6571435f809e98f66894404d24b224ae

Sharing

Copy URL

Twitter E-mail

General

Target

6571435f809e98f66894404d24b224ae
Size

134KB
MD5

6571435f809e98f66894404d24b224ae
SHA1

6d9f9d5736b15c32ad35a471a9fbc1fac8e2ad9a
SHA256

51ed4f87caa3fc8df8a0e57bc743bb1e9689cdb95733b0cb7e6f778258d534b8
SHA512

0354d939536efe53aa4c5efa40b78e49db6fb25b905d9f3cdd3ff5bf4a688df10aa8a406a43063c71648659d92312d6a5756d15965e10028ad651fc252bee85b
SSDEEP

3072:V5xF41U8pCN05utDHR0Tcgi36l3bYeoOD60PgsxkISyQ6hi:VbW1U8pCyuxH0/oy0zO5x7zA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/eps_clonecd.exe

Files

6571435f809e98f66894404d24b224ae
.zip
eps.nfo
eps_clonecd.exe
.exe windows:5 windows x86 arch:x86

ee9a3a7d7332935ff81b55ae5b9ec96b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

wcslen
strlen
_vsnprintf

shlwapi

StrRStrIW
StrCSpnIW
StrRChrA
StrToIntExA
PathAppendW
StrFormatByteSizeW

shell32

ord688

kernel32

GetFileSize
LoadResource
ClearCommError
GetNamedPipeHandleStateA
GetCommProperties
SetFileTime
WaitNamedPipeW
UnregisterWait
GetThreadPriorityBoost
GetProcessVersion
CreateEventW
OpenEventW
FileTimeToDosDateTime
SetCurrentDirectoryW
CreateHardLinkW
LoadLibraryW
UnmapViewOfFile
SetNamedPipeHandleState
FormatMessageW
SetSystemTimeAdjustment
GetTickCount
WaitForSingleObjectEx
WideCharToMultiByte

user32

PostMessageW
RealGetWindowClassW
SetWindowRgn
DragObject
DestroyIcon
RedrawWindow
LookupIconIdFromDirectoryEx
SetCursorPos
GetAsyncKeyState
FindWindowW
CreateMDIWindowA
CharLowerBuffW
CharPrevExA
GetParent
DialogBoxParamW
IsZoomed
MapDialogRect
InvertRect
RemovePropA
CreateAcceleratorTableW
GrayStringA
SetScrollRange
DrawFocusRect
TranslateMessage
MessageBoxA
GetAncestor
EnumPropsA
GetWindowTextW
PeekMessageW
GetWindowContextHelpId
GetAltTabInfoW
MapWindowPoints
UnregisterHotKey
DispatchMessageW
GetDC
EnumChildWindows
LockWindowUpdate
LoadMenuW

gdi32

SetWorldTransform
SetMapperFlags
SaveDC
StartDocA
RectInRegion
CreateHalftonePalette
GetTextColor
GetStretchBltMode
CreateBitmapIndirect
ScaleViewportExtEx
GetCharacterPlacementA
SetMapMode
GetBoundsRect
AddFontResourceA
GetBitmapBits
GetCharABCWidthsI
GetClipRgn
UpdateColors

advapi32

GetLengthSid
InitializeSid
AreAllAccessesGranted
EqualPrefixSid

Exports

Exports

__EndPaint@12
__GetUpdateRect@12

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ecode
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.memdat
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stadat
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 838B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
file_id.diz

Sharing

General

Malware Config

Signatures

Files

ee9a3a7d7332935ff81b55ae5b9ec96b

Headers

File Characteristics

Imports

ntdll

shlwapi

shell32

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.ecode Size: 12KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 296B

.memdat Size: 512B - Virtual size: 256B

.stadat Size: 4KB - Virtual size: 3KB

.rsrc Size: 125KB - Virtual size: 125KB

.reloc Size: 1024B - Virtual size: 838B

.text
Size: 2KB - Virtual size: 1KB

.ecode
Size: 12KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 296B

.memdat
Size: 512B - Virtual size: 256B

.stadat
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 125KB - Virtual size: 125KB

.reloc
Size: 1024B - Virtual size: 838B