bde85c4672f40023b93ae297f5470b21fe2e106c6fe0ba507b2788db614b799d

Sharing

Copy URL Twitter E-mail

General

Target

bde85c4672f40023b93ae297f5470b21fe2e106c6fe0ba507b2788db614b799d
Size

219KB
MD5

86f8da541a8d3c28ba058b13ab95c085
SHA1

7f787d9f45b4bcd5d3d6ac2e7b2da7cd3d22020e
SHA256

bde85c4672f40023b93ae297f5470b21fe2e106c6fe0ba507b2788db614b799d
SHA512

3653eb613e48eb683c95b22000b82ecc834ec6283b99ad595c5797a51189b0f292de134ad997ec119b7be1d8ff9238808c2c3035b89d028c6b8485c7676507e0
SSDEEP

3072:DWGnXWjDBW2hYkuk8RnjBm1imRHWP5eMDfL+OLvCsZ7au8e9j1m8Lp9:fKDBlYk8RnjB99MW+wCqaBe9Rm8LP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bde85c4672f40023b93ae297f5470b21fe2e106c6fe0ba507b2788db614b799d

Files

bde85c4672f40023b93ae297f5470b21fe2e106c6fe0ba507b2788db614b799d
.exe windows:5 windows x86 arch:x86

8c5db66a31be73b4cefcbea78208a6f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameA
CreateFileA
SetDefaultCommConfigA
FindFirstFileW
SetLocaleInfoA
WriteConsoleInputW
HeapAlloc
UpdateResourceA
VerSetConditionMask
InterlockedDecrement
GetNamedPipeHandleStateA
OutputDebugStringW
GetNumberFormatA
ReadConsoleW
WriteFile
GetCommandLineA
GlobalAlloc
TerminateThread
GetLocaleInfoW
ReadConsoleInputA
SetConsoleCP
GlobalFlags
CreateActCtxA
FindNextVolumeMountPointW
GetStartupInfoW
CreateJobObjectA
GetCPInfoExW
GetLastError
GetProcAddress
HeapSize
IsValidCodePage
VerLanguageNameW
LoadLibraryA
WriteConsoleA
UnhandledExceptionFilter
OpenWaitableTimerW
GetConsoleScreenBufferInfo
IsWow64Process
BuildCommDCBAndTimeoutsW
GetModuleHandleA
OpenFileMappingW
SetProcessShutdownParameters
LocalSize
GetWindowsDirectoryW
GetProfileSectionW
ExpandEnvironmentStringsW
CloseHandle
WriteConsoleW
SetStdHandle
WideCharToMultiByte
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapReAlloc
GetCommandLineW
HeapSetInformation
GetCPInfo
RaiseException
RtlUnwind
LCMapStringW
IsProcessorFeaturePresent
GetModuleHandleW
ExitProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
GetACP
GetOEMCP
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryW
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CreateFileW

user32

CharToOemBuffW
CharUpperW

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mekibor
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c5db66a31be73b4cefcbea78208a6f8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 93KB - Virtual size: 92KB

.data Size: 87KB - Virtual size: 3.6MB

.mekibor Size: 1KB - Virtual size: 1KB

.rsrc Size: 36KB - Virtual size: 36KB

.text
Size: 93KB - Virtual size: 92KB

.data
Size: 87KB - Virtual size: 3.6MB

.mekibor
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 36KB - Virtual size: 36KB