94fab9b1eb2425837ea63b78e86d9ce9f3a7a4efc3f2d90efd59bafeaf6114e2

Sharing

Copy URL

Twitter E-mail

General

Target

94fab9b1eb2425837ea63b78e86d9ce9f3a7a4efc3f2d90efd59bafeaf6114e2
Size

145KB
MD5

752a44c869670faa5039caac2bec5160
SHA1

034c60d5f413b45a044d4eae5090304204a21ed0
SHA256

94fab9b1eb2425837ea63b78e86d9ce9f3a7a4efc3f2d90efd59bafeaf6114e2
SHA512

2df40e73dd98bf0bab0bbf7ab7f34ac2cf3e53857dc270efa7cc17af2f83462c3394713e02ef157505adee9f3120d5e00a3ff4bb29f8cf34c9bdcbba20d47f5d
SSDEEP

1536:73kxPjY2iEwKJRubXMiyT4Rlgk+/zY/W23TWkXH0vIqg1rURSFWO:73gbYJERJRuzMPcRr+LvcT930v8MO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94fab9b1eb2425837ea63b78e86d9ce9f3a7a4efc3f2d90efd59bafeaf6114e2

Files

94fab9b1eb2425837ea63b78e86d9ce9f3a7a4efc3f2d90efd59bafeaf6114e2
.exe windows x86

3d6a186b6711ee69a96fb1e36ed16b23

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msys-gcrypt-20

gcry_calloc
gcry_check_version
gcry_control
gcry_create_nonce
gcry_free
gcry_malloc
gcry_malloc_secure
gcry_md_close
gcry_md_hash_buffer
gcry_md_open
gcry_md_read
gcry_md_write
gcry_mpi_get_flag
gcry_mpi_get_opaque
gcry_mpi_set_opaque
gcry_pk_get_curve
gcry_pk_get_keygrip
gcry_realloc
gcry_set_log_handler
gcry_sexp_build
gcry_sexp_canon_len
gcry_sexp_release
gcry_sexp_sscan
gcry_strdup
gcry_xcalloc
gcry_xmalloc
gcry_xrealloc
gcry_xstrdup

msys-gpg-error-0

_gpgrt_get_std_stream
_gpgrt_putc_overflow
gpg_err_code_from_errno
gpg_err_code_from_syserror
gpg_err_init
gpg_err_set_errno
gpg_strerror
gpgrt_fclose
gpgrt_fflush
gpgrt_fileno
gpgrt_flockfile
gpgrt_fopencookie
gpgrt_fprintf
gpgrt_fprintf_unlocked
gpgrt_fputs
gpgrt_fputs_unlocked
gpgrt_funlockfile
gpgrt_read
gpgrt_set_alloc_func
gpgrt_setvbuf
gpgrt_snprintf
gpgrt_vasprintf
gpgrt_vfprintf_unlocked
gpgrt_write

msys-ksba-8

ksba_cert_get_image
ksba_cert_get_issuer
ksba_cert_get_public_key
ksba_cert_get_serial
ksba_cert_get_subject
ksba_cert_new
ksba_cert_read_der
ksba_cert_release
ksba_reader_new
ksba_reader_release
ksba_reader_set_mem
ksba_set_malloc_hooks

msys-2.0

__assert_func
__cxa_atexit
__errno
__getreent
__locale_ctype_ptr
__main
_dll_crt0@0
_fcntl64
_fopen64
_fseeko64
_fstat64
_ftello64
_getpwuid32
_getuid32
_impure_ptr
_lseek64
_open64
_stat64
_tmpfile64
abort
access
atoi
calloc
chdir
chmod
close
connect
cygwin_internal
difftime
dll_dllcrt0
dup
exit
explicit_bzero
fclose
fcntl
fflush
fileno
fopen
fprintf
fputs
fread
free
fseek
fseeko
fstat
fsync
ftello
fwrite
getc
getcwd
getenv
getpid
getpwnam
getpwuid
getrlimit
getsockname
getuid
gmtime
gmtime_r
inet_pton
isatty
kill
link
localtime
lseek
malloc
memcmp
memcpy
memmove
memset
mkdir
mktime
msys_detach_dll
nanosleep
nl_langinfo
open
posix_memalign
printf
putc
putchar
qsort
raise
read
realloc
remove
rename
select
setenv
setrlimit
sigaction
sigemptyset
sigfillset
sigprocmask
sleep
socket
sprintf
stat
stpcpy
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strstr
strtol
strtoul
sys_siglist
time
timegm
tmpfile
toupper
uname
uname_x
unlink
unsetenv
write

msys-gcc_s-1

__divdi3
__moddi3
__udivdi3
__umoddi3

msys-iconv-2

libiconv
libiconv_close
libiconv_open

msys-intl-8

libintl_bind_textdomain_codeset
libintl_bindtextdomain
libintl_gettext
libintl_setlocale
libintl_textdomain

kernel32

FreeLibrary
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadLibraryA

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 872B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3d6a186b6711ee69a96fb1e36ed16b23

Headers

DLL Characteristics

File Characteristics

Imports

msys-gcrypt-20

msys-gpg-error-0

msys-ksba-8

msys-2.0

msys-gcc_s-1

msys-iconv-2

msys-intl-8

kernel32

Sections

.text Size: 99KB - Virtual size: 99KB

.data Size: 512B - Virtual size: 384B

.rdata Size: 16KB - Virtual size: 15KB

.buildid Size: 512B - Virtual size: 53B

/4 Size: 20KB - Virtual size: 20KB

.bss Size: - Virtual size: 872B

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 99KB - Virtual size: 99KB

.data
Size: 512B - Virtual size: 384B

.rdata
Size: 16KB - Virtual size: 15KB

.buildid
Size: 512B - Virtual size: 53B

/4
Size: 20KB - Virtual size: 20KB

.bss
Size: - Virtual size: 872B

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB