b7f0516692dafbdaf2ddee8f3a2c05eb

Sharing

Copy URL Twitter E-mail

General

Target

b7f0516692dafbdaf2ddee8f3a2c05eb
Size

581KB
MD5

b7f0516692dafbdaf2ddee8f3a2c05eb
SHA1

8a6c898b0c960901b3526dda1440129040268990
SHA256

7c3c8cec9c0b84e5661ac607d05e3329998b8502a1d3eb0fd982aac2c3a53547
SHA512

cad60026fabbe5324f73a0f4b5d80175d61fdb10d47784864e321a4eab2759c00ff4673610fe93f08ba62245ab2a8482dadc7fc699fea65d0f962edb9b68d59b
SSDEEP

12288:Yi6CvxKB4LqwuLgNrXmibtEsyKP/PsVSiXzUtMyGepZlOAg:Yi3vxKB4LqwuLgNTmgtt/sRoqy7a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7f0516692dafbdaf2ddee8f3a2c05eb

Files

b7f0516692dafbdaf2ddee8f3a2c05eb
.exe windows:4 windows x86 arch:x86

4a732eb2a0208748242382af6097a707

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\eepebsfobm\evlo\eztle.pdb

Imports

comctl32

InitCommonControlsEx
_TrackMouseEvent
CreateStatusWindowW
GetEffectiveClientRect

wininet

InternetOpenW
FindCloseUrlCache
CreateUrlCacheGroup
InternetTimeFromSystemTimeA
FindNextUrlCacheEntryW
InternetOpenUrlA
GopherCreateLocatorA
ShowClientAuthCerts

comdlg32

PageSetupDlgW
PrintDlgA
ReplaceTextW

user32

CopyAcceleratorTableW
MessageBoxExW
FillRect
DlgDirListA
AppendMenuA
RegisterDeviceNotificationA
DlgDirListComboBoxA
SetSysColors
GetClassWord
SetWindowsHookExA
TabbedTextOutA
EndMenu
AppendMenuW
ShowWindow
SubtractRect
CreateWindowExW
ImpersonateDdeClientWindow
EnumWindowStationsW
GetScrollPos
DefWindowProcA
ShowScrollBar
MessageBoxA
SendDlgItemMessageW
CreateIconIndirect
DestroyWindow
RegisterClassExA
RegisterClassA

kernel32

LeaveCriticalSection
GetVolumeInformationW
GetThreadTimes
ReadFile
ReadConsoleInputA
GetLocaleInfoA
TerminateProcess
UnhandledExceptionFilter
GetTimeFormatA
TlsFree
CreateMutexA
GetWindowsDirectoryA
GetCurrentThreadId
GetStartupInfoA
GetModuleFileNameW
GetCommandLineA
CloseHandle
LCMapStringA
VirtualProtect
SetComputerNameW
ConnectNamedPipe
GetCurrentProcess
FlushFileBuffers
ExitProcess
GetProcessAffinityMask
GetProfileIntA
CreateEventW
GetProcessShutdownParameters
FreeEnvironmentStringsA
TlsAlloc
GetStartupInfoW
GetUserDefaultLCID
GetProfileStringA
GetCurrentProcessId
GetEnvironmentStringsW
GetSystemInfo
GlobalLock
VirtualAlloc
SetEnvironmentVariableA
InterlockedDecrement
FindResourceExW
HeapCreate
GetOEMCP
SetConsoleCursorInfo
MultiByteToWideChar
GetNumberFormatW
GetCommandLineW
GetDateFormatA
VirtualQuery
WriteConsoleOutputCharacterA
IsValidCodePage
IsValidLocale
SetVolumeLabelW
SetStdHandle
OutputDebugStringW
TlsGetValue
GetLastError
SetFilePointer
HeapDestroy
GetLogicalDriveStringsA
GetFileType
LCMapStringW
SetComputerNameA
GetConsoleTitleA
HeapAlloc
SetSystemTime
LoadLibraryW
GetCPInfo
GetCalendarInfoA
InterlockedExchange
GetStdHandle
LocalLock
GetUserDefaultLangID
GetACP
SetThreadIdealProcessor
HeapReAlloc
TlsSetValue
SetConsoleWindowInfo
GetVersionExA
OpenMutexA
HeapSize
SetLastError
GetModuleFileNameA
QueryPerformanceCounter
GetStringTypeA
EnterCriticalSection
GetDiskFreeSpaceExA
FindClose
VirtualFree
FindFirstFileA
EnumSystemLocalesA
WritePrivateProfileStructA
SleepEx
GetDriveTypeA
OpenFile
IsBadWritePtr
GetStringTypeW
WriteFile
EnumTimeFormatsA
FreeEnvironmentStringsW
GetPrivateProfileSectionNamesA
SetHandleCount
DeleteCriticalSection
GetSystemTimeAsFileTime
HeapFree
InitializeCriticalSection
CompareStringW
LoadLibraryA
GetTimeZoneInformation
GetProcAddress
GetModuleHandleA
DeleteFileA
GetCurrencyFormatW
GetCurrentThread
GetLocaleInfoW
WriteProfileSectionW
GlobalFindAtomA
GetEnvironmentStrings
GetFileAttributesW
CompareStringA
GetTickCount
WideCharToMultiByte
RtlUnwind
SetLocaleInfoW
FindFirstFileExA

Sections

.text
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 111KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a732eb2a0208748242382af6097a707

Headers

File Characteristics

PDB Paths

Imports

comctl32

wininet

comdlg32

user32

kernel32

Sections

.text Size: 175KB - Virtual size: 174KB

.rdata Size: 256KB - Virtual size: 256KB

.data Size: 111KB - Virtual size: 132KB

.rsrc Size: 38KB - Virtual size: 37KB

.text
Size: 175KB - Virtual size: 174KB

.rdata
Size: 256KB - Virtual size: 256KB

.data
Size: 111KB - Virtual size: 132KB

.rsrc
Size: 38KB - Virtual size: 37KB