a2b2d858031727743c650403c03fefd814ad8caa1afd6dbeafdfb3972f303c74

Sharing

Copy URL

Twitter E-mail

General

Target

a2b2d858031727743c650403c03fefd814ad8caa1afd6dbeafdfb3972f303c74
Size

460KB
MD5

a9d8c33dc54b691bd59d06ecac221c50
SHA1

ab5b7f1f5a9b333b2600d74b2a888e4172413fcd
SHA256

a2b2d858031727743c650403c03fefd814ad8caa1afd6dbeafdfb3972f303c74
SHA512

f9cb414dbfdf23aed3cbd7b3fc21e96afc92a2f38d71e97d3d4335dcd65641988de784bfda03e3adce9aaf6d0dcf0f52ddec396cb2f66f16fd82c02b492a07e9
SSDEEP

6144:iYCR8Rz7Z4FCWmf71/p2pN/iI4pehF66OfGA:BK8Rz7pW62pF4pev66OL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2b2d858031727743c650403c03fefd814ad8caa1afd6dbeafdfb3972f303c74

Files

a2b2d858031727743c650403c03fefd814ad8caa1afd6dbeafdfb3972f303c74
.exe windows:5 windows x86 arch:x86

2bd3acee4f08a59f93ab911e0cec0ed4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cmd.pdb

Imports

msvcrt

_initterm
__getmainargs
__initenv
_cexit
_XcptFilter
_exit
_c_exit
calloc
_wcslwr
qsort
_vsnwprintf
wcsstr
_dup2
_dup
_open_osfhandle
_close
swscanf
_ultoa
_pipe
_seh_longjmp_unwind
_setmode
wcsncmp
iswxdigit
fflush
exit
_wtol
time
srand
_setjmp3
_wcsdup
__setusermatherr
_errno
iswalpha
malloc
free
printf
rand
swprintf
_iob
fprintf
towlower
realloc
setlocale
_snwprintf
wcscat
_wcsupr
wcsncpy
_wpopen
fgets
_pclose
memmove
wcschr
iswspace
_tell
longjmp
wcscmp
_wcsnicmp
_wcsicmp
wcstol
iswdigit
_getch
_get_osfhandle
_adjust_fdiv
__p__commode
__p__fmode
_controlfp
__set_app_type
wcsrchr
_except_handler3
wcscpy
wcslen
wcsspn
towupper

advapi32

GetSecurityDescriptorOwner
LookupAccountSidW
CreateProcessAsUserW
RegCreateKeyExW
RegSetValueExW
RegSetValueW
RegDeleteKeyW
RegOpenKeyW
RegDeleteValueW
RegEnumKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RevertToSelf
SaferIdentifyLevel
SaferComputeTokenFromLevel
SaferCloseLevel
ImpersonateLoggedOnUser
SaferRecordEventLogEntry
GetFileSecurityW

kernel32

RemoveDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
LoadLibraryExW
CopyFileW
SetFileAttributesW
SetEndOfFile
DeleteFileW
SetFileTime
CreateDirectoryW
FillConsoleOutputAttribute
SetConsoleTextAttribute
ScrollConsoleScreenBufferW
FormatMessageW
DuplicateHandle
FlushFileBuffers
HeapReAlloc
HeapSize
VirtualAlloc
VirtualFree
GetFileAttributesExW
LocalFree
GetDriveTypeW
InitializeCriticalSection
CompareFileTime
GetWindowsDirectoryW
GetConsoleTitleW
GetModuleFileNameW
GetVersion
EnterCriticalSection
LeaveCriticalSection
ExpandEnvironmentStringsW
SearchPathW
WriteFile
SetFilePointerEx
GetVolumeInformationW
MoveFileW
SetConsoleTitleW
MoveFileExW
GetFileAttributesW
NeedCurrentDirectoryForExePathW
GetBinaryTypeW
GetCurrentThreadId
CreateProcessW
LoadLibraryW
ReadProcessMemory
SetLastError
SetErrorMode
GetConsoleMode
SetConsoleMode
SetEnvironmentStringsW
SetEnvironmentVariableW
GetDiskFreeSpaceExW
ResumeThread
SetProcessAffinityMask
GetSystemInfo
GetThreadLocale
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CmdBatNotification
GetVDMCurrentDirectories
LocalAlloc
FreeLibrary
InterlockedExchange
LoadLibraryA
SetConsoleCtrlHandler
ReadConsoleW
GetLastError
CloseHandle
SetFilePointer
SetThreadLocale
GetProcAddress
GetModuleHandleW
lstrcmpW
lstrcmpiW
HeapAlloc
GetProcessHeap
HeapFree
MultiByteToWideChar
ReadFile
WriteConsoleW
FillConsoleOutputCharacterW
SetConsoleCursorPosition
RaiseException
GetConsoleScreenBufferInfo
GetStdHandle
GetFileType
VirtualQuery
FlushConsoleInputBuffer
GetCPInfo
GetConsoleOutputCP
WideCharToMultiByte
GetFileSize
CreateFileW
FindClose
FindNextFileW
FindFirstFileW
GetFullPathNameW
GetUserDefaultLCID
GetLocaleInfoW
SetLocalTime
SystemTimeToFileTime
GetSystemTime
FileTimeToSystemTime
GetDateFormatW
FileTimeToLocalFileTime
GetTimeFormatW
GetLocalTime
GetCommandLineW
GetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW

user32

GetUserObjectInformationW
GetThreadDesktop
MessageBeep
GetProcessWindowStation

mpr

WNetCancelConnection2W
WNetGetConnectionW
WNetAddConnection2W

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 113KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 218KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2bd3acee4f08a59f93ab911e0cec0ed4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

user32

mpr

Sections

.text Size: 127KB - Virtual size: 126KB

.data Size: 113KB - Virtual size: 114KB

.rsrc Size: 218KB - Virtual size: 250KB

.text
Size: 127KB - Virtual size: 126KB

.data
Size: 113KB - Virtual size: 114KB

.rsrc
Size: 218KB - Virtual size: 250KB