e31a72f7711c9eacda36841656f29a2a7cefcefe7975bfbe23205ca1cbc510da

Sharing

Copy URL

Twitter E-mail

General

Target

e31a72f7711c9eacda36841656f29a2a7cefcefe7975bfbe23205ca1cbc510da
Size

431KB
MD5

e1342e8d5be22efd3112c8f45301f538
SHA1

b111746fd862d0b1613fcb0bf2e224d1e064cc1e
SHA256

e31a72f7711c9eacda36841656f29a2a7cefcefe7975bfbe23205ca1cbc510da
SHA512

cafc4484e04da3e084d23d35d069a051823dc06200fb3646def5acb15c68c109f78f231e248a2c108664bd15db3cc9c3e9e8383690a0b54850542823fedb5f11
SSDEEP

3072:/Azbfvfwff5fKffWffjfqfMAfxf0cSsfPmff/fqfcxf/ffzffIfMCfrfpuflffll:/7bzdXYadIVnewWC9SP4dYMw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e31a72f7711c9eacda36841656f29a2a7cefcefe7975bfbe23205ca1cbc510da

Files

e31a72f7711c9eacda36841656f29a2a7cefcefe7975bfbe23205ca1cbc510da
.exe windows:4 windows x86 arch:x86

084a5ed211ab6a6d4944e98c48b414d5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comn

GetObjSockHlp
GetObjectLog

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
InterlockedExchange
GetCurrentProcess
CreateMutexW
CloseHandle
HeapFree
InterlockedCompareExchange
GetProcessHeap
GetLastError
HeapAlloc
WaitForSingleObject
ReleaseMutex
TerminateProcess

user32

PostQuitMessage
EndPaint
BeginPaint
DefWindowProcW
DestroyWindow
UpdateWindow
ShowWindow
FindWindowW
SendMessageW
LoadStringW
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW

advapi32

SetSecurityDescriptorDacl
FreeSid
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
AddAccessAllowedAce

msvcr80

?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_onexit
_beginthread
strrchr
sprintf
_wcsnicmp
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
memset

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 392KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

084a5ed211ab6a6d4944e98c48b414d5

Headers

File Characteristics

Imports

comn

kernel32

user32

advapi32

msvcr80

wtsapi32

Sections

.text Size: 8KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 392KB - Virtual size: 392KB

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 392KB - Virtual size: 392KB