789face6b48b3dfefa2bbb5c8a683bf0_console[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

789face6b48b3dfefa2bbb5c8a683bf0_console.exe
Size

170KB
MD5

789face6b48b3dfefa2bbb5c8a683bf0
SHA1

82e6dce1c088c2398f1f11daea9893bacd4512f1
SHA256

0effce6546c274caeb9611e1e4ec02d2a9eba4922f05ad52958157c573657509
SHA512

0f81751c46eb8f0901a10d80f65c5f56fc135f980f40148674ea4c10c004779a7762408d5876a3173c2048c531185777928764d6179e3fab63fdeaf3536c8e37
SSDEEP

3072:h7GE3jVBsBNytciBqjElDn2If0OMPQ5zTUN:h7GGKDz0Dn2e0OMPgzTs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
789face6b48b3dfefa2bbb5c8a683bf0_console.exe

Files

789face6b48b3dfefa2bbb5c8a683bf0_console.exe
.exe windows:4 windows x86

ec093cda71964d30af54547ece96fcec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupAccountSidA
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetKernelObjectSecurity
GetFileSecurityA
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
LookupAccountNameA
FreeSid
AllocateAndInitializeSid
GetLengthSid
EqualSid
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

kernel32

GetVersion
GetSystemTime
GetLastError
HeapAlloc
GetProcessHeap
ExitProcess
HeapReAlloc
HeapFree
CloseHandle
GetFileInformationByHandle
CreateFileA
GetFullPathNameA
GetFileAttributesA
FindClose
FindFirstFileA
GetCurrentDirectoryA
DeleteFileA
SetFileAttributesA
GetSystemDirectoryA
GetWindowsDirectoryA
ReadFile
CreateDirectoryA
GetVolumeInformationA
SetLastError
SetFileTime
WriteFile
UnhandledExceptionFilter
GetCommandLineA
GetEnvironmentStrings
SetErrorMode
GetCurrentProcessId
MapViewOfFile
SetFileApisToOEM
FormatMessageA
ResetEvent
WaitForSingleObject
CreateEventA
SetConsoleCtrlHandler
GetProcAddress
LoadLibraryA
FreeLibrary
DeviceIoControl
SetFilePointer
GetFileType
SetEndOfFile
FileTimeToDosDateTime
GetStdHandle
SetStdHandle
UnmapViewOfFile
CreateProcessA
CreateFileMappingA
GetProcessTimes
GetExitCodeProcess
WaitForMultipleObjects
FindNextFileA
WideCharToMultiByte
GetTimeZoneInformation
MultiByteToWideChar
DosDateTimeToFileTime
SetTapePosition
WriteTapemark
EraseTape
PrepareTape
GetTapeParameters
SetTapeParameters
VirtualAlloc
Sleep
SetEvent
LockFile
UnlockFile
DuplicateHandle
GetCurrentProcess
GetTickCount
OpenProcess
GetConsoleMode
RtlUnwind

user32

PostMessageA
CharToOemA
MessageBoxA

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.ordata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ec093cda71964d30af54547ece96fcec

Headers

File Characteristics

Imports

advapi32

kernel32

user32

Sections

.text Size: 101KB - Virtual size: 101KB

.rdata Size: 512B - Virtual size: 308B

.data Size: 33KB - Virtual size: 62KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 736B

.reloc Size: 10KB - Virtual size: 9KB

.ordata Size: 20KB - Virtual size: 20KB

.text
Size: 101KB - Virtual size: 101KB

.rdata
Size: 512B - Virtual size: 308B

.data
Size: 33KB - Virtual size: 62KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 736B

.reloc
Size: 10KB - Virtual size: 9KB

.ordata
Size: 20KB - Virtual size: 20KB