d213269efc282836125f0aecd86b6fc7

Sharing

Copy URL Twitter E-mail

General

Target

d213269efc282836125f0aecd86b6fc7
Size

259KB
MD5

d213269efc282836125f0aecd86b6fc7
SHA1

9a2105fcd0660ff70b017d6d8e535b6456896e9a
SHA256

56b6ca36e8ae245368bda6ff77b7db076af2bf2dbd12249b856c8fb1ac4cff6f
SHA512

7713f306695958e00ce38c294e4b8ec0408affa4bdfb2380999135ddc1f48c3554f82dae0e5ba2425ea1f7b10bece65e2ea27e673dccdecd26b0778ee95d4dbd
SSDEEP

6144:VJBcZvPwdx7Bs6ywK7bdmt2uX0lwjeubtX4AeAOQkn:VvcZvPixDywChLKewnWGG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d213269efc282836125f0aecd86b6fc7

Files

d213269efc282836125f0aecd86b6fc7
.exe windows:6 windows x86 arch:x86

f08bf95ca7d2a26115117c17bf65cf7b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
FreeLibrary
GetModuleHandleExW
GetProcAddress
GetCommandLineA
GetCommandLineW
GetLastError
HeapFree
HeapAlloc
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CompareStringW
LCMapStringW
GetProcessHeap
GetFileSizeEx
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
ReadConsoleW
DecodePointer
CloseHandle
CreateFileW
WriteConsoleW
RaiseException
RtlUnwind
Sleep
CreateProcessA
GetProcessVersion
FormatMessageA
GetPrivateProfileStringA
SetEndOfFile
GetTimeZoneInformation
WritePrivateProfileStringA

isqlt09a

ord177
ord259
ord189
ord196
ord205
ord208
ord283
ord284
ord4
ord6
ord8
ord10
ord959
ord167
ord16
ord20
ord22
ord28
ord30
ord34
ord36
ord38
ord40
ord42
ord44
ord46
ord48
ord14
ord155
ord154
ord163

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f08bf95ca7d2a26115117c17bf65cf7b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

isqlt09a

Sections

.text Size: 177KB - Virtual size: 177KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 10KB - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 177KB - Virtual size: 177KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 10KB - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 9KB - Virtual size: 9KB