e0003c1be09153d196d5748141568781

Sharing

Copy URL Twitter E-mail

General

Target

e0003c1be09153d196d5748141568781
Size

52KB
MD5

e0003c1be09153d196d5748141568781
SHA1

be9893efd0c69c99aa3e4feb632b9772d559c830
SHA256

47bc9c5e11e3667f983067dc69425a814a8fe00d365072e979006c5ad6438378
SHA512

557c358e98831af572dac6361005eda8a219d880028d5caf6de50dbe77d68bc1790ac4b86edc61d1373ae73106e84e7e28237384a8a6efd94bface026a2b80ac
SSDEEP

1536:7WnQeru1fQAsgXT3uFhgzm8D+fUQHLe9GEZaWX2fnYJHD3cJ6:7WrrIIAjT+3aND+prEMWXOkD3cJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0003c1be09153d196d5748141568781

Files

e0003c1be09153d196d5748141568781
.exe windows:5 windows x86 arch:x86

ee801e15bac7637037507369de5c9c6e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rasman

RasGetEapUserInfo
RasGetFramingCapabilities
RasBundleClearStatistics
RasPortDisconnect
RasGetProtocolInfo
RasSendCreds
RasGetTimeSinceLastActivity
RasSetConnectionUserData
RasBundleClearStatisticsEx
RasDestroyConnection
RasGetConnectionUserData
RasActivateRoute
RasRpcRemoteGetSystemDirectory
RasRpcDisconnectServer
RasSetDeviceConfigInfo
RasRpcDisconnect
RasGetNdiswanDriverCaps
RasPortGetBundledPort
RasPortBundle

winmm

timeGetDevCaps
mciGetErrorStringA
auxGetVolume
aux32Message
waveOutPause
waveOutUnprepareHeader
waveOutBreakLoop
CloseDriver
mciGetYieldProc
sndPlaySoundW
joyGetPosEx
waveOutGetErrorTextA
mciGetDeviceIDA
midiInGetID
midiStreamOut
midiOutCacheDrumPatches
waveOutGetNumDevs
mmsystemGetVersion

kernel32

GetTimeZoneInformation
GetCurrentDirectoryW
GetLastError
GetProcessTimes
BackupRead
GetConsoleTitleW
CreateMutexA
BindIoCompletionCallback
GetSystemInfo
GetExpandedNameA
LoadLibraryA
lstrcmpW
GetExitCodeThread
VirtualAlloc
LocalAlloc
MapUserPhysicalPagesScatter
GetSystemTimeAsFileTime
GlobalAddAtomA
OpenFile
SetConsoleDisplayMode
GetFileSizeEx
DuplicateHandle

msvcrt

_controlfp
_dup
_set_sbh_threshold
_wfdopen
_strtoi64
wcschr
_execlpe
wcscoll
_sys_nerr
getwchar
ctime
strncpy
wcstod
__p__tzname
_mbsninc
__doserrno
_outpw
_spawnl
__RTCastToVoid
_mbccpy
localtime
_mbsinc
_mbctokata
?before@type_info@@QBEHABV1@@Z
__threadhandle
__p__wenviron
_lseeki64
_CIasin
_aligned_free
_adj_fdiv_m64
_mbctoupper
_snwscanf
fread
wcslen
_fullpath
fputwc
fsetpos
_ltow
_ismbckata

pdh

PdhMakeCounterPathA
PdhListLogFileHeaderW
PdhTranslateLocaleCounterW
PdhExpandWildCardPathA
PdhLookupPerfIndexByNameW
PdhCollectQueryData
PdhBrowseCountersHA
PdhEnumObjectsA
PdhParseInstanceNameA
PdhEnumObjectItemsA
PdhGetDefaultPerfCounterW
PdhRemoveCounter
PdhGetDefaultPerfObjectA
PdhCollectQueryDataEx
PdhGetDataSourceTimeRangeH
PdhBrowseCountersW
PdhExpandWildCardPathHW
PdhRelogA
PdhEnumObjectItemsW

user32

EndDialog

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee801e15bac7637037507369de5c9c6e

Headers

DLL Characteristics

File Characteristics

Imports

rasman

winmm

kernel32

msvcrt

pdh

user32

Sections

.text Size: 43KB - Virtual size: 43KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 61KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 43KB - Virtual size: 43KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 61KB

.rsrc
Size: 1KB - Virtual size: 1KB