0e815c5c7dda16exeexeexeex[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

0e815c5c7dda16exeexeexeex.exe
Size

1.7MB
MD5

0e815c5c7dda1631da783e8ac6519497
SHA1

6f11de6569f9ecb4d5f7a69e1e70548b88aba778
SHA256

6fc6ffc9db17548722f8ed7527a01b924f182d6c4e0ab6474c7d337556051b7b
SHA512

5ef8480c45e016113e41ace9a8e2caf575709fd2f919521f34e2e8e18c490fa08633953df495892bfcebedb470585cf9db8749cab5a3d24f71d13c3764cf6420
SSDEEP

24576:e0Ac9L9V4Y0EmZsqjnhMgeiCl7G0nehbGZpbD:Dj4YpEDmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e815c5c7dda16exeexeexeex.exe

Files

0e815c5c7dda16exeexeexeex.exe
.exe windows x86

a77a385d2e6398616508ea0586f81cf0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExpandEnvironmentStringsW
InitializeCriticalSection
GetCurrentProcessId
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetTickCount
CreateFileW
Sleep
SetFilePointer
WriteFile
CloseHandle
OutputDebugStringW
GetCurrentThreadId
QueryPerformanceCounter
OpenProcess
GetFileAttributesExW
GetTempFileNameW
GetLongPathNameW
SearchPathW
FormatMessageW
LocalFree
CreateMutexW
WaitForSingleObject
CreateFileMappingW
MapViewOfFile
ReleaseMutex
UnmapViewOfFile
SetLastError
QueryPerformanceFrequency
CreateDirectoryW
GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
GetEnvironmentVariableW
WideCharToMultiByte
GetPrivateProfileStringW
GetPrivateProfileStringA
WritePrivateProfileStringW
WritePrivateProfileStringA
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
GetModuleFileNameW
GetStringTypeW
EncodePointer
DecodePointer
HeapSetInformation
GetStartupInfoW
HeapFree
GetSystemTimeAsFileTime
GetTimeFormatW
GetDateFormatW
RaiseException
RtlUnwind
HeapAlloc
LCMapStringW
GetCPInfo
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapSize
GetModuleHandleW
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
HeapCreate
GetTimeZoneInformation
GetLocaleInfoW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
WriteConsoleW
SetStdHandle
CompareStringW
SetEnvironmentVariableA
GetLastError
ExitThread
GetProcAddress
LoadLibraryW
FreeLibrary
InterlockedExchange
GetCommandLineW
VerifyVersionInfoW
SetFileAttributesW
CopyFileW
MoveFileExW
GetSystemDirectoryW
DeviceIoControl
GetFileTime
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
GlobalFree
GlobalUnlock
GlobalLock
ProcessIdToSessionId
GlobalAlloc
LocalAlloc
GetUserDefaultLangID
GetVersionExW
CreateProcessW
GetTempPathW
GetDiskFreeSpaceExW
CreateThread
GetExitCodeThread
GetExitCodeProcess
TerminateThread
CreateEventW
OpenEventW
ResetEvent
SetEvent
GetLocalTime
GetSystemTime
OpenMutexW
GetShortPathNameW
GetFileSizeEx
PeekNamedPipe
TryEnterCriticalSection
WaitForMultipleObjects
CreatePipe
GlobalMemoryStatusEx
OpenFileMappingW
FlushViewOfFile
GetSystemDefaultLCID
GetSystemDefaultUILanguage
DeleteFileW
GetComputerNameExW
GetCurrentDirectoryW
SetCurrentDirectoryW

shlwapi

PathIsFileSpecW
PathFindFileNameW
PathRemoveFileSpecW
PathFindExtensionW

psapi

EnumProcessModules
GetModuleFileNameExW
GetModuleBaseNameW
EnumProcesses

user32

WaitForInputIdle
GetAsyncKeyState
OpenWindowStationW
CloseWindowStation
GetProcessWindowStation
SetProcessWindowStation
GetThreadDesktop
MsgWaitForMultipleObjectsEx
OpenDesktopW
CloseDesktop
ExitWindowsEx
AllowSetForegroundWindow
PeekMessageW
MsgWaitForMultipleObjects
GetSystemMetrics
SystemParametersInfoW
LoadIconW
DestroyIcon
RegisterWindowMessageW
SetTimer
GetMessageW
SendMessageCallbackW
GetKeyState
SetThreadDesktop

advapi32

RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
GetUserNameW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteValueW
RegSetValueExW
RegDeleteKeyW
CheckTokenMembership
OpenProcessToken
RegQueryValueExW

shell32

ExtractIconW
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoUninitialize
CoInitialize
CLSIDFromString
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

secur32

GetUserNameExW

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a77a385d2e6398616508ea0586f81cf0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

psapi

user32

advapi32

shell32

ole32

oleaut32

version

secur32

Sections

.text Size: 141KB - Virtual size: 141KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 7KB - Virtual size: 19KB

.rsrc Size: 49KB - Virtual size: 48KB

.reloc Size: 1.5MB - Virtual size: 1.5MB

.text
Size: 141KB - Virtual size: 141KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 7KB - Virtual size: 19KB

.rsrc
Size: 49KB - Virtual size: 48KB

.reloc
Size: 1.5MB - Virtual size: 1.5MB