f4e1587445f37cef34f1e027e99fd25677973cd1a80ff96bc26cf36c6acb8a30

Sharing

Copy URL Twitter E-mail

General

Target

f4e1587445f37cef34f1e027e99fd25677973cd1a80ff96bc26cf36c6acb8a30
Size

13.7MB
MD5

ae14887972fcc8e1630da963d0664200
SHA1

e118263bccd6a2bd2c0b8fdab0450c0928de081d
SHA256

f4e1587445f37cef34f1e027e99fd25677973cd1a80ff96bc26cf36c6acb8a30
SHA512

0118b1407471389982a5b2f7d4673218669350df61d70f90b508108dcb0ebd0c4eb5ddba88404178aef76e68d253b63fff4841bf04e4ca20b5c51784c2be2b5c
SSDEEP

393216:EdqFseqy0awi1MNAe+SN2l1P6yDw6U45l:EAsXyjuN4weCyh5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4e1587445f37cef34f1e027e99fd25677973cd1a80ff96bc26cf36c6acb8a30

Files

f4e1587445f37cef34f1e027e99fd25677973cd1a80ff96bc26cf36c6acb8a30
.exe windows:5 windows x86

79e056394672006b49946b0154a81ba2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutRestart

ws2_32

gethostname

rasapi32

RasHangUpA

kernel32

GetVersion
GetVersionExA
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetScrollPos
CharUpperBuffW

gdi32

RoundRect

winspool.drv

OpenPrinterA

comdlg32

GetOpenFileNameW

advapi32

RegOpenKeyA

shell32

Shell_NotifyIconA

ole32

CLSIDFromProgID

oleaut32

LHashValOfNameSys

comctl32

ord17

wsock32

shutdown

wininet

InternetCloseHandle

Exports

Exports

e2ee_CacheClear
e2ee_CacheDecr
e2ee_CacheDelete
e2ee_CacheExists
e2ee_CacheGet
e2ee_CacheGetMulti
e2ee_CacheGetMultiText
e2ee_CacheGetText
e2ee_CacheIncr
e2ee_CacheSet
e2ee_CacheSetExpire
e2ee_CacheSetText

Sections

.text
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.daojia0
Size: - Virtual size: 8.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.daojia1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.daojia2
Size: 13.7MB - Virtual size: 13.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79e056394672006b49946b0154a81ba2

Headers

File Characteristics

Imports

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

wsock32

wininet

Exports

Exports

Sections

.text Size: - Virtual size: 1.4MB

.rdata Size: - Virtual size: 2.1MB

.data Size: - Virtual size: 1.5MB

.daojia0 Size: - Virtual size: 8.6MB

.daojia1 Size: 4KB - Virtual size: 2KB

.daojia2 Size: 13.7MB - Virtual size: 13.7MB

.rsrc Size: 20KB - Virtual size: 19KB

.text
Size: - Virtual size: 1.4MB

.rdata
Size: - Virtual size: 2.1MB

.data
Size: - Virtual size: 1.5MB

.daojia0
Size: - Virtual size: 8.6MB

.daojia1
Size: 4KB - Virtual size: 2KB

.daojia2
Size: 13.7MB - Virtual size: 13.7MB

.rsrc
Size: 20KB - Virtual size: 19KB