5411dbeb657ce35a666fef3c53be082111d7b125b12e322ddc1cfaaef5b42a19

Sharing

Copy URL Twitter E-mail

General

Target

5411dbeb657ce35a666fef3c53be082111d7b125b12e322ddc1cfaaef5b42a19
Size

11.9MB
MD5

0db11d4b7b21e745c10667c87c32f20c
SHA1

8b72b2550416b6fa27d0c1650dc95ac27105229e
SHA256

5411dbeb657ce35a666fef3c53be082111d7b125b12e322ddc1cfaaef5b42a19
SHA512

41182d654a3cfad296f6406b588455f199ff772a25828809df7053bdc748f6409a5f21aa4891255ec4803e9f98cc0821a123343519b28faeb6b8435f54bf963a
SSDEEP

12288:3j3eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeH:z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5411dbeb657ce35a666fef3c53be082111d7b125b12e322ddc1cfaaef5b42a19

Files

5411dbeb657ce35a666fef3c53be082111d7b125b12e322ddc1cfaaef5b42a19
.exe windows:5 windows x86

d6fde792c6fd50b1d9fd4a2fc7b48e5a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToDosDateTime
EnumResourceNamesW
SetVolumeLabelA
lstrlenA
WritePrivateProfileStructA
GetNumberOfConsoleInputEvents
DeleteVolumeMountPointA
LoadLibraryExW
InterlockedDecrement
GetUserDefaultLCID
OpenSemaphoreA
CallNamedPipeW
_lclose
GetProcessPriorityBoost
CreateNamedPipeW
GetSystemTimeAsFileTime
ReadConsoleW
TlsSetValue
FindResourceExA
Sleep
GetVersionExW
WriteConsoleW
IsDBCSLeadByte
lstrcatA
SetThreadPriority
GlobalUnlock
DisconnectNamedPipe
DeactivateActCtx
CreateJobObjectA
SetCurrentDirectoryA
GetLastError
GetProcAddress
GetTapeStatus
WriteProfileSectionA
ReadFileEx
EnterCriticalSection
_hwrite
SetFileApisToOEM
GetLocalTime
LoadLibraryA
LocalAlloc
BeginUpdateResourceA
GetTapeParameters
WaitForMultipleObjects
GetPrivateProfileSectionNamesA
EnumDateFormatsA
GetModuleHandleA
GetCommTimeouts
FreeEnvironmentStringsW
LocalSize
lstrcpyA
GetCommandLineA
GetStartupInfoA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
HeapSize
ExitProcess
SetUnhandledExceptionFilter
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
VirtualAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
RaiseException

user32

GetCursorPos

Exports

Exports

_geek@8
_gekelberifin@8

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11.8MB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d6fde792c6fd50b1d9fd4a2fc7b48e5a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 93KB - Virtual size: 92KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 5KB - Virtual size: 11.4MB

.rsrc Size: 11.8MB - Virtual size: 15KB

.text
Size: 93KB - Virtual size: 92KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 5KB - Virtual size: 11.4MB

.rsrc
Size: 11.8MB - Virtual size: 15KB