19b81da90d1e75234ee45eed50319ebd

Sharing

Copy URL Twitter E-mail

General

Target

19b81da90d1e75234ee45eed50319ebd
Size

21KB
MD5

19b81da90d1e75234ee45eed50319ebd
SHA1

358af04850dd1af943cd572b89baf89a0034cd7a
SHA256

23a17ccf5a1e7405f8b5c00cb2e8f7fd742244aee058562bcac9bd23cf94f3a5
SHA512

f6fc9502b3cd2f7232e5cb0734ddc53a87084631ec5d5ad01b084e562554b69682db4aa82f952eb4242842cd9e5ac44902483aa3914a3d8cf1014365c11c7e94
SSDEEP

384:1KGzJd9zTDr7ENqH784IbEhwuHzDd3tM6191htJpVcCTSTV/C71WW/gHOKKOllv3:13LDbNw8d3tM6PtJXWTVK7EGZOllHf

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/RunFromProcess-x64.exe
unpack001/RunFromProcess.exe

Files

19b81da90d1e75234ee45eed50319ebd
.zip
RunFromProcess-x64.exe
.exe windows:4 windows x64 arch:x64

e0946da22801e96bc8cfee677bd856db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_initterm
_onexit
__dllonexit
strlen
__wgetmainargs
??3@YAXPEAX@Z
_memicmp
wcscat
_exit
free
_wcsicmp
_wcmdln
exit
memcpy
_cexit
wcscpy
_snwprintf
memset
wcschr
_wtoi
wcsrchr
wcslen
__setusermatherr
_commode
_fmode
__set_app_type
_c_exit
_XcptFilter
malloc
__C_specific_handler

kernel32

ResumeThread
WriteProcessMemory
EnumResourceTypesW
CreateRemoteThread
OpenProcess
VirtualFreeEx
ReadProcessMemory
VirtualAllocEx
GetStartupInfoW
WaitForSingleObject
GetCurrentProcess
SetErrorMode
FreeLibrary
LoadLibraryW
GetProcAddress
FindResourceW
LoadResource
LoadLibraryExW
CloseHandle
GetWindowsDirectoryW
LockResource
SizeofResource
LocalFree
FormatMessageW
GetVersionExW
GetLastError
GetModuleHandleW
EnumResourceNamesW

user32

MessageBoxW

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RunFromProcess.chm
.chm
RunFromProcess.exe
.exe windows:4 windows x86 arch:x86

b7bcdf7d8ba815a7e80b2a522927ed39

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
_onexit
__dllonexit
strlen
_initterm
??3@YAXPAX@Z
malloc
_wcsicmp
_cexit
wcschr
free
memcpy
__wgetmainargs
_wcmdln
exit
_snwprintf
_wtoi
memset
wcscpy
wcsrchr
wcscat
wcslen
__p__fmode
__set_app_type
_controlfp
_except_handler3
_XcptFilter
_exit
_memicmp
_c_exit

kernel32

VirtualFreeEx
WaitForSingleObject
WriteProcessMemory
EnumResourceTypesW
CreateRemoteThread
OpenProcess
GetCurrentProcess
ReadProcessMemory
VirtualAllocEx
GetModuleHandleA
GetStartupInfoW
ResumeThread
SetErrorMode
GetProcAddress
FreeLibrary
LoadLibraryW
GetModuleHandleW
CloseHandle
FindResourceW
GetWindowsDirectoryW
LoadResource
LoadLibraryExW
LockResource
LocalFree
GetLastError
SizeofResource
FormatMessageW
GetVersionExW
EnumResourceNamesW

user32

MessageBoxW

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
readme.txt

Sharing

General

Malware Config

Signatures

Files

e0946da22801e96bc8cfee677bd856db

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 3KB

.pdata Size: 512B - Virtual size: 432B

.rsrc Size: 3KB - Virtual size: 2KB

b7bcdf7d8ba815a7e80b2a522927ed39

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 512B - Virtual size: 432B

.rsrc
Size: 3KB - Virtual size: 2KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 3KB - Virtual size: 2KB