db0a1866ad5206ee606499113f8ccb94cef1087be230cd3751a6dd5fc7782fc0

Sharing

Copy URL Twitter E-mail

General

Target

db0a1866ad5206ee606499113f8ccb94cef1087be230cd3751a6dd5fc7782fc0
Size

3.3MB
MD5

95c38396e5fdebc5365734a0fb75f227
SHA1

df0d828d0e150e5f03bebe2cb93112314c90ebfb
SHA256

db0a1866ad5206ee606499113f8ccb94cef1087be230cd3751a6dd5fc7782fc0
SHA512

bf2242cf4d8ae40ab985ed2e66ce3db4593f66e779b5d83a7dc8181e0fe3027c7b5e3e42a2e15b1980f4116d0416758b3d0a406ef9ab5a437a151173b1de0d17
SSDEEP

98304:Yw78JIAJjdzZjCrXRFQbTgogE18gVjtd34BV:Yw2Dz1CrXgbTgzEGg6n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db0a1866ad5206ee606499113f8ccb94cef1087be230cd3751a6dd5fc7782fc0

Files

db0a1866ad5206ee606499113f8ccb94cef1087be230cd3751a6dd5fc7782fc0
.exe windows:6 windows x86 arch:x86

f6fd34935b2157bd54c9392302f572a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

entitiesmp

?CheckEntityVersion@@YAXXZ

kernel32

WriteFile

user32

ExitWindowsEx

gdi32

BitBlt

advapi32

LookupPrivilegeValueA

msvcp140

_Thrd_id

engine

?RemReference@CEntity@@QAEXXZ

shlwapi

PathRemoveFileSpecW

version

GetFileVersionInfoA

vcruntime140

__std_terminate

api-ms-win-crt-stdio-l1-1-0

_close

api-ms-win-crt-runtime-l1-1-0

_initterm_e

api-ms-win-crt-string-l1-1-0

_strnicmp

api-ms-win-crt-time-l1-1-0

_time32

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-process-l1-1-0

_execv

api-ms-win-crt-heap-l1-1-0

_set_new_mode

api-ms-win-crt-math-l1-1-0

_except1

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-convert-l1-1-0

atoi

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

shell32

SHGetFolderPathW

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 2.0MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 141KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6fd34935b2157bd54c9392302f572a2

Headers

DLL Characteristics

File Characteristics

Imports

entitiesmp

kernel32

user32

gdi32

advapi32

msvcp140

engine

shlwapi

version

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-process-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-convert-l1-1-0

msvcrt

iphlpapi

psapi

shell32

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 8.5MB

.sedata Size: 1.2MB - Virtual size: 1.2MB

.idata Size: 2KB - Virtual size: 4KB

.rsrc Size: 141KB - Virtual size: 144KB

.sedata Size: 4KB - Virtual size: 4KB

.text
Size: 2.0MB - Virtual size: 8.5MB

.sedata
Size: 1.2MB - Virtual size: 1.2MB

.idata
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 141KB - Virtual size: 144KB

.sedata
Size: 4KB - Virtual size: 4KB