e0f9f9c66629571b9c6f77d725736095ea20024769850665359f1777935db198

Sharing

Copy URL Twitter E-mail

General

Target

e0f9f9c66629571b9c6f77d725736095ea20024769850665359f1777935db198
Size

1.3MB
MD5

543233241a2ddd6116b042c805336dae
SHA1

69f9066503a3cbccde8f38bc5e56d48ac3837196
SHA256

e0f9f9c66629571b9c6f77d725736095ea20024769850665359f1777935db198
SHA512

8d71dc07f520905736a8f11ba66fb2d2a2004f89002759cc52d77b4ceacce03564fd4a844eb3460399223a7e6a0c4438fe087f9ae56dd82dfef736c90dfc0670
SSDEEP

12288:Pd8R6soj0UL0hlPBDCtDaXmNe4GgoacH8OUvkIYF:nsK0ULil

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0f9f9c66629571b9c6f77d725736095ea20024769850665359f1777935db198

Files

e0f9f9c66629571b9c6f77d725736095ea20024769850665359f1777935db198
.exe windows:5 windows x86

a5b9f06a5d221a862bbcd0a288bf0331

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlAssert
RtlIsDosDeviceName_U
vDbgPrintExWithPrefix

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW

kernel32

AddConsoleAliasW
AllocConsole
Beep
CloseHandle
CopyFileExW
CopyFileW
CreateDirectoryW
CreateFileW
CreatePipe
CreateProcessW
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExitProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterW
FindClose
FindFirstFileW
FindNextFileW
FindResourceExW
FlushConsoleInputBuffer
FlushFileBuffers
FormatMessageW
FreeConsole
FreeEnvironmentStringsW
FreeLibrary
GetCommandLineW
GetConsoleAliasW
GetConsoleAliasesLengthW
GetConsoleAliasesW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleTitleW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceW
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileSize
GetFileTime
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetVersionExW
GetVolumeInformationW
GetVolumePathNameW
GlobalMemoryStatus
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LocalReAlloc
LockResource
MoveFileExW
MoveFileW
MultiByteToWideChar
QueryPerformanceCounter
ReadConsoleInputW
ReadFile
RemoveDirectoryW
ResumeThread
RtlUnwind
SearchPathW
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetConsoleTextAttribute
SetConsoleTitleW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetFileApisToOEM
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleInformation
SetLastError
SetLocalTime
SetProcessAffinityMask
SetStdHandle
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TerminateProcess
TlsGetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleInputW
WriteConsoleOutputCharacterW
WriteConsoleW
WriteFile
lstrcmpW
lstrcmpiW
lstrlenW

msvcrt

__dllonexit
__lconv_init
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_amsg_exit
_cexit
_errno
_fpreset
_getdrive
_initterm
_iob
_itow
_lock
_onexit
_pclose
_snwprintf
_unlock
_vsnprintf
_vsnwprintf
_wchdir
_wcmdln
_wcsdup
_wcsicmp
_wcslwr
_wcsnicmp
_wcsnset
_wcsupr
_wfopen
_wgetdcwd
_wpopen
_wtoi
_wtol
abort
bsearch
calloc
exit
fclose
fgetws
free
fwrite
isalnum
isalpha
iswctype
malloc
memchr
memcmp
memcpy
memmove
memset
qsort
rand
realloc
signal
sprintf
strchr
strcmp
strcpy
strcspn
strncmp
swprintf
towlower
towupper
vfprintf
vswprintf
wcscat
wcschr
wcscmp
wcscpy
wcscspn
wcslen
wcsncat
wcsncmp
wcsncpy
wcspbrk
wcsrchr
wcsspn
wcsstr
wcstok
wcstol
wcstoul

user32

LoadStringW
MessageBeep

Sections

.text
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 95KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 969KB - Virtual size: 968KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rossym
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5b9f06a5d221a862bbcd0a288bf0331

Headers

File Characteristics

Imports

ntdll

advapi32

kernel32

msvcrt

user32

Sections

.text Size: 143KB - Virtual size: 143KB

.data Size: 2KB - Virtual size: 1KB

.rdata Size: 17KB - Virtual size: 16KB

.bss Size: - Virtual size: 95KB

.idata Size: 6KB - Virtual size: 6KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 969KB - Virtual size: 968KB

.rossym Size: 220KB - Virtual size: 219KB

.text
Size: 143KB - Virtual size: 143KB

.data
Size: 2KB - Virtual size: 1KB

.rdata
Size: 17KB - Virtual size: 16KB

.bss
Size: - Virtual size: 95KB

.idata
Size: 6KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 969KB - Virtual size: 968KB

.rossym
Size: 220KB - Virtual size: 219KB