Yefw234[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Yefw234.exe
Size

453KB
MD5

b9e46c667f5d1af5a16d5f8b151ea7d8
SHA1

d8238e5143346b6fe4dc141848b0a8775240f5a5
SHA256

37b0f48273318e6b321f859513b2cb482c30edc6553b6173263a4e7dd793cd04
SHA512

f38c645c5671d4cfd3e1f5d54c3cfbb7fcb63d7bd12ca6771fc1c9c12db0a8f2b39cf66a949275ffc90f0316c978e6f9e21735264e6e4dd1598341bcc70344ac
SSDEEP

6144:STtFo3+oXM/sY4txoczE4W/JjQ4FaNFjRD0/YclFF8Be1lRPUi1GP4VVkLg:3VMyXo1n/ZQEkF9DheFGPuqg

Score

1^/10

Malware Config

Signatures

Files

Yefw234.exe
.exe windows x64

f43e3d96694e782e6dec14abf8c80577

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

TransactNamedPipe
VirtualAlloc
GetProcAddress
LoadLibraryA
VirtualProtect
lstrlenA
CreateFileA
HeapAlloc
HeapSize
RtlUnwindEx
GetCommandLineA
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
EncodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
GetLastError
FlsAlloc
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
TerminateProcess
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
HeapFree
Sleep
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapReAlloc

mpr

WNetAddConnection2A

rpcrt4

UuidToStringA
UuidFromStringA

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 416KB - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f43e3d96694e782e6dec14abf8c80577

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mpr

rpcrt4

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 416KB - Virtual size: 420KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 504B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 416KB - Virtual size: 420KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 504B

.reloc
Size: 2KB - Virtual size: 1KB