esi_201303_kg_new[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

esi_201303_kg_new.exe
Size

842KB
MD5

cedea949685cdfd045b3eab7961553f1
SHA1

5a53ba542347bf7128c538a94d4f1351db4d214d
SHA256

79be6f91b404d67ffcd5d536307d72cf726ed3b3722707ca4b06eee9e9387574
SHA512

3be27dda40603ca7b120fb32b01ea8f45b230d50e2bc9177025e7c2e040ffcbe0fd3ea7dd03ebe79a1456b6c8dbed7f09e86eaf60d66a466cb3df468c4ce56e9
SSDEEP

24576:86ls9UdokIW+gXI6z7U5f50X7HDInM0V8BKW/:83UdIW+gXI59SrjI9CBh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
esi_201303_kg_new.exe

Files

esi_201303_kg_new.exe
.exe windows:5 windows x86 arch:x86

Password: 1234

7abc3c5a86396bdd5102722ef78071e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetHandleCount
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetActiveWindow

gdi32

ExtTextOutA

winspool.drv

OpenPrinterA

advapi32

RegCloseKey

shlwapi

PathFindExtensionA

oleaut32

VariantClear

Sections

4f#qC<Z5
Size: - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

jr P(0fQ
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

1]1l5D>O
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lU[V\?&K
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

SLG4FH?H
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

P=K+/@$Y
Size: - Virtual size: 755KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

S8 e_K"Z
Size: 839KB - Virtual size: 839KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

B$OVQc,V
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 1234

7abc3c5a86396bdd5102722ef78071e4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

oleaut32

Sections

4f#qC<Z5 Size: - Virtual size: 145KB

jr P(0fQ Size: - Virtual size: 32KB

1]1l5D>O Size: - Virtual size: 23KB

lU[V\?&K Size: - Virtual size: 15KB

SLG4FH?H Size: - Virtual size: 4KB

P=K+/@$Y Size: - Virtual size: 755KB

S8 e_K"Z Size: 839KB - Virtual size: 839KB

B$OVQc,V Size: 2KB - Virtual size: 1KB

4f#qC<Z5
Size: - Virtual size: 145KB

jr P(0fQ
Size: - Virtual size: 32KB

1]1l5D>O
Size: - Virtual size: 23KB

lU[V\?&K
Size: - Virtual size: 15KB

SLG4FH?H
Size: - Virtual size: 4KB

P=K+/@$Y
Size: - Virtual size: 755KB

S8 e_K"Z
Size: 839KB - Virtual size: 839KB

B$OVQc,V
Size: 2KB - Virtual size: 1KB