7861884e251abfea2352809684eda7dc3a35d84cb7c5f2835c8d8872c267bd80

Sharing

Copy URL Twitter E-mail

General

Target

7861884e251abfea2352809684eda7dc3a35d84cb7c5f2835c8d8872c267bd80
Size

3.2MB
MD5

acb1fe2e525ce9feba08332dfebcd70c
SHA1

a822646a3a0c3aefcbedb085451cad8310500219
SHA256

7861884e251abfea2352809684eda7dc3a35d84cb7c5f2835c8d8872c267bd80
SHA512

a44eeba43861f821a405a9355d0d96b94940bcdc7c693fe6e0381b2cdcbfa28c6f0588a6a4bbcc35b8fd69772c3e386d48935bd34fe5fb7d5815def250b655eb
SSDEEP

49152:y8U6jDXnkFc2b8jkpBQgSzFIN6f8H+fJ93MpdBsIo8nPgaYfY6FH6:a6HkFcjwDb9afimauY6F6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7861884e251abfea2352809684eda7dc3a35d84cb7c5f2835c8d8872c267bd80

Files

7861884e251abfea2352809684eda7dc3a35d84cb7c5f2835c8d8872c267bd80
.exe windows:4 windows x86 arch:x86

4648a79e2ae0d7dd407b33204827334c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

i:\2345safe511\Bin\release\pdb\2345SafeSetup.pdb

Imports

kernel32

SetFileAttributesW
GetLongPathNameW
CreateFileW
SetFilePointer
SetEndOfFile
WriteFile
GetFileSize
ReadFile
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
Sleep
GetTickCount
WaitForMultipleObjects
GetCurrentProcessId
LocalFree
OpenProcess
CreateToolhelp32Snapshot
GetCurrentProcess
Process32FirstW
Process32NextW
TerminateProcess
GlobalFree
GlobalAlloc
GetUserDefaultLangID
GetVersionExW
SetLastError
GetComputerNameW
InterlockedDecrement
InterlockedExchangeAdd
CreateEventW
SetEvent
lstrlenA
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapReAlloc
VirtualAlloc
GetTimeZoneInformation
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
QueryPerformanceCounter
VirtualFree
MoveFileExW
GetTempFileNameW
GetWindowsDirectoryW
GetFullPathNameW
lstrlenW
GetTempPathW
MoveFileW
MultiByteToWideChar
GetACP
WideCharToMultiByte
DeleteFileW
GetModuleHandleW
LoadLibraryW
CreateDirectoryW
FreeLibrary
GetFileAttributesW
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetLastError
FreeResource
SizeofResource
GetModuleFileNameW
LoadResource
FindResourceW
LockResource
GetProcAddress
LoadLibraryA
DeviceIoControl
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
GetConsoleMode
GetConsoleCP
ExitProcess
HeapSize
GetCurrentThreadId
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
GetStartupInfoA
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter

user32

GetPropW
SetWindowPos
GetMonitorInfoW
GetClientRect
DefWindowProcW
CreateWindowExW
IsWindow
MapWindowPoints
SetCursor
MonitorFromWindow
DestroyWindow
DispatchMessageW
ShowWindow
GetWindowLongW
GetMessageW
GetDC
GetDesktopWindow
GetParent
SetPropW
TranslateMessage
GetCursorPos
LoadImageW
LoadCursorW
SetTimer
UnregisterClassW
ScreenToClient
GetWindowRect
SystemParametersInfoW
LoadIconW
BeginPaint
RegisterClassW
GetWindow
EndPaint
GetSystemMetrics

gdi32

CreateCompatibleDC
GetObjectW
DeleteObject
SelectObject
BitBlt
DeleteDC

advapi32

ControlService
RegEnumKeyW
RegQueryInfoKeyW
GetUserNameW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenServiceW
QueryServiceStatusEx
CloseServiceHandle
StartServiceW
OpenSCManagerW
CreateServiceW
ChangeServiceConfig2W
DeleteService

shell32

ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoUninitialize
OleUninitialize
OleInitialize
CoInitializeSecurity
CoTaskMemFree
CoCreateInstance

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

HttpOpenRequestW
InternetWriteFile
InternetConnectW
InternetCrackUrlW
InternetReadFile
InternetOpenW
HttpEndRequestW
InternetSetOptionW
HttpQueryInfoW
InternetCloseHandle
HttpSendRequestExW

Sections

.text
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4648a79e2ae0d7dd407b33204827334c

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

version

wininet

Sections

.text Size: 268KB - Virtual size: 267KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 7KB - Virtual size: 14KB

.rsrc Size: 5.2MB - Virtual size: 5.2MB

.text
Size: 268KB - Virtual size: 267KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 5.2MB - Virtual size: 5.2MB