df0246edf869fb0249ff3c0bf24dfa4469de6ef42da77ae89fcb98d3a7022c7f

Sharing

Copy URL Twitter E-mail

General

Target

df0246edf869fb0249ff3c0bf24dfa4469de6ef42da77ae89fcb98d3a7022c7f
Size

191KB
MD5

cc9f35167c4408b80d9ec3535475e6b1
SHA1

79449ddcc0de3e317ae549e4c2c3ea1536f6c4dd
SHA256

df0246edf869fb0249ff3c0bf24dfa4469de6ef42da77ae89fcb98d3a7022c7f
SHA512

3907546353dc0cf3c1b0f53017512d5649bf3c3294765b59c8292e75810e58dee9f0aeaaac9ce4487fb0a28e7d04c3ef135f470cde17eb12e445fa9eec1e924f
SSDEEP

1536:CaLh/+FEPmGfgn36bJuomQDhjn4VoX9PrY48lYOUZRtHtZp7XM2M:CaLhZjfomjTtTYsOUZRtHZ7XM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df0246edf869fb0249ff3c0bf24dfa4469de6ef42da77ae89fcb98d3a7022c7f

Files

df0246edf869fb0249ff3c0bf24dfa4469de6ef42da77ae89fcb98d3a7022c7f
.exe windows:5 windows x86 arch:x86

7d3591dec37934f268c1de02486eee69

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\zoyolumitome54_reyufa17\xocabowex.pdb

Imports

kernel32

GetCurrencyFormatW
GlobalAlloc
Sleep
GetExitCodeProcess
GetFileAttributesW
ReadFile
lstrlenW
IsBadStringPtrA
WritePrivateProfileStringW
SetCommTimeouts
LCMapStringA
FindFirstFileExA
GetLastError
RemoveDirectoryA
OpenWaitableTimerA
GetPrivateProfileSectionA
VirtualProtect
GetCurrentProcessId
FormatMessageA
GetModuleHandleW
CreateHardLinkA
HeapAlloc
GetDriveTypeW
GetLocaleInfoA
FindResourceA
GetNamedPipeHandleStateW
CreateFileA
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
RaiseException
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
GetModuleHandleA
HeapSize
WideCharToMultiByte
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringW

advapi32

LookupAccountNameA

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d3591dec37934f268c1de02486eee69

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Sections

.text Size: 78KB - Virtual size: 78KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 74KB - Virtual size: 4.5MB

.rsrc Size: 28KB - Virtual size: 28KB

.text
Size: 78KB - Virtual size: 78KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 74KB - Virtual size: 4.5MB

.rsrc
Size: 28KB - Virtual size: 28KB