2b122b2c91d15138155f86f73142e9e0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2b122b2c91d15138155f86f73142e9e0.exe
Size

1.5MB
MD5

2b122b2c91d15138155f86f73142e9e0
SHA1

aee436076e9881451cf579730b6b2c6d09fb3763
SHA256

2df9bcfb70aa696193dd0b42b558d9851a959521ba3ef0a9f50addee7315e4af
SHA512

84af9301f58ff8403cb7531736dd2c3456d7d729ea84a0c42286394665428e21054f00f512a340493c9c408695a315b730c1071c3e0b2259b91ff09ea4cf610b
SSDEEP

24576:aSEmYD6gjGPG45QVDkfXplyTy5dCN/j2GLl3iFSE33b9:a5mYD6g2GWQVQf3yThN/j2U4FH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b122b2c91d15138155f86f73142e9e0.exe

Files

2b122b2c91d15138155f86f73142e9e0.exe
.exe windows:10 windows x64 arch:x64

a08e847309c757a892d0d0a5273bcb4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WMPNetwk.pdb

Imports

advapi32

EventRegister
EventUnregister
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
EventWriteTransfer
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegCloseKey
CreateServiceW
RegOpenKeyExW
ChangeServiceConfig2W
QueryServiceStatusEx
ControlService
DeleteService
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
CopySid
GetLengthSid
IsValidSid
InitializeAcl
AddAce
GetAclInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorControl
MakeAbsoluteSD
InitializeSecurityDescriptor
GetNamedSecurityInfoW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegNotifyChangeKeyValue
ConvertStringSidToSidW
RegCreateKeyExW
RegSetKeySecurity
RegEnumKeyExW
RegGetValueW
EventWriteEx
SetSecurityInfo
GetSecurityInfo
SetSecurityDescriptorControl
GetAce
EqualSid
StartServiceW
ChangeServiceConfigW
LookupAccountSidW

kernel32

GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
CompareStringOrdinal
SetProcessWorkingSetSize
ResetEvent
IsWow64Process
lstrcmpW
PowerClearRequest
DeleteTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueue
ChangeTimerQueueTimer
CreateTimerQueueTimer
FindResourceW
CompareStringA
GetFullPathNameW
MultiByteToWideChar
MulDiv
RegisterWaitForSingleObject
UnregisterWaitEx
FormatMessageW
GetProcessHeap
HeapFree
CreateThread
WaitForMultipleObjects
GetStringTypeExW
lstrcmpiW
GetComputerNameW
GetDynamicTimeZoneInformation
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesExW
TzSpecificLocalTimeToSystemTime
GetCurrentThreadId
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
WideCharToMultiByte
DelayLoadFailureHook
ResolveDelayLoadedAPI
PowerSetRequest
GetTickCount64
WaitForSingleObject
CreateEventW
GetTickCount
Sleep
PowerCreateRequest
SetLastError
GetLastError
SetEvent
OpenEventW
RegDeleteKeyExW
RegQueryInfoKeyW
RegGetKeySecurity
OutputDebugStringA
GetModuleHandleW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
LocalFree
CompareStringW
FindResourceExW
LoadResource
LockResource
SizeofResource
HeapSetInformation
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
RaiseException
GetModuleFileNameW

msvcrt

_ui64tow_s
_ltow_s
_XcptFilter
memmove
memcpy
_CxxThrowException
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
_i64tow_s
_amsg_exit
__wgetmainargs
__set_app_type
exit
__dllonexit
?what@exception@@UEBAPEBDXZ
ceil
floor
memcmp
_onexit
wcsrchr
realloc
??1type_info@@UEAA@XZ
memset
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
_initterm
__setusermatherr
_cexit
_callnewh
_strlwr_s
strncmp
_ultoa_s
_ultow_s
_wtol
_wtoi
qsort_s
_wcsicmp
_vsnwprintf
swscanf
wcsstr
wcstol
_wcslwr_s
_wcsnicmp
wcsncmp
iswdigit
towupper
_wcstoui64
wcstoul
_errno
_purecall
calloc
malloc
wcscpy_s
free
_wputenv
memmove_s
memcpy_s
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler3
??3@YAXPEAX@Z
_exit
??0exception@@QEAA@AEBQEBDH@Z
strchr
wcscmp

user32

UnregisterPowerSettingNotification
DispatchMessageW
wvsprintfW
MsgWaitForMultipleObjectsEx
CharUpperW
PeekMessageW
CharUpperBuffW
UnregisterClassA
RegisterPowerSettingNotification

oleaut32

SysFreeString
SysAllocString
LoadTypeLi
SysStringLen
UnRegisterTypeLi
LoadRegTypeLi
SysAllocStringLen
VariantInit
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayUnlock
SafeArrayPtrOfIndex
SafeArrayLock
SetErrorInfo
CreateErrorInfo
SafeArrayCopy
SafeArrayCreate
SafeArrayDestroy
VariantClear
RegisterTypeLi

ole32

CoSetProxyBlanket
StringFromGUID2
CoCreateGuid
CLSIDFromProgID
IIDFromString
CoTaskMemFree
CoUnmarshalInterface
CoReleaseMarshalData
CoMarshalInterface
CreateStreamOnHGlobal
PropVariantClear
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemAlloc

wsock32

WSAGetLastError

iphlpapi

SendARP
GetIpNetEntry2
CancelIPChangeNotify
ResolveIpNetEntry2
GetIpAddrTable
GetBestInterfaceEx
GetAdaptersAddresses
NotifyIpInterfaceChange
NotifyAddrChange
CancelMibChangeNotify2

shlwapi

PathCreateFromUrlW
PathFindExtensionW
PathFindFileNameW
ord168
ord219
PathRemoveExtensionW
StrChrW

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtQueryKey
NtDeleteKey

userenv

UnregisterGPNotification
RegisterGPNotification

netapi32

NetApiBufferFree
NetShareGetInfo

propsys

PropVariantToStringAlloc
PSGetPropertyDescriptionByName
InitPropVariantFromCLSID
PSGetPropertyKeyFromName
PropVariantToString

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 672KB - Virtual size: 672KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a08e847309c757a892d0d0a5273bcb4c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

user32

oleaut32

ole32

wsock32

iphlpapi

shlwapi

ntdll

userenv

netapi32

propsys

api-ms-win-core-apiquery-l1-1-0

Sections

.text Size: 672KB - Virtual size: 672KB

.rdata Size: 151KB - Virtual size: 151KB

.data Size: 14KB - Virtual size: 22KB

.pdata Size: 20KB - Virtual size: 19KB

.didat Size: 512B - Virtual size: 264B

.rsrc Size: 71KB - Virtual size: 70KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 672KB - Virtual size: 672KB

.rdata
Size: 151KB - Virtual size: 151KB

.data
Size: 14KB - Virtual size: 22KB

.pdata
Size: 20KB - Virtual size: 19KB

.didat
Size: 512B - Virtual size: 264B

.rsrc
Size: 71KB - Virtual size: 70KB

.reloc
Size: 568KB - Virtual size: 572KB