5ec070ee6c9b04bfdb26f7203f1929f92b92780c583b4151e8a2da61b5b96cbe

Sharing

Copy URL Twitter E-mail

General

Target

5ec070ee6c9b04bfdb26f7203f1929f92b92780c583b4151e8a2da61b5b96cbe
Size

162KB
MD5

1825b4e5f4574d2b84a2f9d4f8c08634
SHA1

a4256821be1599e6d859f7281d16f4c76903c38d
SHA256

5ec070ee6c9b04bfdb26f7203f1929f92b92780c583b4151e8a2da61b5b96cbe
SHA512

6757dde3fade9ebc034d7e7071c7711873fc23546113f43f5d998e97e9fb0523d4a75b205c7d24d0031423247625513f9ab1ed4e60b267ca65124aa2bb9518d8
SSDEEP

3072:6jvWuLsdylHCgyiavLlAJY9LMMuZ5PFIJV:6CuAQzyZvLlhlMnD9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ec070ee6c9b04bfdb26f7203f1929f92b92780c583b4151e8a2da61b5b96cbe

Files

5ec070ee6c9b04bfdb26f7203f1929f92b92780c583b4151e8a2da61b5b96cbe
.exe windows:5 windows x86

d607a4f1f8161f0070b747423f49a6e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CreateSemaphoreA
GetModuleFileNameA
VirtualProtect
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
HeapAlloc
GetLastError
HeapFree
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetModuleHandleA

wsnmp32

ord300
ord201
ord203
ord903
ord105
ord101
ord605
ord601
ord220
ord400
ord501
ord500
ord600
ord301
ord606
ord204
ord205
ord120
ord103
ord902
ord604
ord107
ord302
ord206
ord104
ord603
ord602
ord100
ord202
ord901
ord102
ord320
ord900
ord200
ord222
ord402
ord221
ord106
ord904
ord401
ord504

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d607a4f1f8161f0070b747423f49a6e7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wsnmp32

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 30KB - Virtual size: 94KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 30KB - Virtual size: 94KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB