md2_2efs[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

md2_2efs.exe
Size

1.4MB
MD5

ffceece2e297cf5769a35bf387c310ef
SHA1

2758f2f99b2b741e4c85d0808952cf1c0ca13be7
SHA256

708542577a656b24962e07bfb4b958a57a7e916475bd99beaed79f91c71504f3
SHA512

ecd0de3eb036d6fe62a08b84dd16a533ab3f0310877d17e998be9fa5c503ce647f9a0db8fe7d44caef298a92681ffc8ded7818a88fe0c67ef2d879f8a53fcb5f
SSDEEP

24576:ZEl3CiZjrmmDzA+uWtcqa4J1Fy529Esn9bsO4nTb3sKnhrwvQYV:GD2mQWcqnbsjf39hrwvQYV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
md2_2efs.exe

Files

md2_2efs.exe
.exe windows:6 windows x86 arch:x86

dd175e44f28473d860d455767e1f60b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
SizeofResource
GetVolumeInformationW
GetCurrentProcess
WriteFile
OutputDebugStringA
GetModuleFileNameW
CreateMutexW
WaitForSingleObject
CreateFileW
GetSystemDirectoryW
OutputDebugStringW
TerminateThread
LockResource
DeleteFileW
CloseHandle
CreateThread
FindResourceExW
LoadResource
FindResourceW
GetFileSize
GetCurrentProcessId
GetModuleHandleW
CopyFileW
VirtualQuery
GetExitCodeThread
Sleep
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
SetEndOfFile
GetTickCount
TerminateProcess
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
GetFullPathNameW
GetDiskFreeSpaceW
LockFile
InitializeCriticalSection
GetFullPathNameA
UnlockFileEx
GetTempPathW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
ReadFile
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
FlushViewOfFile
CreateFileA
WaitForSingleObjectEx
DeleteFileA
GetSystemInfo
LoadLibraryW
HeapCompact
UnlockFile
LocalFree
LockFileEx
SystemTimeToFileTime
FreeLibrary
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
FlushFileBuffers
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
GetModuleHandleA
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
CreateDirectoryW
MultiByteToWideChar
GetProcAddress
LoadLibraryA
GetPrivateProfileStringW
GetProcessHeap
DeleteCriticalSection
HeapFree
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
GetTempPathA
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileSizeEx
GetConsoleCP
GetFileType
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetStdHandle
GetTimeZoneInformation
FreeLibraryAndExitThread
ExitThread
GetModuleHandleExW
GetStringTypeW
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
QueryPerformanceFrequency
GetCurrentThread
GetThreadTimes
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
ExitProcess

user32

GetDesktopWindow
wsprintfA
MessageBoxW

shell32

SHGetSpecialFolderPathW

ole32

OleRun
CoCreateInstance
CoInitializeEx

oleaut32

VariantClear
SafeArrayCreate
VariantCopy
SafeArrayPutElement
SysAllocString
SysFreeString
VariantInit
GetErrorInfo

ws2_32

WSAStartup

shlwapi

PathFileExistsW

esent

JetCloseTable
JetMove
JetBeginSessionA
JetRetrieveColumn
JetEndSession
JetSetSystemParameterA
JetDBUtilitiesW
JetOpenDatabaseA
JetCloseDatabase
JetAttachDatabaseA
JetInit
JetTerm
JetCreateInstanceA
JetGetColumnInfoA
JetOpenTableA
JetDetachDatabaseA

winhttp

WinHttpCloseHandle
WinHttpQueryAuthSchemes
WinHttpConnect
WinHttpSetStatusCallback
WinHttpSetOption
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpCrackUrl
WinHttpSetCredentials
WinHttpSendRequest
WinHttpWriteData
WinHttpOpen

quartz

AMGetErrorTextW

Sections

%'vZAcOr
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

jtSPCNg$
Size: 181KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

mdoCQ+ga
Size: 22KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dRxQ*NHI
Size: 179KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Y> S<K0m
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd175e44f28473d860d455767e1f60b6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

oleaut32

ws2_32

shlwapi

esent

winhttp

quartz

Sections

%'vZAcOr Size: 1.0MB - Virtual size: 1.0MB

jtSPCNg$ Size: 181KB - Virtual size: 184KB

mdoCQ+ga Size: 22KB - Virtual size: 36KB

dRxQ*NHI Size: 179KB - Virtual size: 180KB

Y> S<K0m Size: 45KB - Virtual size: 48KB

%'vZAcOr
Size: 1.0MB - Virtual size: 1.0MB

jtSPCNg$
Size: 181KB - Virtual size: 184KB

mdoCQ+ga
Size: 22KB - Virtual size: 36KB

dRxQ*NHI
Size: 179KB - Virtual size: 180KB

Y> S<K0m
Size: 45KB - Virtual size: 48KB