleanup

Sections

.text
Size: 571KB - Virtual size: 571KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 363KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f96c40a4fb8d9bde39f2de8072e6b272

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

oleaut32

advapi32

rasapi32

comctl32

dbghelp

ws2_32

Sections

.text Size: 571KB - Virtual size: 571KB

.rdata Size: 146KB - Virtual size: 146KB

.data Size: 19KB - Virtual size: 28KB

.rsrc Size: 363KB - Virtual size: 362KB

.reloc Size: 47KB - Virtual size: 46KB

.text
Size: 571KB - Virtual size: 571KB

.rdata
Size: 146KB - Virtual size: 146KB

.data
Size: 19KB - Virtual size: 28KB

.rsrc
Size: 363KB - Virtual size: 362KB

.reloc
Size: 47KB - Virtual size: 46KB