2b7ce90f2289bc18c0c96cfa53d8811904bb83b9db59928f450890ea876284e8N

Sharing

Copy URL

Twitter E-mail

General

Target

2b7ce90f2289bc18c0c96cfa53d8811904bb83b9db59928f450890ea876284e8N
Size

1.3MB
MD5

e55c99998e1348b753be4581aa8a08d0
SHA1

773f6aa36a41dd41684d626df9606a62db339d2f
SHA256

2b7ce90f2289bc18c0c96cfa53d8811904bb83b9db59928f450890ea876284e8
SHA512

7dd0cddb21aa5b8f002e045d3ef9d8a3f08f868a943efe496223199a446864cd3f663f423615a9874a775ae1be559acc353ebda7ef2d725402886bc558fb2006
SSDEEP

24576:c2isj5/2Vqj/vmd7nh5vlT0fiqRnd2isj5/2Vqj/vmd7nh5vlT0fiqRn:c0EwvmxnnvlT0fignd0EwvmxnnvlT0fb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b7ce90f2289bc18c0c96cfa53d8811904bb83b9db59928f450890ea876284e8N

Files

2b7ce90f2289bc18c0c96cfa53d8811904bb83b9db59928f450890ea876284e8N
.exe windows:5 windows

074608fd3db67b7de07f19a5066aee65

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

URLDownloadToFileW

wininet

DeleteUrlCacheEntryW

ws2_32

sendto
recvfrom
accept
listen
ioctlsocket
freeaddrinfo
getaddrinfo
gethostname
WSACleanup
WSAStartup
getsockopt
closesocket
WSASetLastError
socket
send
select
__WSAFDIsSet
getpeername
WSAIoctl
connect
WSAGetLastError
htons
ntohs
getsockname
setsockopt
recv
bind

wldap32

ord32
ord200
ord35
ord50
ord22
ord143
ord41
ord26
ord60
ord30
ord79
ord33
ord27
ord301
ord211
ord46

kernel32

GetCurrentDirectoryW
GetFullPathNameA
SetStdHandle
FlushFileBuffers
RtlUnwind
GetConsoleMode
GetConsoleCP
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentProcessId
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
ExitProcess
GetLocaleInfoW
GetModuleHandleW
InterlockedIncrement
HeapCreate
RaiseException
GetFileAttributesW
GetComputerNameW
GetSystemDirectoryW
GetLastError
LocalFree
GetVolumeInformationW
VerSetConditionMask
VerifyVersionInfoW
WideCharToMultiByte
MultiByteToWideChar
GetTempFileNameW
WriteFile
ReadFile
CreateFileW
GetTempPathW
GetFileSizeEx
CloseHandle
DeleteFileW
SystemTimeToFileTime
InterlockedDecrement
CreateDirectoryW
Sleep
FileTimeToSystemTime
GetModuleFileNameW
MoveFileW
GetLocalTime
SleepEx
GetVersionExA
InitializeCriticalSection
LeaveCriticalSection
HeapSize
EnterCriticalSection
DeleteCriticalSection
GetTickCount
PeekNamedPipe
FreeLibrary
GetStdHandle
GetProcAddress
LoadLibraryA
GetFileType
WaitForMultipleObjects
ExpandEnvironmentStringsA
FormatMessageA
WaitForSingleObject
GetCurrentThreadId
InterlockedCompareExchange
CreateMutexA
ReleaseMutex
CreateMutexW
SetFilePointer
GetCurrentProcess
TerminateProcess
FindClose
GetSystemInfo
UnregisterWait
SetThreadPriority
OpenThread
RegisterWaitForSingleObject
ResumeThread
CreateThread
CreateFileA
HeapSetInformation
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryW
InterlockedExchange
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
GetTimeZoneInformation
CompareStringW
SetEnvironmentVariableA
GetDriveTypeW
SetEndOfFile
GetProcessHeap
GetCommandLineW
EncodePointer
HeapFree
SetLastError
FindFirstFileExA
GetDriveTypeA
ExitThread
GetFileInformationByHandle
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
HeapReAlloc
HeapAlloc
GetStartupInfoW
DecodePointer

advapi32

InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
CryptAcquireContextA
GetUserNameW
CryptHashData
ConvertSidToStringSidW
CryptDestroyHash
CryptCreateHash
LookupAccountNameW
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
SetSecurityDescriptorDacl

shell32

SHGetFolderPathW
ShellExecuteExW

ole32

CoInitialize
CoInitializeSecurity
CoUninitialize
CoTaskMemFree
CoCreateInstance

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

shlwapi

PathAppendW

Sections

.text
Size: 459KB - Virtual size: 458KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

074608fd3db67b7de07f19a5066aee65

Headers

DLL Characteristics

File Characteristics

Imports

urlmon

wininet

ws2_32

wldap32

kernel32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 459KB - Virtual size: 458KB

.rdata Size: 91KB - Virtual size: 90KB

.data Size: 12KB - Virtual size: 20KB

.rsrc Size: 52KB - Virtual size: 52KB

.reloc Size: 29KB - Virtual size: 29KB

.text
Size: 459KB - Virtual size: 458KB

.rdata
Size: 91KB - Virtual size: 90KB

.data
Size: 12KB - Virtual size: 20KB

.rsrc
Size: 52KB - Virtual size: 52KB

.reloc
Size: 29KB - Virtual size: 29KB