130047-E980A0E5B08FE4BABA[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

130047-E980A0E5B08FE4BABA.exe
Size

2.2MB
MD5

0b9126e4ca8d182c56f1a0168b49cbe3
SHA1

0ff80061e44e8a30a44b9eaad5aa90ae9399f0e1
SHA256

18472659858602cf99a676b98277dfce6122f0b6d7ec0ad6a8cfa00735d1a15f
SHA512

cb7f3110102e579ea5d4fe863763a02e0e2d729c2adb581ab2cfbabb563a4beb9a43ffb0a17ab3109c8392a6adbfc8e120f87718e22e51f1be772e62dd16e526
SSDEEP

49152:WIA/SB4ntFDbpe5m5a2H06b1Tbl3EDEt7G/X5T5ZWbJQefhH:Xe7DMw5a2jL3noHZWbJQAh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
130047-E980A0E5B08FE4BABA.exe

Files

130047-E980A0E5B08FE4BABA.exe
.exe windows x86

70ba2d67a1fba122ce495756aa41ec0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextA
RegQueryValueExA
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

comctl32

ImageList_Add

comdlg32

GetOpenFileNameA

gdi32

AngleArc

kernel32

Beep
GetCurrentProcess
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

msimg32

AlphaBlend

msvcrt

__getmainargs

oleaut32

SysAllocStringLen

user32

AppendMenuA
CharUpperBuffW

ws2_32

WSAAsyncSelect

wtsapi32

WTSSendMessageW

Exports

Exports

getOnePacket
strcatPacket

Sections

.text
Size: - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 827KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 98B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

70ba2d67a1fba122ce495756aa41ec0a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

comdlg32

gdi32

kernel32

msimg32

msvcrt

oleaut32

user32

ws2_32

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 227KB

.data Size: - Virtual size: 21KB

.rdata Size: - Virtual size: 14KB

.eh_fram Size: - Virtual size: 4KB

.bss Size: - Virtual size: 827KB

.edata Size: - Virtual size: 98B

.idata Size: - Virtual size: 10KB

.CRT Size: - Virtual size: 52B

.tls Size: 512B - Virtual size: 8B

.vmp0 Size: - Virtual size: 1.8MB

.vmp1 Size: 2.2MB - Virtual size: 2.2MB

.reloc Size: 512B - Virtual size: 324B

.rsrc Size: 72KB - Virtual size: 1.3MB

.text
Size: - Virtual size: 227KB

.data
Size: - Virtual size: 21KB

.rdata
Size: - Virtual size: 14KB

.eh_fram
Size: - Virtual size: 4KB

.bss
Size: - Virtual size: 827KB

.edata
Size: - Virtual size: 98B

.idata
Size: - Virtual size: 10KB

.CRT
Size: - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B

.vmp0
Size: - Virtual size: 1.8MB

.vmp1
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 512B - Virtual size: 324B

.rsrc
Size: 72KB - Virtual size: 1.3MB