791d48f9e5a43aee8aa1f588ce4b5484

Sharing

Copy URL Twitter E-mail

General

Target

791d48f9e5a43aee8aa1f588ce4b5484
Size

481KB
MD5

791d48f9e5a43aee8aa1f588ce4b5484
SHA1

116709599846baeaa6e7599414b65f7425e7074e
SHA256

22b08ed287cbcc9b76f40d74bbd2cc7a95b590c16a49c150996e462f2b86cf1c
SHA512

89940844552edff58f10bf9d5f0a166622590098947250e2204c0d7445790f16d6ea56cd72da4a29b4d057b3f6d025fac312643c8488c51765ce2caf86dafc19
SSDEEP

6144:KIuQtGUTqWE/3HeeJq4qHJH1yANSxgRDnEcVfUFLHnp97LRcKZhcYG/XxPoyQHff:KIBGUTqVvLJAFS2FVsh22cZBgn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
791d48f9e5a43aee8aa1f588ce4b5484

Files

791d48f9e5a43aee8aa1f588ce4b5484
.exe windows:4 windows x86 arch:x86

725246cdbb9049d92e808940ed9b8b1d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\ojpmab\ebweaeee.PDB

Imports

user32

ExcludeUpdateRgn
LoadBitmapA
RegisterClassA
PostThreadMessageA
SendMessageW
OemToCharBuffA
ShowWindow
WINNLSEnableIME
RegisterClassExA
IsMenu
BlockInput
CreateWindowExW
ModifyMenuA
OemKeyScan
CreateWindowExA
HideCaret
TrackMouseEvent
DefDlgProcA
IsWindowUnicode
IsDlgButtonChecked
MessageBoxW
ToUnicodeEx
IsRectEmpty

comctl32

InitCommonControlsEx

shell32

SHGetDiskFreeSpaceA
DuplicateIcon
InternalExtractIconListA

kernel32

GetStartupInfoA
GetTickCount
EnterCriticalSection
GetPrivateProfileSectionNamesW
InterlockedExchange
HeapDestroy
SetLastError
SetHandleCount
GetCurrentProcess
OpenMutexA
GetACP
lstrcmpW
GetOEMCP
LocalShrink
HeapSize
WriteFile
GetLocaleInfoW
WaitForMultipleObjectsEx
GetEnvironmentStrings
FreeEnvironmentStringsW
SetEnvironmentVariableA
WritePrivateProfileSectionA
GetDriveTypeA
FileTimeToLocalFileTime
SetStdHandle
GetCPInfo
LCMapStringW
WideCharToMultiByte
HeapFree
UnhandledExceptionFilter
ContinueDebugEvent
GetUserDefaultLCID
IsValidCodePage
GetFullPathNameW
WriteConsoleOutputAttribute
VirtualFreeEx
TlsFree
GetVersionExA
IsBadWritePtr
GetProcAddress
GetCurrentThreadId
TlsAlloc
SetFilePointer
HeapReAlloc
MultiByteToWideChar
GetCurrentProcessId
GetLocaleInfoA
VirtualQuery
GetDateFormatA
FreeEnvironmentStringsA
TlsSetValue
CompareStringA
RtlUnwind
ExitProcess
SetUnhandledExceptionFilter
VirtualAlloc
DeleteCriticalSection
LCMapStringA
GetModuleHandleA
HeapCreate
GetTimeZoneInformation
LoadLibraryA
GetConsoleTitleA
GetExitCodeThread
GetStdHandle
GetLastError
GetModuleFileNameA
GetSystemTimeAsFileTime
HeapAlloc
GetCurrentThread
FlushFileBuffers
VirtualFree
SetThreadContext
CreateMutexA
ReadFile
VirtualProtect
TlsGetValue
CreateThread
InitializeCriticalSection
GetFileType
GetStringTypeA
CloseHandle
EnumSystemLocalesA
GetEnvironmentStringsW
CompareStringW
TerminateProcess
ReadConsoleA
lstrcmpA
QueryPerformanceCounter
GetTimeFormatA
GetFileSize
LeaveCriticalSection
IsValidLocale
GetStringTypeW
GetCommandLineA
GetSystemInfo
GlobalUnlock

Sections

.text
Size: 338KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

725246cdbb9049d92e808940ed9b8b1d

Headers

File Characteristics

PDB Paths

Imports

user32

comctl32

shell32

kernel32

Sections

.text Size: 338KB - Virtual size: 337KB

.rdata Size: 31KB - Virtual size: 50KB

.data Size: 103KB - Virtual size: 102KB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 338KB - Virtual size: 337KB

.rdata
Size: 31KB - Virtual size: 50KB

.data
Size: 103KB - Virtual size: 102KB

.rsrc
Size: 8KB - Virtual size: 7KB