Workstation426b[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Workstation426b.exe
Size

7.7MB
MD5

f9e36eab14a8a107a3f1bb94c0b41c55
SHA1

a410692becec4e1f49adfd1b390397d60ae9209f
SHA256

e81efd345a0c7878e0435451a782c68537f61903a923f7c7081f5c6a5a3bad6b
SHA512

47369e29e70f96ee19347e4872805cab732e4d19370dad120cf4c498e8d20fba563fe01776263fa15e689e523218f9678f2c5a7af128e2967d6c1ae1fc842e87
SSDEEP

196608:77vOaw93gYMkRuchrHnFEGqxXoS1Luxdfu7LYQMzPSY:77DwzMALFEGq+S8dUiPn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Workstation426b.exe

Files

Workstation426b.exe
.exe windows x86

cc000e0a56358759c95f653af1246259

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesA
RemoveDirectoryA
SetEndOfFile
SetFilePointer
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
GetWindowsDirectoryA
MoveFileExA
GlobalFree
GlobalUnlock
GlobalHandle
_lclose
_llseek
_lread
_lopen
GlobalLock
GlobalAlloc
GlobalMemoryStatus
GetVersion
GetModuleFileNameA
WriteFile
GetSystemTime
CreateProcessA
LocalFree
ExitProcess
FormatMessageA
DeleteFileA
GetModuleHandleA
GetVolumeInformationA
FindNextFileA
GetTickCount
WideCharToMultiByte
WaitForSingleObject
GetLongPathNameA
GetTempPathA
GetCommandLineA
CopyFileA
GetFileAttributesA
LoadLibraryExA
GetSystemDirectoryA
SetErrorMode
MultiByteToWideChar
GetLocalTime
lstrlenA
CreateFileW
ReadFile
GetEnvironmentVariableA
GetDriveTypeA
LocalAlloc
DosDateTimeToFileTime
LocalFileTimeToFileTime
GetVersionExA
SetFileTime
CreateDirectoryA
SetCurrentDirectoryA
FindFirstFileA
FindClose
GetLastError
GetProcAddress
FreeLibrary
InterlockedExchange
LoadLibraryA
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
HeapReAlloc
GetProcessHeap
GetStartupInfoA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
Sleep
HeapSize
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetStdHandle
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
InitializeCriticalSection
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers

gdi32

CreateDCA
SetBkColor
SetTextColor
SetTextAlign
GetBkColor
GetTextExtentPoint32A
ExtTextOutA
GetDeviceCaps
CreateFontIndirectA
DeleteDC
SelectObject
DeleteObject

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_winzip_
Size: 7.6MB - Virtual size: 7.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc000e0a56358759c95f653af1246259

Headers

File Characteristics

Imports

kernel32

gdi32

Sections

.text Size: 84KB - Virtual size: 81KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 8KB - Virtual size: 58KB

.rsrc Size: 20KB - Virtual size: 16KB

_winzip_ Size: 7.6MB - Virtual size: 7.6MB

.text
Size: 84KB - Virtual size: 81KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 8KB - Virtual size: 58KB

.rsrc
Size: 20KB - Virtual size: 16KB

_winzip_
Size: 7.6MB - Virtual size: 7.6MB