e01e56820ca15373330136e0ce5f60618db4e21803fc42d6b5d32a8efa3c9443

Sharing

Copy URL Twitter E-mail

General

Target

e01e56820ca15373330136e0ce5f60618db4e21803fc42d6b5d32a8efa3c9443
Size

366KB
MD5

555f1b169b80de0c3583c671cc69d486
SHA1

3930043f28a2b9fc11943230625539f7e234b2b9
SHA256

e01e56820ca15373330136e0ce5f60618db4e21803fc42d6b5d32a8efa3c9443
SHA512

a61ba1635c221d560857eafef900401e8cb4659d76cb7e6f7baa88640da30cfdf224060233780f97717ec2779841c0ab0bb7094979e90c636d723adb943cb9b1
SSDEEP

3072:fSnc7BH4+hQd78BLqO17eZv33No+UacyeXpdBEbF:fSc7Bi8ne1F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e01e56820ca15373330136e0ce5f60618db4e21803fc42d6b5d32a8efa3c9443

Files

e01e56820ca15373330136e0ce5f60618db4e21803fc42d6b5d32a8efa3c9443
.exe windows:5 windows x64

ebd8fb61197ad7d3631f4728bdabb76a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW

advapi32_vista

RegDeleteTreeW

user32

LoadStringW

msvcrt

__set_app_type
_cexit
_fpreset
_initterm
__winitenv
_wcmdln
signal
__lconv_init
__setusermatherr
memset
sprintf
bsearch
strcspn
strchr
strcmp
strcpy
memcpy
memcmp
_wcsnicmp
wcsrchr
wcspbrk
wcsncmp
wcschr
strpbrk
memmove
strlen
iswctype
_wfopen
fread
fclose
exit
realloc
towupper
swprintf
_wcsupr
_wcsicmp
towlower
wcstoul
malloc
free
_errno
_amsg_exit
__wgetmainargs

kernel32

EnterCriticalSection
TlsGetValue
DeleteCriticalSection
LoadLibraryW
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
Sleep
SetUnhandledExceptionFilter
GetStartupInfoW
GetProcAddress
SetLastError
LocalReAlloc
LocalAlloc
GetEnvironmentVariableA
WideCharToMultiByte
WriteConsoleW
GetConsoleOutputCP
MultiByteToWideChar
lstrcmpW
WriteFile
LocalFree
GetLastError
FormatMessageW
CreateFileW
CloseHandle
ReadConsoleW
GetStdHandle
GetModuleHandleW
lstrlenW
lstrcpyW
lstrcmpiW
LeaveCriticalSection
InitializeCriticalSection

ntdll

vDbgPrintExWithPrefix

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ebd8fb61197ad7d3631f4728bdabb76a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

advapi32_vista

user32

msvcrt

kernel32

ntdll

Sections

.text Size: 37KB - Virtual size: 37KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 4KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 315KB - Virtual size: 315KB

.reloc Size: 1024B - Virtual size: 536B

.text
Size: 37KB - Virtual size: 37KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 4KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 315KB - Virtual size: 315KB

.reloc
Size: 1024B - Virtual size: 536B