ce07606e8563977f59981d18a900e619

Sharing

Copy URL Twitter E-mail

General

Target

ce07606e8563977f59981d18a900e619
Size

13.4MB
MD5

ce07606e8563977f59981d18a900e619
SHA1

de3af549cf38b27a2bde97f7e89009a7d2bc14d8
SHA256

23cf8d0072ac48e5ee1bd7e3aa2725327ddcee2dc8bd4f77e70ddb14a8da65da
SHA512

cf2d4241b9f4e377beee507b390a850aa1f98b1910e80b1e70795c42331798341dbe9db23a43975f411f53e0f3c6dafa020607d3231c0b5d8d1d506f6a76a54f
SSDEEP

393216:E00000000000000000000000000000000000000000000000000000000000000r:E000000000000000000000000000000r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce07606e8563977f59981d18a900e619

Files

ce07606e8563977f59981d18a900e619
.exe windows:5 windows x86 arch:x86

7dd77e7157301149249e93a10e393349

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToDosDateTime
EnumResourceNamesW
DosDateTimeToFileTime
SetFilePointer
CopyFileExW
_llseek
SetUnhandledExceptionFilter
ReadConsoleA
InterlockedDecrement
SetConsoleActiveScreenBuffer
SetEnvironmentVariableW
GetNamedPipeHandleStateA
WaitForSingleObject
SetTapeParameters
GetProcessPriorityBoost
LocalFlags
FindNextVolumeMountPointA
GetSystemTimeAsFileTime
GetPriorityClass
GlobalAlloc
SetSystemTimeAdjustment
LeaveCriticalSection
WritePrivateProfileStructW
TerminateProcess
ReadFile
GetBinaryTypeW
lstrlenW
GetNamedPipeHandleStateW
SetCurrentDirectoryA
GetStdHandle
IsDBCSLeadByteEx
GetCurrentDirectoryW
SetLastError
GetProcAddress
GetTapeStatus
CopyFileA
GetConsoleDisplayMode
SetComputerNameA
LoadLibraryA
OpenThread
BuildCommDCBAndTimeoutsW
AddAtomW
BeginUpdateResourceA
PostQueuedCompletionStatus
GetPrivateProfileStructA
SetNamedPipeHandleState
GetOEMCP
GetThreadPriority
CreateMutexA
FreeEnvironmentStringsW
PurgeComm
EnumDateFormatsW
_lopen
OpenSemaphoreW
GetVersionExA
AreFileApisANSI
lstrcpyA
WideCharToMultiByte
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
GetLastError
HeapFree
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
GetCPInfo
RtlUnwind
RaiseException
LCMapStringW
LCMapStringA
GetStringTypeW
SetHandleCount
GetFileType
GetStartupInfoA
HeapAlloc
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
ExitProcess
WriteFile
GetModuleFileNameA
GetModuleFileNameW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetStringTypeA
HeapSize
GetACP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CloseHandle
CreateFileA

winhttp

WinHttpConnect

Exports

Exports

_asdga@4
_enough@4
_hellgate@4
_ssangyong@8
_wedding@4
_welcome@4
_yongfeng@4

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jef
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gecidel
Size: 1024B - Virtual size: 741B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nidi
Size: 512B - Virtual size: 74B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13.2MB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7dd77e7157301149249e93a10e393349

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winhttp

Exports

Exports

Sections

.text Size: 143KB - Virtual size: 142KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 7KB - Virtual size: 4.0MB

.jef Size: 1024B - Virtual size: 4KB

.gecidel Size: 1024B - Virtual size: 741B

.nidi Size: 512B - Virtual size: 74B

.rsrc Size: 13.2MB - Virtual size: 6KB

.text
Size: 143KB - Virtual size: 142KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 7KB - Virtual size: 4.0MB

.jef
Size: 1024B - Virtual size: 4KB

.gecidel
Size: 1024B - Virtual size: 741B

.nidi
Size: 512B - Virtual size: 74B

.rsrc
Size: 13.2MB - Virtual size: 6KB