58b4f9c3b39204588a0cf44f1f1eedfe

Sharing

Copy URL

Twitter E-mail

General

Target

58b4f9c3b39204588a0cf44f1f1eedfe
Size

136KB
MD5

58b4f9c3b39204588a0cf44f1f1eedfe
SHA1

5942cd87158e065bb80f4bec48d82576689cfd41
SHA256

c6184072958ef7b511f3699e91d080d44b69bc4fb49bd434f594f6b68e2c3da0
SHA512

a84db14ba9bf717d239163647d9ccdf4eb373175eed5e5efad8081b03b00eb59949df9ae76a8fe19cd9bf8d2d69da406427c2c613636bd0bdac9c26bba3f1594
SSDEEP

1536:UtGSEoCohtL2UvB/fSudBKgZZopkRTQs/gt6wjWq5/Vuyt6m0Rx:UtGSEoCohtLXvB/fSudogTlgFnuytcz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
58b4f9c3b39204588a0cf44f1f1eedfe

Files

58b4f9c3b39204588a0cf44f1f1eedfe
.dll windows:4 windows x86 arch:x86

f7351565598f47f633d5aad7b5f8e02d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
GetCurrentProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
InterlockedCompareExchange
VirtualProtect
GetModuleHandleA
UnmapViewOfFile
SetEndOfFile
GetOEMCP
GetACP
GetFileSize
CreateFileMappingA
MapViewOfFile
lstrlenA
SearchPathA
MultiByteToWideChar
GetLongPathNameA
GetEnvironmentVariableA
LoadLibraryA
GetProcAddress
FreeLibrary
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetWindowsDirectoryA
CreateFileA
SetFilePointer
ReadFile
GetSystemDirectoryA
GetModuleFileNameA
Sleep
CreateProcessA
CloseHandle
GetLastError
GetFileAttributesA
RtlUnwind
HeapFree
InterlockedDecrement
InterlockedIncrement
HeapAlloc
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
InitializeCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
ExitProcess
WideCharToMultiByte
LCMapStringA
LCMapStringW
WriteFile
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
FlushFileBuffers
GetStringTypeA
RaiseException

user32

EnumChildWindows
GetClassNameA
CharNextA
SendMessageA
GetWindowTextA
GetParent
FindWindowExA
GetWindowTextLengthA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegEnumValueA
RegQueryInfoKeyA
RegDeleteKeyA
RegCloseKey

ole32

CoInitialize
CoUninitialize
CoCreateInstance

psapi

GetModuleInformation
EnumProcessModules
GetModuleFileNameExA

msi

ord216
ord172

est03003

Est03003000022
Est03003000019

est03013

Est0301300058
Est0301300015
Est0301300048
Est0301300051
Est0301300057
Est0301300047

Exports

Exports

Est0300200000
Est0300200001
Est0300200002
Est0300200003
Est0300200004
Est0300200005
Est0300200006
Est0300200007
Est0300200008
Est0300200009
Est0300200010
Est0300200011
Est0300200012
Est0300200013
Est0300200014
Est0300200015
Est0300200016

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sbwlist
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7351565598f47f633d5aad7b5f8e02d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

psapi

msi

est03003

est03013

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 60KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 20KB - Virtual size: 76KB

.sbwlist Size: 32KB - Virtual size: 29KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 64KB - Virtual size: 60KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 20KB - Virtual size: 76KB

.sbwlist
Size: 32KB - Virtual size: 29KB

.reloc
Size: 8KB - Virtual size: 5KB