828d139ccfc3fc1d24a9725afcaac97314850076ab6a8d82ed7899c34c6c3b78

Sharing

Copy URL Twitter E-mail

General

Target

828d139ccfc3fc1d24a9725afcaac97314850076ab6a8d82ed7899c34c6c3b78
Size

510KB
MD5

37752f4fcc3e7a2d3c56a9324c23b27b
SHA1

7964b6249500a18518b57a5ac7fd254c128cd879
SHA256

828d139ccfc3fc1d24a9725afcaac97314850076ab6a8d82ed7899c34c6c3b78
SHA512

88852e9c7f10d5dfbdf0ff433a2375382e8b06a4e48ecc22cf1cfc32e80b13e41e8cf8428027ef0048531f0954a33123fa6365b16780c75b1c68f7a847a937a1
SSDEEP

12288:mFRnBKyNx6KTDXIDy60/V599f8GZPjfqg1DmmTK:1Wx6QIDy9/VdfBjV6mTK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
828d139ccfc3fc1d24a9725afcaac97314850076ab6a8d82ed7899c34c6c3b78

Files

828d139ccfc3fc1d24a9725afcaac97314850076ab6a8d82ed7899c34c6c3b78
.exe windows:5 windows x86 arch:x86

1bc40c7b123a7b0c53b7490c5b1e1df0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\linese\xehom.pdb

Imports

kernel32

AddConsoleAliasW
SetCommBreak
GetTickCount
GetConsoleTitleA
LoadLibraryW
SetComputerNameExW
CreateJobObjectA
GetLastError
SetLastError
GetProcAddress
AttachConsole
VirtualAlloc
MoveFileW
RemoveDirectoryA
LoadLibraryA
InterlockedDecrement
LocalAlloc
FindFirstVolumeMountPointW
SetFileApisToANSI
QueryDosDeviceW
FindNextChangeNotification
GlobalFindAtomW
GetModuleFileNameA
GetModuleHandleA
GetFileAttributesExW
FatalAppExitA
GetCurrentProcessId
MoveFileWithProgressW
DebugBreak
DeleteFileA
WriteConsoleA
SetVolumeLabelA
MultiByteToWideChar
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
Sleep
HeapSize
ExitProcess
EnterCriticalSection
LeaveCriticalSection
HeapFree
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapAlloc
HeapReAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
CloseHandle
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
RaiseException

advapi32

DeleteAce

Sections

.text
Size: 425KB - Virtual size: 424KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 38.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1bc40c7b123a7b0c53b7490c5b1e1df0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Sections

.text Size: 425KB - Virtual size: 424KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 10KB - Virtual size: 38.8MB

.rsrc Size: 63KB - Virtual size: 62KB

.text
Size: 425KB - Virtual size: 424KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 10KB - Virtual size: 38.8MB

.rsrc
Size: 63KB - Virtual size: 62KB