ecc8358caf9d365153aca974c22aa7e867d42a24e0e6c62524b21d0f20e403b7

Sharing

Copy URL Twitter E-mail

General

Target

ecc8358caf9d365153aca974c22aa7e867d42a24e0e6c62524b21d0f20e403b7
Size

104KB
MD5

e2f154bcb15fc6ae00b3ae6bfd7d6b47
SHA1

4a6a5fcadf3c54c8e8f13ca800d46b31963c5ca1
SHA256

ecc8358caf9d365153aca974c22aa7e867d42a24e0e6c62524b21d0f20e403b7
SHA512

ee970fedbf56587aece08d9af498efc7ded9a2b2d958a479dfac11d729c7f774176c4e767dab0b2ca4c9b8fc5305a162d3f024dfea59181a7905d7fc983ddf57
SSDEEP

1536:CB1qOZ6Teg/bqDLujkeqQLC1fAnnBvoCfl19q2Bba4SQ1t4H:m1hG/WDLoL0fAnnBvoCfJNaqb4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ecc8358caf9d365153aca974c22aa7e867d42a24e0e6c62524b21d0f20e403b7

Files

ecc8358caf9d365153aca974c22aa7e867d42a24e0e6c62524b21d0f20e403b7
.exe windows:4 windows x86 arch:x86

Password: infected

a218106974a7fb92be6e45e5fb4f69c5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryW
CopyFileW
GetModuleFileNameW
GetLastError
FindFirstFileW
GetSystemDirectoryW
OpenProcess
CreateRemoteThread
GetProcAddress
GetModuleHandleW
WideCharToMultiByte
GetCurrentProcessId
WriteProcessMemory
VirtualAllocEx
GetExitCodeThread
GetModuleFileNameA
ExitThread
LoadLibraryA
FindNextFileA
lstrcmpA
FindFirstFileA
lstrcpynA
CopyFileA
GetTickCount
lstrcatA
ReadFile
GetFileSize
GetSystemTime
SetFileAttributesA
LockResource
LoadResource
SizeofResource
FindResourceA
FindClose
GetCurrentProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateProcessA
CreateEventA
WinExec
GetDriveTypeA
WritePrivateProfileStringA
GetWindowsDirectoryA
CompareStringA
GetStringTypeW
GetStringTypeA
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
MultiByteToWideChar
FlushFileBuffers
SetStdHandle
CompareStringW
HeapReAlloc
VirtualAlloc
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
SystemTimeToFileTime
CreateFileW
SetFileTime
SetFileAttributesW
Sleep
CreateThread
GetSystemDirectoryA
DeleteFileA
CreateFileA
SetFilePointer
CloseHandle
WriteFile
GetModuleHandleA
lstrlenA
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
HeapFree
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetLocalTime
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetFileAttributesA
ExitProcess
TerminateProcess
GetStartupInfoA
GetCommandLineA
GetVersion
HeapAlloc

user32

KillTimer
PostQuitMessage
SetTimer
DefWindowProcA
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
DispatchMessageA
TranslateMessage
CharUpperA
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
GetParent
GetWindowTextA
wsprintfA
GetKeyNameTextA
GetKeyboardState
ToAscii
GetMessageA

gdi32

GetStockObject

advapi32

RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegSetValueExA
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegCreateKeyExA

shell32

ShellExecuteA

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameW

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

a218106974a7fb92be6e45e5fb4f69c5

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

psapi

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 40KB - Virtual size: 40KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 40KB - Virtual size: 40KB