2a301d8ca37527f7a2709317e956d014e521b3d32be2ce8c8d2260190460b027

Sharing

Copy URL Twitter E-mail

General

Target

2a301d8ca37527f7a2709317e956d014e521b3d32be2ce8c8d2260190460b027
Size

2.7MB
MD5

e6bf911b463e93838d2446228d8bf6b0
SHA1

c10c3f4114a70533e8fea2c27d9c25e62c9d08dd
SHA256

2a301d8ca37527f7a2709317e956d014e521b3d32be2ce8c8d2260190460b027
SHA512

1c01f8a5d70da2fe19d667fee50fb7aeb8702f96b6f099fe10774139d5206b619e6f6f57590cd3bb2c99da12391ad45e14613f650c65f18b63d7da844d949ecf
SSDEEP

49152:W2gWECCA4Bte6e9N60oVr0WJ+RdJUt32kHQyx4m7vuzYTUD8XOdjDKdefVU:W2gDCSte6UsDoZR/U928QyxdCYTFaNV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a301d8ca37527f7a2709317e956d014e521b3d32be2ce8c8d2260190460b027

Files

2a301d8ca37527f7a2709317e956d014e521b3d32be2ce8c8d2260190460b027
.exe windows:6 windows x86 arch:x86

ec1705b6ad330f25047022c193a20ab8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualQueryEx
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetSystemTimeAsFileTime
CreateProcessW
CopyFileW
SetEndOfFile
GetDateFormatW
GetModuleHandleW
CreateThread
SetEvent
Sleep
CreateEventW
GetExitCodeProcess
WaitForSingleObject
GetCurrentProcess
GetCurrentThread
GetVersionExW
GetProcessHeap
MapViewOfFile
CreateFileMappingW
DecodePointer
WriteConsoleW
HeapSize
GetTimeZoneInformation
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
SystemTimeToFileTime
ReadProcessMemory
SetStdHandle
GetConsoleOutputCP
FlushFileBuffers
LCMapStringW
CompareStringW
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
SetConsoleCtrlHandler
GetCommandLineW
GetCommandLineA
LoadLibraryExW
EncodePointer
RaiseException
FindResourceW
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
LoadLibraryA
FreeLibrary
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
VirtualAlloc
TerminateProcess
K32GetProcessImageFileNameW
GetVersionExA
ExpandEnvironmentStringsA
GetComputerNameA
GetCurrentThreadId
ExitProcess
IsDebuggerPresent
GetSystemTime
GetFullPathNameW
GetCurrentProcessId
DuplicateHandle
OpenProcess
OpenFileMappingW
GetLongPathNameW
SizeofResource
LockResource
GetCurrentDirectoryW
GetSystemInfo
GetFileSizeEx
MoveFileExW
GetFileSize
GetFileInformationByHandle
HeapAlloc
SetFilePointer
GetTickCount
GetProcAddress
LoadLibraryW
SetFilePointerEx
CompareFileTime
FindClose
FindNextFileW
FindFirstFileW
ExpandEnvironmentStringsW
GetFileAttributesW
DeleteFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
WriteFile
CloseHandle
UnmapViewOfFile
WideCharToMultiByte
GetLocalTime
OutputDebugStringW
MultiByteToWideChar
CreateFileW
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReadFile
GetLastError
HeapFree
DeleteFiber
SwitchToFiber
QueryPerformanceCounter
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetFileType
GetEnvironmentVariableW
GetStdHandle
LoadResource
SetFileAttributesW
FormatMessageW
GetSystemDirectoryW
GetTempPathW
GetComputerNameW
GetDriveTypeW
RtlUnwind
GetLogicalDrives
SetLastError
HeapReAlloc
FindFirstFileExW

user32

ReleaseDC
SetWindowPos
LoadIconW
SetWindowTextW
GetClientRect
LoadImageW
ClientToScreen
GetParent
SetWindowLongW
SetClassLongW
GetWindowLongW
GetFocus
GetWindowThreadProcessId
PostMessageW
DrawTextExW
KillTimer
ShowWindow
GetProcessWindowStation
GetUserObjectInformationW
DialogBoxParamW
EndDialog
EnumWindows
CharUpperA
GetDC
GetDlgItem
GetWindowTextW
GetClassNameW
CharLowerBuffW
MessageBoxW
IsCharAlphaNumericW
SetFocus
GetWindowRect
CharUpperBuffW
SystemParametersInfoW
IsCharAlphaW
SetDlgItemTextW
GetDlgCtrlID
MoveWindow
FindWindowW
CheckDlgButton
CreateCursor
LoadCursorW
FillRect
GetWindow
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
IsWindow
GetDesktopWindow
GetAsyncKeyState
EnableWindow
GetSystemMetrics
GetWindowTextLengthW
SetTimer
IsDlgButtonChecked
InvalidateRect
CallWindowProcW
DestroyIcon
SetCursor
LoadStringW
IsWindowVisible
GetDlgItemTextW
SendMessageW

gdi32

SetBkMode
TextOutW
SetTextColor
GetStockObject
GetTextExtentPoint32W
DeleteObject
GetObjectW
SelectObject
CreateFontIndirectW
GetDeviceCaps

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

GetUserNameW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CloseEventLog
ReadEventLogW
OpenEventLogW
CryptAcquireContextW
RegQueryValueExA
GetUserNameA
GetCurrentHwProfileW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegSetValueExW
RegDeleteValueW
GetTokenInformation
FreeSid
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
DuplicateToken
OpenProcessToken
OpenThreadToken
RegQueryValueExW
RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW
CryptDecrypt
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptEnumProvidersW

shell32

SHBrowseForFolderW
DragAcceptFiles
DragQueryFileW
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetFolderPathA
SHGetPathFromIDListW
SHGetFileInfoW
SHGetMalloc
SHGetFolderPathW
ShellExecuteW

ole32

CoCreateInstance
CLSIDFromProgID
CoGetClassObject
CoInitialize

oleaut32

SysFreeString
SysAllocString

ntdll

NtEnumerateValueKey
NtSetInformationFile

comctl32

PropertySheetW
ord17
CreatePropertySheetPageW

shlwapi

PathFindFileNameW

crypt32

CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CertOpenStore

ws2_32

socket
setsockopt
connect
closesocket
WSASetLastError
send
recv
getnameinfo
freeaddrinfo
getaddrinfo
WSAGetLastError
WSACleanup
WSAStartup
ntohs
getsockopt
ioctlsocket
shutdown

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

mpr

WNetOpenEnumW
WNetCloseEnum
WNetEnumResourceW

bcrypt

BCryptGenRandom

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gcode
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 596KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 159KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec1705b6ad330f25047022c193a20ab8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

ntdll

comctl32

shlwapi

crypt32

ws2_32

version

mpr

bcrypt

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.gcode Size: 5KB - Virtual size: 4KB

.rdata Size: 596KB - Virtual size: 596KB

.data Size: 159KB - Virtual size: 176KB

.gdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 288KB - Virtual size: 287KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.gcode
Size: 5KB - Virtual size: 4KB

.rdata
Size: 596KB - Virtual size: 596KB

.data
Size: 159KB - Virtual size: 176KB

.gdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 288KB - Virtual size: 287KB