d593ca61e67e378bad5f67413ab85b76

Sharing

Copy URL Twitter E-mail

General

Target

d593ca61e67e378bad5f67413ab85b76
Size

129KB
MD5

d593ca61e67e378bad5f67413ab85b76
SHA1

597498067dc1d794dee62d0d773d90a1017e66b4
SHA256

dfb5cacde183b7dda3f7a965b0ba054440ffb0c02de96719bb7148a158e4093d
SHA512

d50f5813caeba6066c8d0c2596243168402166c9b2acdc9f8ba818d08c4036b6f3779b521a23b2a841fedf77047ba0669633e53e1e9213700ec3e17c28c6ed40
SSDEEP

1536:UB4N9l40VzhVQdq3YciY4QqV75IsZasqjmrOe+bbR4Yg43:AH0V/WOYcjdq5dZRrOD4Yl3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d593ca61e67e378bad5f67413ab85b76

Files

d593ca61e67e378bad5f67413ab85b76
.exe windows:4 windows x64 arch:x64

f3fca92e6d4f0951ebf9908cba65969c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

libwim-15

wimlib_add_image_multisource
wimlib_create_new_wim
wimlib_delete_image
wimlib_export_image
wimlib_extract_image
wimlib_extract_image_from_pipe_with_progress
wimlib_extract_pathlist
wimlib_extract_paths
wimlib_extract_xml_data
wimlib_free
wimlib_get_compression_type_string
wimlib_get_error_string
wimlib_get_image_property
wimlib_get_wim_info
wimlib_global_cleanup
wimlib_global_init
wimlib_image_name_in_use
wimlib_iterate_dir_tree
wimlib_iterate_lookup_table
wimlib_join_with_progress
wimlib_open_wim_with_progress
wimlib_overwrite
wimlib_print_available_images
wimlib_print_header
wimlib_reference_resource_files
wimlib_reference_resources
wimlib_reference_template_image
wimlib_register_progress_function
wimlib_resolve_image
wimlib_set_default_compression_level
wimlib_set_image_property
wimlib_set_output_chunk_size
wimlib_set_output_compression_type
wimlib_set_output_pack_chunk_size
wimlib_set_output_pack_compression_type
wimlib_set_print_errors
wimlib_set_wim_info
wimlib_split
wimlib_update_image
wimlib_verify_wim
wimlib_write
wimlib_write_to_fd

advapi32

ConvertSecurityDescriptorToStringSecurityDescriptorW

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleW
GetProcAddress
GetStartupInfoW
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__C_specific_handler
___lc_codepage_func
__dllonexit
__iob_func
__lconv_init
__mb_cur_max
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_amsg_exit
_cexit
_errno
_fmode
_fpreset
_gmtime64
_initterm
_lock
_onexit
_putws
_setmode
fwprintf
_unlock
_wcmdln
_wcserror
_wcsicmp
_wfopen
_wgetenv
_wstat64
abort
atexit
calloc
exit
fclose
feof
ferror
fflush
fprintf
fputc
fputwc
fputws
fread
free
fwrite
getenv
iswctype
localeconv
malloc
memcpy
memmove
realloc
signal
strerror
strlen
strncmp
vfprintf
wcscat
wcschr
wcscmp
wcscpy
wcsftime
wcslen
wcsncmp
wcsrchr
wcstoul
_wcsdup
_isatty

Sections

.text
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f3fca92e6d4f0951ebf9908cba65969c

Headers

File Characteristics

Imports

libwim-15

advapi32

kernel32

msvcrt

Sections

.text Size: 79KB - Virtual size: 78KB

.data Size: 512B - Virtual size: 384B

.rdata Size: 37KB - Virtual size: 37KB

.pdata Size: 2KB - Virtual size: 2KB

.xdata Size: 2KB - Virtual size: 2KB

.bss Size: - Virtual size: 5KB

.idata Size: 5KB - Virtual size: 5KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 104B

.text
Size: 79KB - Virtual size: 78KB

.data
Size: 512B - Virtual size: 384B

.rdata
Size: 37KB - Virtual size: 37KB

.pdata
Size: 2KB - Virtual size: 2KB

.xdata
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 5KB

.idata
Size: 5KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 104B