99da032df6087e2b3bfdda0d1d0fcc9f959b58eec7772e21203fc38348256108[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

99da032df6087e2b3bfdda0d1d0fcc9f959b58eec7772e21203fc38348256108.exe
Size

307KB
MD5

728da2d55621743a363dc82020a55ae1
SHA1

c3b89b67a6ee31d3ba54f609ae57ba6b437452e7
SHA256

99da032df6087e2b3bfdda0d1d0fcc9f959b58eec7772e21203fc38348256108
SHA512

6d4377b7b67d562f194e0dfb346d1dc6726eb488b064dfedf055d7dc5f3e94650e51b6e91d8792633b4f50e6d39960769cfd4414093ebb7049bc332b8ad58445
SSDEEP

3072:O7sT4N/iCg6+gcK+EXxsryQo+lcHkLZAlS8hPHLzIDAZJQPwp3/kQpnAG:Pz6JxOyQo8cHyKlRPA02SvkQZJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
99da032df6087e2b3bfdda0d1d0fcc9f959b58eec7772e21203fc38348256108.exe

Files

99da032df6087e2b3bfdda0d1d0fcc9f959b58eec7772e21203fc38348256108.exe
.exe windows:5 windows x86 arch:x86

778ccad6990ff49005ab127aaa21897f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
QueryDosDeviceA
CreateDirectoryW
GetFileAttributesExA
GetTickCount
FindNextVolumeMountPointA
ReadConsoleW
GetWindowsDirectoryA
EnumTimeFormatsA
GlobalAlloc
WideCharToMultiByte
GetVolumeInformationA
GlobalFindAtomA
TerminateThread
GetLocaleInfoW
GetSystemPowerStatus
GetConsoleAliasExesLengthW
GetVersionExW
GetConsoleAliasW
WriteConsoleW
GetLocaleInfoA
GetLastError
GetCurrentDirectoryW
GetProcAddress
LoadLibraryA
SetConsoleCtrlHandler
GetNumberFormatW
RemoveDirectoryW
GetModuleHandleA
VirtualProtect
PeekConsoleInputA
GetCurrentProcessId
ReadConsoleOutputCharacterW
CloseHandle
CreateFileW
SetStdHandle
OutputDebugStringW
LoadLibraryExW
CreateFileA
FindResourceA
GetModuleFileNameW
GetEnvironmentVariableW
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetStringTypeW
HeapFree
HeapAlloc
IsProcessorFeaturePresent
GetCommandLineA
RaiseException
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetProcessHeap
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
IsDebuggerPresent
GetCurrentThreadId
GetFileType
ReadFile
SetFilePointerEx
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetACP
IsValidCodePage
GetOEMCP
HeapReAlloc

user32

GetClassInfoW
CharLowerA
GetAltTabInfoA
SetUserObjectSecurity
DrawFrameControl
CharUpperBuffW

gdi32

CreateDCA

advapi32

ReadEventLogA

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 148KB - Virtual size: 41.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

778ccad6990ff49005ab127aaa21897f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 62KB - Virtual size: 62KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 148KB - Virtual size: 41.1MB

.rsrc Size: 61KB - Virtual size: 61KB

.text
Size: 62KB - Virtual size: 62KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 148KB - Virtual size: 41.1MB

.rsrc
Size: 61KB - Virtual size: 61KB