667e5fd619a7dc1f5625c66bd81a61ebf2013803c9346ab6ada917670b1d47cb

Sharing

Copy URL Twitter E-mail

General

Target

667e5fd619a7dc1f5625c66bd81a61ebf2013803c9346ab6ada917670b1d47cb
Size

37KB
MD5

4f3fc2410ece66337415c5a519d7e72f
SHA1

11bc814894717a9ea2f4210b53a35c96bab1e7f2
SHA256

667e5fd619a7dc1f5625c66bd81a61ebf2013803c9346ab6ada917670b1d47cb
SHA512

faaed678e512b443e3b9d84948e949104c3d7c55d2b06159b7fa8eef57938a7110e50936854239070633f263acdf8f9fc935371a06318ed39bd364b34a55557d
SSDEEP

384:rldbTXkHPYVdYTcRv+he5KPTzggxq8z1sQ1ZyhWodfQwRv9qN6RFocqcvYFYl4Dr:rTXkiYO+he5KL7b8ldfQwR4vdFaV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
667e5fd619a7dc1f5625c66bd81a61ebf2013803c9346ab6ada917670b1d47cb

Files

667e5fd619a7dc1f5625c66bd81a61ebf2013803c9346ab6ada917670b1d47cb
.exe windows:5 windows x64

8b8e4b4d0d5651d3e5085b60df0ca0ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

psapi

EnumProcessModules
GetModuleBaseNameW
EnumProcesses

user32

GetWindowThreadProcessId
EnumWindows
LoadStringW
PostMessageW

msvcrt

_wcmdln
__lconv_init
__winitenv
_initterm
_fpreset
_cexit
__set_app_type
__wgetmainargs
_amsg_exit
__setusermatherr
malloc
memset
sprintf
bsearch
strcspn
strchr
memmove
strlen
strcmp
strcpy
memcpy
memcmp
_wcsicmp
iswctype
_wtoi
exit
signal

kernel32

GetModuleHandleA
QueryPerformanceCounter
Sleep
TlsGetValue
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
LoadLibraryW
SetUnhandledExceptionFilter
GetStartupInfoW
GetProcAddress
SetLastError
LocalReAlloc
LocalFree
LocalAlloc
GetLastError
GetEnvironmentVariableA
WideCharToMultiByte
WriteConsoleW
GetConsoleOutputCP
WriteFile
TerminateProcess
OpenProcess
HeapReAlloc
HeapFree
HeapAlloc
GetStdHandle
GetProcessHeap
GetModuleHandleW
GetCurrentProcessId
FormatMessageW
CloseHandle
GetSystemTimeAsFileTime
GetTickCount
GetCurrentThreadId

ntdll

vDbgPrintExWithPrefix

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b8e4b4d0d5651d3e5085b60df0ca0ee

Headers

DLL Characteristics

File Characteristics

Imports

psapi

user32

msvcrt

kernel32

ntdll

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 4KB

.pdata Size: 1024B - Virtual size: 612B

.rsrc Size: 14KB - Virtual size: 13KB

.reloc Size: 512B - Virtual size: 252B

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 4KB

.pdata
Size: 1024B - Virtual size: 612B

.rsrc
Size: 14KB - Virtual size: 13KB

.reloc
Size: 512B - Virtual size: 252B