eb4943009e1976c9bf5bc6bf4ea44e4e

General

Target

eb4943009e1976c9bf5bc6bf4ea44e4e
Size

326KB
MD5

eb4943009e1976c9bf5bc6bf4ea44e4e
SHA1

85f969317976d0b9848e3719168624eca778467c
SHA256

8e538b14db8de2230c908e7e7d56112675762fa9edacfbc79e165e436df9a02e
SHA512

fe20d1be1680f22c30753e23a710e53c3bdf246141146a29dcecddccdfea482deeac878777532a794193b3645654f51ebf6e22303281424352e624644c37a6ad
SSDEEP

6144:qDzspNih30sJJSGTZN8xLOrbPzg0pIIAH1Gv8LTqcau1VA+6FlMx:qDzspNx4zN8xLO/PHAVOCVAlPA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb4943009e1976c9bf5bc6bf4ea44e4e

Files

eb4943009e1976c9bf5bc6bf4ea44e4e
.dll windows:4 windows x86 arch:x86

5ca321daaef2e27e502e188f4cf7fe59

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindClose
FindNextFileW
FindFirstFileW
CompareFileTime
RaiseException
ReadFile
GetFileSize
CreateEventW
ResetEvent
WriteFile
VirtualFree
OpenFileMappingW
FileTimeToSystemTime
SetErrorMode
GetModuleHandleA
GetThreadLocale
WaitForSingleObject
lstrlenW
GetFileAttributesW
CreateDirectoryW
WideCharToMultiByte
GetLongPathNameW
GetTempFileNameW
SetThreadPriority
GetThreadPriority
InitializeCriticalSectionAndSpinCount
ReleaseMutex
CreateMutexW
OpenMutexW
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
Sleep
DecodePointer
EncodePointer
VirtualAlloc
GetVersion
IsValidLocale
SuspendThread
ReplaceFileA
GetSystemTimes
lstrcatA
CompareStringA
GetConsoleWindow
lstrcmpW
FormatMessageA
GetLastError
InterlockedExchange
FreeLibrary
GetProcAddress
LocalAlloc
GetCurrentThread
LocalFree
LoadLibraryA

user32

GetWindowThreadProcessId
CloseWindow
GetWindowTextLengthA
ShowWindow
GetAncestor
AdjustWindowRectEx
MsgWaitForMultipleObjects

gdi32

SetLayout

msvcrt

realloc
memmove
towupper
memset
wcschr
malloc

shlwapi

PathFindFileNameW

Exports

Exports

ClauseThis
CountryBuildingInBreachYou
ForAboveAndDespite
MicrosoftBreachesOFAcquiredLimited
MicrosoftLimitedSee
WARRANTIESLimitationMiddleYour
WwwParticularVary

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ca321daaef2e27e502e188f4cf7fe59

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msvcrt

shlwapi

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 12KB - Virtual size: 232KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 12KB - Virtual size: 232KB

.reloc
Size: 4KB - Virtual size: 1KB