b8b4b2bc85ca6560a7df89d2e584ead5

Sharing

Copy URL

Twitter E-mail

General

Target

b8b4b2bc85ca6560a7df89d2e584ead5
Size

10.0MB
MD5

b8b4b2bc85ca6560a7df89d2e584ead5
SHA1

d9f4fad3e843919e5499ea2dcd92f5c8571be531
SHA256

db2cf456c315f11fb6a61529c37cbf3478160c3796fe9a91aadf085b75f8573d
SHA512

6325bd47c01f50713b6ead04d15eeebd449cd4aaa44f72a8cc1bf7734d656d3ee121d1c49ffc4f34d6e123fc7367d8224c72dd708c4614fcca1856f43da5954c
SSDEEP

49152:46lf7dq55555555555555555555555555555555555555555555555555555555h:PlfhO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8b4b2bc85ca6560a7df89d2e584ead5

Files

b8b4b2bc85ca6560a7df89d2e584ead5
.exe windows:5 windows x86 arch:x86

5ec77dadc6af6731ae85d8cdab650620

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\wabopewasi-gozocax budic43-xuwojoralojogu\suhu.pdb

Imports

kernel32

SetFileTime
GetCompressedFileSizeW
EnumTimeFormatsA
GetCommandLineA
GetProcessTimes
SetHandleCount
TlsSetValue
SetFileShortNameW
GetFirmwareEnvironmentVariableA
GetCalendarInfoW
FormatMessageW
GetFileAttributesA
WritePrivateProfileStructW
GetTimeFormatW
FindNextVolumeW
SetTimeZoneInformation
LocalReAlloc
IsBadWritePtr
GetGeoInfoA
CreateActCtxA
GetShortPathNameA
GetConsoleOutputCP
GetFileSizeEx
InterlockedFlushSList
GetCurrentDirectoryW
GetLongPathNameW
GetThreadLocale
IsBadHugeWritePtr
CreateTimerQueueTimer
HeapUnlock
FormatMessageA
EnterCriticalSection
DisableThreadLibraryCalls
DefineDosDeviceA
PrepareTape
GetProcessVersion
GetAtomNameA
LoadLibraryA
OpenMutexA
CreateSemaphoreW
LocalAlloc
GetExitCodeThread
LockResource
AddAtomW
OpenEventA
GetCommMask
OpenJobObjectW
EnumDateFormatsA
lstrcmpiW
GetModuleHandleA
CancelTimerQueueTimer
VirtualProtect
OpenEventW
OutputDebugStringA
SetProcessShutdownParameters
_lopen
CloseHandle
GetVolumeNameForVolumeMountPointW
lstrcpyA
GetPrivateProfileStringW
SetThreadUILanguage
FreeEnvironmentStringsA
GetSystemDefaultLCID
LockFile
SetThreadExecutionState
WriteConsoleInputA
_lwrite
UpdateResourceA
LoadResource
GetFullPathNameW
FindResourceExW
SetEndOfFile
GetDriveTypeW
GetConsoleAliasExesA
CopyFileExW
WritePrivateProfileStructA
lstrlenA
WriteConsoleInputW
HeapCompact
CreateTimerQueue
SetComputerNameA
CreateFileW
ReadConsoleW
ReadFile
WriteConsoleW
OutputDebugStringW
FlushFileBuffers
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
LeaveCriticalSection
DeleteCriticalSection
IsProcessorFeaturePresent
GetLastError
HeapFree
GetCommandLineW
GetCPInfo
RaiseException
RtlUnwind
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsDebuggerPresent
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetProcessHeap
GetCurrentThreadId
HeapSize
GetStdHandle
GetFileType
GetModuleFileNameW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
HeapReAlloc
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle

advapi32

RegQueryValueExW
AccessCheckByTypeResultListAndAuditAlarmW
ConvertToAutoInheritPrivateObjectSecurity
RegConnectRegistryA
GetUserNameA
QueryServiceConfigA
ObjectDeleteAuditAlarmA
RegLoadKeyA
RegSaveKeyA
RegOpenKeyExA
GetNumberOfEventLogRecords
EqualSid
RegisterServiceCtrlHandlerA
EnumServicesStatusA
ObjectPrivilegeAuditAlarmA
SetThreadToken
OpenThreadToken
LookupPrivilegeNameW
GetSidIdentifierAuthority
InitiateSystemShutdownA
CreateServiceW

winhttp

WinHttpTimeToSystemTime
WinHttpCloseHandle
WinHttpConnect
WinHttpSetTimeouts
WinHttpCheckPlatform

Sections

.text
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10.4MB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ec77dadc6af6731ae85d8cdab650620

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

winhttp

Sections

.text Size: 285KB - Virtual size: 284KB

.data Size: 8KB - Virtual size: 40KB

.idata Size: 5KB - Virtual size: 8KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 10.4MB - Virtual size: 9KB

.text
Size: 285KB - Virtual size: 284KB

.data
Size: 8KB - Virtual size: 40KB

.idata
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 10.4MB - Virtual size: 9KB