2bf7b6c1c2013a1c6650ae166a69ee045c20cd4926a058d7d402b6e1f28fe324N | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2bf7b6c1c2013a1c6650ae166a69ee045c20cd4926a058d7d402b6e1f28fe324N
Size

175KB
MD5

21f94fe1c5ab0446e911a62394e5e890
SHA1

ab45464cd12e2a1e28e79a4b73da4b59f18b9e9f
SHA256

2bf7b6c1c2013a1c6650ae166a69ee045c20cd4926a058d7d402b6e1f28fe324
SHA512

b03990ceaa671c7075864ba065022a8d73975494baf408cbad486ec73326ee7cd9d79b5400574fd3e9fbccdf80de89235419ded4e23399aaa2a6650af3ece79f
SSDEEP

3072:/niR2ZSehz9MZD2IRsmbOBwFaaNjiYv5aZ9npyDGzMQcim3sxHgec:/njZSWMZ9soowFaKj/vgZqDeMQdge

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bf7b6c1c2013a1c6650ae166a69ee045c20cd4926a058d7d402b6e1f28fe324N

Files

2bf7b6c1c2013a1c6650ae166a69ee045c20cd4926a058d7d402b6e1f28fe324N
.exe windows:4 windows x86 arch:x86

f2067b750ca6bce04b4e8df63237bcf2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
ReadFile
GetCalendarInfoW
HeapSize
HeapDestroy
VirtualAlloc
HeapCreate
InitializeCriticalSection
RtlUnwind
RaiseException
GetCPInfo
SetFilePointer
EnumResourceNamesA
GetStartupInfoA
FreeEnvironmentStringsA
EnterCriticalSection
HeapReAlloc
GetOEMCP
ExitProcess
VirtualFree
IsValidCodePage
GetACP
SetEndOfFile
LeaveCriticalSection
SetEnvironmentVariableA

ole32

CoGetMalloc
CoTaskMemFree
CoQueryProxyBlanket
CoCreateInstance
CoUninitialize
CoSetProxyBlanket
CoInitializeEx
CoInitializeSecurity
StringFromGUID2

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

shell32

SHGetFolderPathW

rpcrt4

UuidCreate

user32

SendMessageA
IsWindow
GetDlgItem
DestroyWindow
EnumChildWindows
CreateWindowExW
GetWindowThreadProcessId

newdev

UpdateDriverForPlugAndPlayDevicesW

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ