e6b62f6c13db4815b6729cadf906d5a64781bc6755a737224519d366746841c4

Sharing

Copy URL Twitter E-mail

General

Target

e6b62f6c13db4815b6729cadf906d5a64781bc6755a737224519d366746841c4
Size

212KB
MD5

0c92b1ae83da4bd52fa168a86c0e3ab8
SHA1

20a4cc60aa6ed9c4c2d017144e9aaf92c35fb552
SHA256

e6b62f6c13db4815b6729cadf906d5a64781bc6755a737224519d366746841c4
SHA512

0a3eca204a077ba23299a3416eff07188fe20dfd370bbebb791498614de4c044b08915677dd23dcb8c789c3b1ffc1f8b693f4b826e5856127c7a396a687d5d78
SSDEEP

3072:tu93pPZTzI/Vjl83K3vB1Pi3bpe065dVfqsXJkv/:W5PZTEtp83K35ANej/tG3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e6b62f6c13db4815b6729cadf906d5a64781bc6755a737224519d366746841c4

Files

e6b62f6c13db4815b6729cadf906d5a64781bc6755a737224519d366746841c4
.exe windows:5 windows x64

8d07d628830bc5842daf36f774107f39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetTempPathA
DeleteFileA
GetModuleHandleA
WinExec
Sleep
HeapAlloc
GetLastError
HeapFree
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
HeapSetInformation
GetVersion
HeapCreate
EncodePointer
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
CloseHandle
MultiByteToWideChar
ReadFile
GetFileAttributesA
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
CreateFileA
WriteConsoleW
SetStdHandle
FlushFileBuffers
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
HeapSize
LCMapStringW
GetStringTypeW
HeapReAlloc
SetEndOfFile
GetProcessHeap
CreateFileW
CompareStringW
SetEnvironmentVariableA

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 129KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d07d628830bc5842daf36f774107f39

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 63KB - Virtual size: 63KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 129KB - Virtual size: 138KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 436B

.text
Size: 63KB - Virtual size: 63KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 129KB - Virtual size: 138KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 436B