EtZPtyji[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

EtZPtyji.exe
Size

27.7MB
MD5

5a82e1dde9d6d937394d43e7007c4e20
SHA1

bd1581112a8b8834dd88a212f7fd33eb08e1fc42
SHA256

a13755ee0ec68e6d1dc3af7a4dadf6acf52e8a282c5c873ea491d158488ae7b8
SHA512

e984130fa2608797e87601f97de508af227c3bcd08f97312d8d95709c4e1164cadec46f75371a10d8f5d889fc801aca40f792af5d152fc35f8a676eaeb01ee6b
SSDEEP

786432:GaLbIdX7mEDaH0bt+tJK/qHeksvgxiBHB:GKIdLjDc0AtNHetvFpB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
EtZPtyji.exe

Files

EtZPtyji.exe
.exe windows:6 windows x64 arch:x64

d341c38557c419704106fcbade2e4659

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

TerminateProcess
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxA

advapi32

OpenSCManagerW

ole32

CoInitializeEx

oleaut32

VariantClear

crypt32

CryptUnprotectMemory

winhttp

WinHttpSetStatusCallback

ntdll

RtlVirtualUnwind

version

GetFileVersionInfoSizeW

bcrypt

BCryptDestroyHash

Sections

.text
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.%O9
Size: - Virtual size: 16.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xIg
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.4Kz
Size: 27.7MB - Virtual size: 27.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d341c38557c419704106fcbade2e4659

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

crypt32

winhttp

ntdll

version

bcrypt

Sections

.text Size: - Virtual size: 1.0MB

.rdata Size: - Virtual size: 276KB

.data Size: - Virtual size: 85KB

.pdata Size: - Virtual size: 64KB

_RDATA Size: - Virtual size: 500B

.%O9 Size: - Virtual size: 16.8MB

.xIg Size: 3KB - Virtual size: 3KB

.4Kz Size: 27.7MB - Virtual size: 27.7MB

.reloc Size: 512B - Virtual size: 296B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 1.0MB

.rdata
Size: - Virtual size: 276KB

.data
Size: - Virtual size: 85KB

.pdata
Size: - Virtual size: 64KB

_RDATA
Size: - Virtual size: 500B

.%O9
Size: - Virtual size: 16.8MB

.xIg
Size: 3KB - Virtual size: 3KB

.4Kz
Size: 27.7MB - Virtual size: 27.7MB

.reloc
Size: 512B - Virtual size: 296B

.rsrc
Size: 512B - Virtual size: 480B