a9c3b9e0513cca9fd292b3b0406c67ea

Sharing

Copy URL Twitter E-mail

General

Target

a9c3b9e0513cca9fd292b3b0406c67ea
Size

384KB
MD5

a9c3b9e0513cca9fd292b3b0406c67ea
SHA1

a4269a95089655db0d01028219e6d3e63ad95fee
SHA256

6b5712eac8217ab9fe267748a1404e355c556d14ed068c69079e5d2c1eb8fe2f
SHA512

a88cd380fa7de31ade7e9ca63f58fbe0857280dde3b0acf3b4353e7957b21210a83910369a8f93ba2d06323cf693324be53e893b2f02186a13d291160bdb211b
SSDEEP

6144:jnfuTLhhJHLLdHcQa2E3ozl5BMzbKVUZQYc8zL5V1XBm:78FHrBHc120ozl5BMzbQCNDljBm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9c3b9e0513cca9fd292b3b0406c67ea

Files

a9c3b9e0513cca9fd292b3b0406c67ea
.exe windows:4 windows x86 arch:x86

2b90ba67d1c5a684902b70ebc40484b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\eolis\jssk\eiex

Imports

comdlg32

LoadAlterBitmap
GetFileTitleA

advapi32

RegEnumKeyExW
LookupAccountSidA
GetUserNameA
CreateServiceW
CryptDuplicateHash
StartServiceA
RegOpenKeyA
LookupPrivilegeNameW
CryptGetProvParam
RegConnectRegistryW
StartServiceW
RegSetValueA
RegLoadKeyW
CryptSignHashA
DuplicateTokenEx

user32

CreateWindowExW
CloseWindowStation
WindowFromDC
NotifyWinEvent
DefWindowProcW
DrawCaption
SendIMEMessageExA
BlockInput
EnumWindowStationsW
EnumDesktopWindows
ChildWindowFromPointEx
ChangeClipboardChain
SendDlgItemMessageA
CreateAcceleratorTableA
GetSystemMetrics
CheckMenuRadioItem
OpenDesktopA
DdeQueryStringW
CallWindowProcA
SetCaretPos
IsDialogMessageA
ChangeDisplaySettingsExW
WindowFromPoint
GetTopWindow
IsDlgButtonChecked
TranslateAccelerator
MessageBoxA
KillTimer
ShowWindow
GetMessagePos
EnumDisplaySettingsExA
IsDialogMessage
MapVirtualKeyA
RegisterClassA
GetMenuItemRect
WaitMessage
OemKeyScan
BringWindowToTop
GrayStringA
GetDCEx
CharNextExA
CharToOemW
GetMenuItemCount
DdeReconnect
DrawFocusRect
FlashWindow
GetListBoxInfo
CascadeWindows
RegisterClassExA
FreeDDElParam
EnumChildWindows
MapVirtualKeyW
EnableWindow
CopyAcceleratorTableA
GetAncestor
AnimateWindow
CharToOemA
DestroyWindow
DrawEdge
CopyIcon
GetSystemMenu
MessageBoxW
DrawFrame
RegisterClassW

shell32

FindExecutableA
ExtractIconExW
SHInvokePrinterCommandA

comctl32

InitCommonControlsEx
CreateToolbarEx
ImageList_SetDragCursorImage

gdi32

GetMetaFileBitsEx
PolyTextOutW
GetMetaFileW

kernel32

CreateFileA
EnumSystemLocalesW
GetTickCount
WriteConsoleA
WideCharToMultiByte
SetEvent
IsValidCodePage
GetDiskFreeSpaceExA
GetModuleHandleA
GetConsoleCP
GetStdHandle
GetUserDefaultLCID
SetConsoleCtrlHandler
VirtualFree
OpenFileMappingA
TerminateProcess
SetVolumeLabelW
GetConsoleMode
SetThreadPriority
GetCurrentThreadId
ReadFile
GetLocaleInfoA
GetThreadTimes
CreateSemaphoreA
GetCommandLineW
HeapSize
GetACP
GetStringTypeA
EnumCalendarInfoA
GetExitCodeThread
HeapFree
DosDateTimeToFileTime
GetProcAddress
WriteFile
GetOEMCP
SetUnhandledExceptionFilter
lstrcmpi
IsValidLocale
MoveFileA
GetCurrentProcessId
GetCommandLineA
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
SetEnvironmentVariableA
LCMapStringW
SetConsoleWindowInfo
SetConsoleScreenBufferSize
LoadResource
GetCurrencyFormatA
LocalFlags
GetPrivateProfileSectionNamesA
OpenMutexA
GetDateFormatA
HeapReAlloc
GetPrivateProfileStructW
InterlockedIncrement
EnumResourceTypesA
HeapLock
CompareStringA
GetCPInfo
GetFileType
FlushFileBuffers
CreateDirectoryExW
CreateWaitableTimerA
ExitProcess
SetStdHandle
SetFilePointer
IsDebuggerPresent
LocalSize
WritePrivateProfileSectionA
GlobalFix
CompareStringW
GetStartupInfoW
EnumSystemLocalesA
LocalFree
RtlUnwind
GetDiskFreeSpaceA
FreeEnvironmentStringsW
SetHandleCount
FreeLibrary
TlsAlloc
CopyFileA
Sleep
WriteConsoleW
GetEnvironmentStringsW
LoadLibraryA
GetCurrentProcess
MultiByteToWideChar
LocalCompact
GetStringTypeExA
SetLastError
HeapAlloc
InterlockedExchange
MoveFileW
GetModuleFileNameW
LCMapStringA
GetSystemTimeAsFileTime
CloseHandle
GetCurrentDirectoryW
GetStringTypeW
GlobalAddAtomW
CreateMutexA
EnterCriticalSection
VirtualQuery
GetNamedPipeHandleStateA
InterlockedDecrement
SetLocaleInfoA
HeapDestroy
EnumSystemCodePagesA
FileTimeToLocalFileTime
TlsFree
GlobalFindAtomW
GetConsoleOutputCP
QueryPerformanceCounter
GetLastError
TlsSetValue
EnumResourceTypesW
TlsGetValue
GetCurrentThread
GetTimeFormatA
LeaveCriticalSection
GetVersionExW
GetTimeZoneInformation
GetLocaleInfoW
GetStartupInfoA
DeleteAtom
GetMailslotInfo
VirtualAlloc
HeapCreate
DeleteCriticalSection
GetFullPathNameA
GetModuleHandleW
GetModuleFileNameA

Sections

.text
Size: 184KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b90ba67d1c5a684902b70ebc40484b5

Headers

File Characteristics

PDB Paths

Imports

comdlg32

advapi32

user32

shell32

comctl32

gdi32

kernel32

Sections

.text Size: 184KB - Virtual size: 180KB

.rdata Size: 80KB - Virtual size: 77KB

.data Size: 96KB - Virtual size: 120KB

.rsrc Size: 20KB - Virtual size: 18KB

.text
Size: 184KB - Virtual size: 180KB

.rdata
Size: 80KB - Virtual size: 77KB

.data
Size: 96KB - Virtual size: 120KB

.rsrc
Size: 20KB - Virtual size: 18KB