8ebdfc674d5fd8f0e662ab9efb73739cb6ce9805e3dd7520d8ad179bd31c0326

Sharing

Copy URL Twitter E-mail

General

Target

8ebdfc674d5fd8f0e662ab9efb73739cb6ce9805e3dd7520d8ad179bd31c0326
Size

14.4MB
MD5

f6b89ea1d5e341eef5db9b481d2724fc
SHA1

e10d742a60436b3f2502f9fe444dc95f17f06832
SHA256

8ebdfc674d5fd8f0e662ab9efb73739cb6ce9805e3dd7520d8ad179bd31c0326
SHA512

5bf06be026ad8b1243cce4726201e3102abae42a5e501dfe077e8a30ca9af69cb907ea37f4ef5e53a759c17000c0a27d4e430f593be278a868a3b446c10e01d4
SSDEEP

393216:17juIvJ/qTISi5rf38Gu20wiaCj25f9tWWIU8wsJP:xjrJSMSGfJh/ia9KWIU+P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/A5.exe

Files

8ebdfc674d5fd8f0e662ab9efb73739cb6ce9805e3dd7520d8ad179bd31c0326
.zip
A5.exe
.exe windows x64

364aacb03137a12d82bc25c164d21532

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateToolhelp32Snapshot
Process32Next
VirtualAlloc
OpenProcess
CloseHandle
Process32First
CreateFileW
GetProcessHeap
SetEndOfFile
LoadLibraryW
WriteConsoleW
SetStdHandle
CreateFileA
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetLastError
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
LocalFree
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetCommandLineA
GetStartupInfoW
HeapAlloc
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
GetCPInfo
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
TerminateProcess
GetCurrentProcess
HeapSetInformation
GetVersion
HeapCreate
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
InitializeCriticalSectionAndSpinCount
ReadFile
WriteFile
GetConsoleCP
GetConsoleMode
GetProcAddress
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetStringTypeW
GetLocaleInfoW
FlushFileBuffers
SetFilePointer
GetACP
GetOEMCP
IsValidCodePage

advapi32

GetLengthSid
LookupPrivilegeValueA
SetTokenInformation
OpenProcessToken
AdjustTokenPrivileges

ole32

CoInitializeEx
CoCreateInstance
CoInitializeSecurity

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

wininet

InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetReadFile

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 30.2MB - Virtual size: 30.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

364aacb03137a12d82bc25c164d21532

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

wininet

Sections

.text Size: 114KB - Virtual size: 113KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 8KB - Virtual size: 18KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 30.2MB - Virtual size: 30.2MB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 114KB - Virtual size: 113KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 8KB - Virtual size: 18KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 30.2MB - Virtual size: 30.2MB

.reloc
Size: 8KB - Virtual size: 7KB