be1ec9ac35d8dfa8cdff3d2c04a793ae

General

Target

be1ec9ac35d8dfa8cdff3d2c04a793ae
Size

14KB
MD5

be1ec9ac35d8dfa8cdff3d2c04a793ae
SHA1

efb91e5ff65a0ec95e3e85864327e038a0984104
SHA256

e0d7a5968821bc233c2d8dab13d0d79494aa7d59293025f32dc6313c4cc848ce
SHA512

04642b2dbcfd8dbdbe9c478714565bb4bc08b0f2ce5b2d9e224e32f735a246571b8041032d0ddd0df0203f7436ff87cdcf3dc01f58a94b39d9d7e1aeea1bb43b
SSDEEP

384:n4IKYOmz6mYe9tM5+INzFNgNekMDJn1s4Sf3:n4Il9m8IN/gUJnRSf3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be1ec9ac35d8dfa8cdff3d2c04a793ae

Files

be1ec9ac35d8dfa8cdff3d2c04a793ae
.exe windows:4 windows x86 arch:x86

10d6baa4c6a76d5f4c8570c9866a28af

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord356
ord2770
ord825
ord2781
ord4058
ord3178
ord2915
ord800
ord1980
ord668
ord823

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
wcscmp
swscanf
system
_wsystem
wcscat
printf
_wtoi
time
localtime
strftime
__CxxFrameHandler
sprintf

kernel32

OpenProcess
FreeLibrary
CreateThread
GetCurrentProcessId
GetModuleHandleA
TerminateJobObject
AssignProcessToJobObject
CreateJobObjectA
RemoveDirectoryA
DeleteFileA
GetCurrentProcess
lstrcmpiW
UnmapViewOfFile
GetVersionExA
MapViewOfFile
LocalFree
GetWindowsDirectoryA
CreateDirectoryA
GetEnvironmentVariableA
Sleep
SetConsoleTitleA
SetConsoleTextAttribute
GetWindowsDirectoryW
SetCurrentDirectoryW
GetStdHandle
WinExec
CreateProcessW
GetCurrentDirectoryW
ReadConsoleW
SetCurrentDirectoryA
GlobalMemoryStatus
CloseHandle
GetProcAddress
LoadLibraryA
GetCurrentThreadId
SetFileAttributesA

user32

ExitWindowsEx
MessageBoxA

advapi32

AdjustTokenPrivileges
OpenProcessToken
InitiateSystemShutdownExA
SetSecurityInfo
SetEntriesInAclA
GetSecurityInfo
LookupPrivilegeValueA

psapi

EnumProcessModules
GetModuleBaseNameA
GetProcessImageFileNameA
GetModuleBaseNameW
EnumProcesses

Sections

.wye
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

10d6baa4c6a76d5f4c8570c9866a28af

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

psapi

Sections

.wye Size: 13KB - Virtual size: 13KB

.wye
Size: 13KB - Virtual size: 13KB