32d3638794ae9330bc15c097eca82eed247c406c0167f07d3a2eda25781c467d

Sharing

Copy URL

Twitter E-mail

General

Target

32d3638794ae9330bc15c097eca82eed247c406c0167f07d3a2eda25781c467d
Size

233KB
MD5

7e0d3e9df670735fddff76b348522603
SHA1

7df4c1d1d194c786ab1b43e27dcbbbfdb28ff98b
SHA256

32d3638794ae9330bc15c097eca82eed247c406c0167f07d3a2eda25781c467d
SHA512

f9a3b7728428cf433d7c4fe046645a08485e22e1be396f1a8e2e552f777cbaa86a746fa5786bbc39509b5f49169bbdb39388b19599cea07ae2a11bc8a246c588
SSDEEP

3072:kY6AS4mA03XTyhHl6DcmJqcfFhW4i6NipK6s3lSyz5hhCZSk:k513DyFl6DcqWH6NipIhJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
32d3638794ae9330bc15c097eca82eed247c406c0167f07d3a2eda25781c467d

Files

32d3638794ae9330bc15c097eca82eed247c406c0167f07d3a2eda25781c467d
.exe windows:5 windows x86 arch:x86

29117dfd3249232fe2e97e0fc7c45523

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\wupebeg\turebo_muje\keka9\subotigupifahi\si.pdb

Imports

kernel32

WriteConsoleInputA
AddConsoleAliasW
GetComputerNameW
GetTickCount
GetNumberFormatA
GetConsoleTitleA
ReadConsoleW
EnumTimeFormatsA
GlobalAlloc
GetVolumeInformationA
LoadLibraryW
GetThreadSelectorEntry
GetConsoleAliasExesLengthW
GetVersionExW
WriteConsoleW
FindNextVolumeMountPointW
CreateDirectoryA
GetLastError
GetCurrentDirectoryW
SetLastError
InterlockedDecrement
VirtualAlloc
LoadLibraryA
InterlockedExchangeAdd
RemoveDirectoryW
GlobalFindAtomW
GetModuleFileNameA
GetFileAttributesExW
SetCalendarInfoA
DuplicateHandle
ReadConsoleInputW
GetWindowsDirectoryW
GetCurrentProcessId
LCMapStringW
LCMapStringA
GetLocaleInfoA
FindResourceW
GetProcAddress
CreateFileA
GetStringTypeW
GetStringTypeA
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
HeapFree
RaiseException
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
VirtualFree
HeapReAlloc
HeapCreate
GetModuleHandleW
Sleep
ExitProcess
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleA
SetFilePointer
InitializeCriticalSectionAndSpinCount
RtlUnwind
WriteConsoleA
GetConsoleOutputCP
MultiByteToWideChar
SetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
CloseHandle

user32

UnregisterClassA
GetAltTabInfoW
LoadKeyboardLayoutA
CharUpperBuffW

gdi32

StretchDIBits

advapi32

ReadEventLogA

shell32

FindExecutableA

ole32

StringFromIID

winhttp

WinHttpCheckPlatform

Sections

.text
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 22.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29117dfd3249232fe2e97e0fc7c45523

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

winhttp

Sections

.text Size: 147KB - Virtual size: 147KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 39KB - Virtual size: 22.0MB

.rsrc Size: 32KB - Virtual size: 31KB

.text
Size: 147KB - Virtual size: 147KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 39KB - Virtual size: 22.0MB

.rsrc
Size: 32KB - Virtual size: 31KB