2bb48af435839307a1c2a5bd84564570N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2bb48af435839307a1c2a5bd84564570N.exe
Size

180KB
MD5

2bb48af435839307a1c2a5bd84564570
SHA1

5b20a0bddfa2599d8a49c0f388539d9032ca080a
SHA256

356ba5cd0cfd5b32f4257c5632652325eafb4682b400a722183b32c07ceafcb0
SHA512

38ae5afe47566bc697006c174c943493fd18666470a9e7071676a1845792ff751aff4f12006268fea24b4fc8666c2b2c6af0eba9741337fe41d5a75ad8e59033
SSDEEP

3072:zz+eIyuIdZCByEh7DOaSh9I1IQ5eaaGF5WaaPT9rrc:3+odZCVwL9BQ5zF5OH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bb48af435839307a1c2a5bd84564570N.exe

Files

2bb48af435839307a1c2a5bd84564570N.exe
.exe windows:4 windows x86 arch:x86

aa89def2ffc76eb8fc0a464e2da062f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DefWindowProcW
PostQuitMessage
MessageBoxW
FindWindowW
DestroyWindow
DispatchMessageW
PostMessageW
SendMessageW
RegisterClassW
RegisterWindowMessageW
LoadIconW
CreateWindowExW
UnregisterClassW
GetMessageW
TranslateMessage

shell32

Shell_NotifyIconW

guilib

_ItEv_GetControlTooltip@20
_It_FreeEvent@4
_It_SendEvent@8
_It_Dup@4
_It_GetEventEx@12
_It_FreeConnection@4
_It_NewGroupConnection@20
_It_NewConnection@12

kernel32

GetOEMCP
FlushFileBuffers
Sleep
GetCurrentThreadId
CloseHandle
TerminateProcess
OpenProcess
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
GetModuleHandleW
GetVersion
GetCPInfo
GetACP
GetTickCount
SetLastError
VirtualProtect
FlushInstructionCache
GetCurrentProcess
LoadLibraryA
VirtualQuery
GetModuleHandleA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize
GetSystemInfo
GetCurrentProcessId
HeapFree
HeapAlloc
ExitThread
GetLastError
ResumeThread
CreateThread
GetStartupInfoA
GetCommandLineA
GetVersionExA
RtlUnwind
HeapDestroy
HeapCreate
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
WriteFile
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
ExitProcess
UnhandledExceptionFilter
InterlockedExchange
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
SetFilePointer
SetStdHandle

baselib

_TerminateVector@4
_InitializeVector@0
_GetElementInVectorAt@8
_AddElementInVector@8
_GetSize@4
_GetRuntimePath@0
snxprintfA
_CommandLineWinMain@24
_GetCommandLineArgument@8
_GetOption@12
_GetDisplayContextInfo@4
_SetDisplayContextInfo@4
_wcsfind@8
InvokeRPC
_GetModuleFromFunction@4
_GetCurrentCodePage@0
snxprintfW
_GetDestinationStringSize@12
_ConvertString@20
_wcsncopy@12

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa89def2ffc76eb8fc0a464e2da062f3

Headers

File Characteristics

Imports

user32

shell32

guilib

kernel32

baselib

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 116KB - Virtual size: 112KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 116KB - Virtual size: 112KB