file | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file
Size

188KB
MD5

ce56308a4488dc316f3e00361192e6c6
SHA1

99ff136466841a4c45552be35cb1628c1f805aec
SHA256

96845909bbac1b9dc17b3561090872738015abfce91bc5217c367dc2c1327f20
SHA512

f24734b08018a480ac3b3d02debd11fb7f9e92d6e739a75c46284e3096ae3faf38ab39133fa36b3dfa543033834b2e265ea343662b4fcb6f6405fd4dab520331
SSDEEP

3072:cJCSRLfTwY5ynh7Z635Lxb3SROe0ChJlL+O+IRM58TCJzVB:+CaLMY5mFcLgPj5TOz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
file

Files

file
.exe windows:5 windows x86 arch:x86

999e15d9eecf40cb7ae06b8e7363d002

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\fakepete_puzojediselod18_neretej\t.pdb

Imports

kernel32

GetSystemDefaultLCID
GetFileAttributesExA
GetTickCount
GetConsoleTitleA
TlsSetValue
FatalAppExitW
FreeConsole
WriteConsoleW
GetModuleFileNameW
SetComputerNameExW
FindNextVolumeMountPointW
CreateJobObjectA
InterlockedExchange
GetLastError
AddConsoleAliasW
VirtualAlloc
SetVolumeLabelW
RemoveDirectoryA
GetConsoleDisplayMode
LoadLibraryA
OpenMutexA
InterlockedExchangeAdd
LocalAlloc
MoveFileA
GetNumberFormatW
GlobalFindAtomW
EnumResourceTypesW
GetModuleHandleA
VirtualProtect
ReadConsoleOutputCharacterW
DeleteFileA
GetProcAddress
GetLogicalDriveStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
HeapFree
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
TlsGetValue
TlsAlloc
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
HeapReAlloc
InitializeCriticalSectionAndSpinCount
SetStdHandle
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
CloseHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
RaiseException

gdi32

GetCharABCWidthsFloatA

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 38.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

999e15d9eecf40cb7ae06b8e7363d002

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

Sections

.text Size: 119KB - Virtual size: 119KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 19KB - Virtual size: 38.9MB

.rsrc Size: 37KB - Virtual size: 36KB

.text
Size: 119KB - Virtual size: 119KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 19KB - Virtual size: 38.9MB

.rsrc
Size: 37KB - Virtual size: 36KB