5e7e3c453f3ebf197fbddf9c21b15bf0c5b43922f510f0c9a02a567cb4adfae2

Sharing

Copy URL Twitter E-mail

General

Target

5e7e3c453f3ebf197fbddf9c21b15bf0c5b43922f510f0c9a02a567cb4adfae2
Size

190KB
MD5

fd2b09ba88c011bed3cf23df01980db0
SHA1

6a4a1b083259799b344ab4da5c5fc51f1f449bd3
SHA256

5e7e3c453f3ebf197fbddf9c21b15bf0c5b43922f510f0c9a02a567cb4adfae2
SHA512

4b28cfccf192ad3eaaea7eb8da14a81c8ccfd2915e07f8159f1ec9cd11d4869ac9bb4666196684a591c6b50bf18bdde1a2dfc953bce1621fda4790cbd644433c
SSDEEP

3072:wvm5v8ZeUwdWa7s65bH6YkQLvtsaffuMYY5T/:wvIs3wDUGuM3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e7e3c453f3ebf197fbddf9c21b15bf0c5b43922f510f0c9a02a567cb4adfae2

Files

5e7e3c453f3ebf197fbddf9c21b15bf0c5b43922f510f0c9a02a567cb4adfae2
.exe windows:5 windows x64

db5081b7ea1398ff9639c957ed23f42c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ConvertThreadToFiber
GetTimeZoneInformation
VirtualProtect
CreateFiber
SwitchToFiber
CreateFileA
CloseHandle
GetLocaleInfoA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCommandLineA
HeapSize
HeapValidate
IsBadReadPtr
RaiseException
RtlPcToFileHeader
RtlUnwindEx
DebugBreak
GetStdHandle
WriteFile
OutputDebugStringA
GetLastError
WriteConsoleW
GetFileType
OutputDebugStringW
GetModuleHandleW
GetProcAddress
ExitProcess
LoadLibraryW
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
GetCurrentThreadId
FlsAlloc
FlsFree
SetLastError
SetHandleCount
GetStartupInfoA
WideCharToMultiByte
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapAlloc
HeapReAlloc
HeapQueryInformation
HeapFree
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
LoadLibraryA
SetFilePointer
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

winhttp

WinHttpCloseHandle
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen

Sections

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db5081b7ea1398ff9639c957ed23f42c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winhttp

Sections

.text Size: 135KB - Virtual size: 134KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 6KB - Virtual size: 14KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 135KB - Virtual size: 134KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 6KB - Virtual size: 14KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1KB - Virtual size: 1KB