23d657a6013cb4ce37d312f51653742c

Sharing

Copy URL Twitter E-mail

General

Target

23d657a6013cb4ce37d312f51653742c
Size

258KB
MD5

23d657a6013cb4ce37d312f51653742c
SHA1

c88a0317987f70521d03c23bafd4dc5ace5e05e3
SHA256

8d333adb2314cdf288a1ad6a7f69c28a34cbebf82e7d0cfb027eef195370c23d
SHA512

d64d12a64168b85dba363852d249183b9e728aa650a4abd5a9d76b03afe634b293e7ff9ab9f97e9f645ee312a8c7f01e7a25f0c8d489b907cc6c413150ec706e
SSDEEP

6144:5UzFeJUAtmuldnBfYIQvOwTXAND6rZmTOxlR:aeBlJBfYIcXAl4oTe/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23d657a6013cb4ce37d312f51653742c

Files

23d657a6013cb4ce37d312f51653742c
.exe windows:4 windows x86 arch:x86

c3b636f18ad13ecac45ffa1cc498ef78

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
GetVersionExW
MultiByteToWideChar
Sleep
GetLastError
GetFileAttributesA
GetFileAttributesW
LoadLibraryA
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTime
InitializeCriticalSection
GetTempPathA
GetTempPathW
GetFullPathNameA
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentProcess
CreateMutexA
GetProcAddress

mapistub

MAPIInitialize
cmc_free
OpenStreamOnFile
MAPISendDocuments
BMAPIReadMail
BMAPIGetReadMail
ScMAPIXFromSMAPI
BMAPISendMail
MAPIOpenFormMgr

samlib

SamEnumerateAliasesInDomain
SamCreateGroupInDomain
SamiSetBootKeyInformation
SamOpenDomain
SamLookupIdsInDomain
SamShutdownSamServer
SamSetInformationUser

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 493KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 1024B - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 91KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 470KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 121KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3b636f18ad13ecac45ffa1cc498ef78

Headers

File Characteristics

Imports

kernel32

mapistub

samlib

Sections

.text Size: 4KB - Virtual size: 4KB

.edata Size: 2KB - Virtual size: 493KB

.text Size: 18KB - Virtual size: 20KB

.edata Size: 1024B - Virtual size: 297KB

.rdata Size: 1KB - Virtual size: 5KB

.edata Size: 91KB - Virtual size: 172KB

.edata Size: 512B - Virtual size: 41KB

.data Size: 6KB - Virtual size: 147KB

.edata Size: 4KB - Virtual size: 470KB

.edata Size: 121KB - Virtual size: 206KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 4KB - Virtual size: 4KB

.edata
Size: 2KB - Virtual size: 493KB

.text
Size: 18KB - Virtual size: 20KB

.edata
Size: 1024B - Virtual size: 297KB

.rdata
Size: 1KB - Virtual size: 5KB

.edata
Size: 91KB - Virtual size: 172KB

.edata
Size: 512B - Virtual size: 41KB

.data
Size: 6KB - Virtual size: 147KB

.edata
Size: 4KB - Virtual size: 470KB

.edata
Size: 121KB - Virtual size: 206KB

.rsrc
Size: 5KB - Virtual size: 4KB