e8a091a84dd2ea7ee429135ff48e9f48f7787637ccb79f6c3eb42f34588bc684[.]exe

General

Target

e8a091a84dd2ea7ee429135ff48e9f48f7787637ccb79f6c3eb42f34588bc684.exe
Size

417KB
MD5

c36323390c701eb574c8baa3ac3892a9
SHA1

5dfb0d60f816f8f08c49b3f16b67b20ee5077620
SHA256

e90f9cac4dc50c68e4852fcd8f99d8d115a9eb9655b120e0b94040606cf4e4f9
SHA512

a55fcf640c9a7ddce31ab1ba6d4d354f246fb1327356dfccd252cc0faeb98f4634a2cdcf8f97475ba504bff8d2defd709d802067fb7eb68332b52b1714604afa
SSDEEP

6144:Bh2kBYJZa60l7MAMHHwEta0/b1//KV6/EH5u8R7XIcWus+wGUn5gvZgPgAo/e:TJWJZa6XAIwETJSVsUZxuuGp5KWIAwe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/Device/HarddiskVolume3/Users/User1/Desktop/LetsDefend/SOC104 - Malware Detected/e8a091a84dd2ea7ee429135ff48e9f48f7787637ccb79f6c3eb42f34588bc684.exe

Files

e8a091a84dd2ea7ee429135ff48e9f48f7787637ccb79f6c3eb42f34588bc684.exe
.zip

Password: S1P@ssw0rd
Device/HarddiskVolume3/Users/User1/Desktop/LetsDefend/SOC104 - Malware Detected/e8a091a84dd2ea7ee429135ff48e9f48f7787637ccb79f6c3eb42f34588bc684.exe
.exe windows:6 windows x86 arch:x86

Password: S1P@ssw0rd

1f97faaf5d0b752f37d1b1b225d14964

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

GetEnvironmentStringsW
CloseHandle
lstrlenA
GetModuleHandleA
LoadLibraryA
lstrcpyA
lstrcatA
GetProcAddress
VirtualAlloc
CreateThread
OutputDebugStringA
ExitProcess
CreateTimerQueueTimer
Sleep
ExitThread
EncodePointer
DecodePointer
RtlUnwind
GetCommandLineA
IsProcessorFeaturePresent
GetLastError
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapSize
HeapFree
HeapAlloc
RaiseException
SetLastError
GetCurrentThreadId
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
WriteFile
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
LCMapStringW
OutputDebugStringW
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 361KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: S1P@ssw0rd

Password: S1P@ssw0rd

1f97faaf5d0b752f37d1b1b225d14964

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

Sections

.text Size: 80KB - Virtual size: 80KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 361KB - Virtual size: 368KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 80KB - Virtual size: 80KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 361KB - Virtual size: 368KB

.reloc
Size: 5KB - Virtual size: 4KB