de1b66785d63ae89163a7559f051d9a5

Sharing

Copy URL

Twitter E-mail

General

Target

de1b66785d63ae89163a7559f051d9a5
Size

318KB
MD5

de1b66785d63ae89163a7559f051d9a5
SHA1

9618a45e2da30f7a3e741d135645aebf6634601c
SHA256

484cbd14adece9e67248ceab63fc2bc3cd0461209ac55260e9a812cc018e54df
SHA512

95075dc4f3adca32b844798f941d3fe2934ba926f23567ba04359f1aea06aabc2f028ab92c34bc71841000951fa671351d7e1d7336afc935f176c300624062d6
SSDEEP

6144:VpbEdkRDd7/eCo0rqz8AGEM2RclIZT7H0T5yke:VpbEy91/rydG14PH0ty

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de1b66785d63ae89163a7559f051d9a5

Files

de1b66785d63ae89163a7559f051d9a5
.exe windows:4 windows x86 arch:x86

390c29510cea3e3a47735d1f505f2af5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\deuneoewj\cgbts\duodtaxbzx\yinzteeps\heo.PDB

Imports

kernel32

EnumResourceLanguagesW
GetSystemInfo
GetCurrentThreadId
GetTickCount
RtlUnwind
GetProfileIntA
UnhandledExceptionFilter
VirtualFree
GetCurrentProcess
LoadLibraryA
IsBadWritePtr
HeapAlloc
FreeEnvironmentStringsW
GetCurrentProcessId
lstrcmpA
VirtualProtect
EnterCriticalSection
GetCurrentThread
TlsAlloc
UnlockFile
IsValidLocale
GlobalCompact
EnumSystemLocalesA
GetCommandLineA
DebugBreak
FreeEnvironmentStringsA
CreateMutexA
HeapFree
SetFilePointer
TerminateProcess
GetProcAddress
InterlockedExchange
SetEnvironmentVariableA
CloseHandle
SetConsoleCP
VirtualQuery
CompareStringW
IsValidCodePage
GetStringTypeW
HeapCreate
SetStdHandle
HeapDestroy
GetOEMCP
GetStdHandle
GetStringTypeA
SetHandleCount
TlsSetValue
InitializeCriticalSection
LCMapStringA
GetModuleHandleA
GetEnvironmentStrings
SetEvent
CommConfigDialogA
GetACP
HeapSize
GetTimeZoneInformation
DeleteCriticalSection
GetSystemTimeAdjustment
SetLastError
WideCharToMultiByte
OpenMutexA
GetTimeFormatA
lstrcpyW
GetFileType
HeapReAlloc
GetUserDefaultLCID
GetThreadTimes
GetLocaleInfoA
GetVersionExA
TlsFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
LCMapStringW
GetModuleFileNameA
GetLastError
TlsGetValue
CompareStringA
GetLocaleInfoW
GetEnvironmentStringsW
GetCPInfo
ExitProcess
GetStringTypeExA
GetVersionExW
GetDateFormatA
VirtualAlloc
GlobalGetAtomNameW
ReadFile
LeaveCriticalSection
SetConsoleTextAttribute
SetConsoleCursorPosition
MultiByteToWideChar
GetStartupInfoA
FlushFileBuffers
WriteFile

comdlg32

PrintDlgA
ChooseFontW
GetSaveFileNameW

advapi32

RegOpenKeyW
LookupPrivilegeDisplayNameW
DuplicateTokenEx
CryptSetProvParam
RegRestoreKeyA
CryptEnumProviderTypesW
CryptSignHashA
CryptDestroyHash
RegOpenKeyA
RegSetValueExA
CryptSetKeyParam

gdi32

FillPath
SetPixelV
CreateICA
GetRgnBox
SetWinMetaFileBits

user32

IsCharAlphaW
LoadKeyboardLayoutA
RegisterClassExA
GetFocus
CharToOemBuffA
OemToCharBuffA
CharUpperW
wsprintfA
EnumPropsW
IsCharUpperA
GetShellWindow
GetWindowContextHelpId
GetIconInfo
EnumDisplaySettingsW
GetParent
IsCharAlphaA
GetCursorInfo
EndMenu
RegisterClassA
DdeUninitialize
WaitForInputIdle
GetDCEx
SubtractRect

comctl32

CreateStatusWindow
ImageList_AddIcon
CreateStatusWindowW
ImageList_DrawEx
ImageList_Write
ImageList_SetImageCount
ImageList_AddMasked
DrawStatusTextA
InitCommonControlsEx
ImageList_DragEnter
CreatePropertySheetPageA
ImageList_Read
CreateUpDownControl
CreateToolbarEx
ImageList_SetIconSize
ImageList_GetIcon
ImageList_GetDragImage
CreatePropertySheetPage
ImageList_GetFlags
DrawStatusText

shell32

SHUpdateRecycleBinIcon
SHGetSpecialFolderPathA
RealShellExecuteExA
SheChangeDirA
ShellHookProc

Sections

.text
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

390c29510cea3e3a47735d1f505f2af5

Headers

File Characteristics

PDB Paths

Imports

kernel32

comdlg32

advapi32

gdi32

user32

comctl32

shell32

Sections

.text Size: 175KB - Virtual size: 175KB

.rdata Size: 26KB - Virtual size: 30KB

.data Size: 85KB - Virtual size: 85KB

.rsrc Size: 30KB - Virtual size: 30KB

.text
Size: 175KB - Virtual size: 175KB

.rdata
Size: 26KB - Virtual size: 30KB

.data
Size: 85KB - Virtual size: 85KB

.rsrc
Size: 30KB - Virtual size: 30KB