VirtualBox706155176Winexe[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

VirtualBox706155176Winexe.exe
Size

57.2MB
MD5

5abc6b3e05500d963b7b7e9b2b9a42ab
SHA1

bfdaf22429ce41091bf5de531d9d4148ecb84499
SHA256

ddee8017c1f7d572cd4c583d1e233c14d8c40702610afff1e79be79ffa8a7bad
SHA512

705cf4aebc96e46302d24cd5ce6815810a68d63f3a263b7ec118e3b31dd46e81bb383886903e66cbc6cfd6728de03f3636e5be3d0b35bdd7ff4527a9c1280793
SSDEEP

786432:Vu4OmwO+lcXdhyCOvtKX2Ff6Q6iKxh7ecNGyRQcMfVkl4AQflgoIwOcA03VRafCN:IloHyCtX4f1cFecNDgiA13VIfR89CrE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VirtualBox706155176Winexe.exe

Files

VirtualBox706155176Winexe.exe
.exe windows x86

acd196ef0ee923b71d308feb7a3be083

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtQueryInformationProcess
NtOpenProcess
NtProtectVirtualMemory
NtSetEvent
NtResetEvent
NtCreateEvent
NtWaitForSingleObject
NtTerminateProcess
RtlFreeUnicodeString
NtQueryDirectoryFile
RtlGetNtProductType
NtOpenDirectoryObject
NtCreateFile
NtQueryDirectoryObject
NtQueryVolumeInformationFile
NtClose
NtQueryInformationFile

kernel32

VirtualQuery
GetSystemInfo
VirtualProtect
RtlUnwind
SystemTimeToFileTime
GetTickCount
GetSystemTime
OutputDebugStringA
GetCommandLineW
TlsSetValue
TlsGetValue
CloseHandle
GetLastError
SetLastError
CreateMutexW
GetCurrentProcess
FindResourceExW
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryExW
LoadResource
LockResource
SizeofResource
LocalFree
FormatMessageW
AllocConsole
FreeConsole
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetStdHandle
CreateFileW
DeleteFileW
FlushFileBuffers
GetFileSize
GetFileType
ReadFile
SetEndOfFile
SetFilePointer
LoadLibraryExA
WriteFile
DeviceIoControl
GetCurrentProcessId
GetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
MoveFileExW
GetConsoleMode
Sleep
GetCurrentThreadId
TerminateProcess
SetErrorMode
GetVersion
GetModuleHandleW
GetModuleFileNameW
WideCharToMultiByte
GetACP
GetSystemDirectoryW
RaiseException
GetCurrentThread
TlsAlloc

Exports

Exports

nocrt_memchr
nocrt_memcmp
nocrt_memcpy
nocrt_memmove
nocrt_memrchr
nocrt_memset
nocrt_strchr
nocrt_strcmp
nocrt_strcpy
nocrt_strlen
nocrt_strncmp

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 105.0MB - Virtual size: 105.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

acd196ef0ee923b71d308feb7a3be083

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

Exports

Exports

Sections

.text Size: 148KB - Virtual size: 148KB

.rdata Size: 183KB - Virtual size: 183KB

.data Size: 3KB - Virtual size: 17KB

.didat Size: 512B - Virtual size: 8B

.rsrc Size: 105.0MB - Virtual size: 105.0MB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 148KB - Virtual size: 148KB

.rdata
Size: 183KB - Virtual size: 183KB

.data
Size: 3KB - Virtual size: 17KB

.didat
Size: 512B - Virtual size: 8B

.rsrc
Size: 105.0MB - Virtual size: 105.0MB

.reloc
Size: 10KB - Virtual size: 10KB