213e4dac31023461bf99705827da3447[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

213e4dac31023461bf99705827da3447.exe
Size

317KB
MD5

213e4dac31023461bf99705827da3447
SHA1

633a107c31c53714669cbcf013b7e9f7b99b343b
SHA256

e738064fe074cff62ccd60bb7ec588302f41a6b298e988d8d5183119ec9d2bf6
SHA512

81670d8eb7eaf4a78d8dfb09586c0bda2e0a8f7c52ad5fbd6e59398cbc7f19faf828aa0a0fc5f98723e52f693338d77986c648b0e1a2daaf318476e048092050
SSDEEP

6144:FH5JsLtwNdTNoTMULsshT5iaJZDLq/mdh:LJitwNdT0395ftqo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
213e4dac31023461bf99705827da3447.exe

Files

213e4dac31023461bf99705827da3447.exe
.exe windows x86

956d4bfad20bab24e49b479aaad17e29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDriveTypeW
EnumCalendarInfoW
MoveFileExW
InterlockedDecrement
GetEnvironmentStringsW
SetHandleInformation
GetProfileStringW
SetVolumeMountPointW
GetComputerNameW
OpenSemaphoreA
BackupSeek
FreeEnvironmentStringsA
GetModuleHandleW
GenerateConsoleCtrlEvent
GetConsoleAliasesLengthA
GetConsoleAliasExesW
EnumTimeFormatsA
TzSpecificLocalTimeToSystemTime
GetConsoleCP
GlobalAlloc
LoadLibraryW
FatalAppExitW
GetCalendarInfoW
EnumSystemCodePagesA
TerminateProcess
GetStartupInfoW
RaiseException
CreateJobObjectA
GetPrivateProfileIntW
InterlockedExchange
FindFirstFileA
GetNumaProcessorNode
PeekConsoleInputW
OpenMutexA
GetProcessId
LocalAlloc
MoveFileA
BuildCommDCBAndTimeoutsW
GetNumberFormatW
AddAtomW
RemoveDirectoryW
GlobalGetAtomNameW
FindNextFileA
EnumDateFormatsA
GlobalUnWire
GetModuleHandleA
SetLocaleInfoW
EnumResourceNamesA
CreateMailslotA
GetStringTypeW
VirtualProtect
GetCurrentDirectoryA
EnumDateFormatsW
GetShortPathNameW
FindAtomW
FindFirstVolumeW
DeleteFileW
AddConsoleAliasA
ReadFile
WriteConsoleW
FlushFileBuffers
GetVolumeNameForVolumeMountPointA
SetDefaultCommConfigA
GetFileSize
GetCommandLineW
GetLastError
InterlockedIncrement
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
GetProcAddress
ExitProcess
HeapSetInformation
RtlUnwind
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcess
IsProcessorFeaturePresent
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapSize
CloseHandle
FreeEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
SetFilePointer
GetConsoleMode
SetStdHandle
CreateFileW

user32

CharUpperW
LoadMenuW

gdi32

SelectPalette
GetTextFaceW

advapi32

LookupAccountSidW

Sections

.text
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 30.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

956d4bfad20bab24e49b479aaad17e29

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 155KB - Virtual size: 154KB

.data Size: 91KB - Virtual size: 30.7MB

.rsrc Size: 70KB - Virtual size: 70KB

.text
Size: 155KB - Virtual size: 154KB

.data
Size: 91KB - Virtual size: 30.7MB

.rsrc
Size: 70KB - Virtual size: 70KB