e0765bff77ddd5bcdbae6efb3dd4ed59

Sharing

Copy URL Twitter E-mail

General

Target

e0765bff77ddd5bcdbae6efb3dd4ed59
Size

275KB
MD5

e0765bff77ddd5bcdbae6efb3dd4ed59
SHA1

9b98e7e3a631caf48a4e830bcad112c4f53fce0e
SHA256

6b46a7ddc0ff1bdf49ab0ee03dcb760696370c7ed64a0fce7295260c1c9c4b10
SHA512

ba6a101348bc533a785ad9c707cae317be71390cd0c92b56223019ecb62f113333b546b44e313c566395e3df2d95ed2ddd51341d393010fef033d144070cc4be
SSDEEP

6144:Q2J9n/ekxcnYvkGc9plVQYsvkk2EOqpJjSsTS:Q2JUcX8LvVQY8kk2EO+d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0765bff77ddd5bcdbae6efb3dd4ed59

Files

e0765bff77ddd5bcdbae6efb3dd4ed59
.exe windows:4 windows x86 arch:x86

2c59df6083165220959cf80ab831c667

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA
CharPrevExA
CharUpperBuffW
CharNextExA

advapi32

AddAccessDeniedAce
SetThreadToken
AddAccessAllowedAce
DeregisterEventSource
ReportEventW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegisterTraceGuidsA
RegCreateKeyExW
FreeSid
RegQueryValueExW
InitializeSecurityDescriptor
GetLengthSid
OpenSCManagerW
OpenServiceW
SetSecurityDescriptorDacl
RegisterServiceCtrlHandlerExW
GetTraceEnableFlags
DuplicateToken
LookupAccountSidA
GetTraceEnableLevel
InitializeAcl
RegSetValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorA
UnregisterTraceGuids
GetTokenInformation
DuplicateTokenEx
RegisterEventSourceW
StartServiceCtrlDispatcherW
GetTraceLoggerHandle
TraceMessage
RegOpenKeyExW
RegCloseKey
CloseServiceHandle
AllocateAndInitializeSid
SetServiceStatus

rpcrt4

RpcServerUseProtseqEpA
NdrServerCall2
RpcMgmtStopServerListening
RpcServerListen
RpcServerUnregisterIf
RpcServerRegisterAuthInfoA
RpcServerRegisterIf

kernel32

CreateMutexW
UnregisterWaitEx
VirtualAlloc
HeapFree
GetVolumeInformationW
QueryPerformanceFrequency
LCMapStringA
CreateSemaphoreW
HeapDestroy
RaiseException
GetConsoleOutputCP
GlobalFree
ReleaseSemaphore
SetHandleCount
FreeEnvironmentStringsA
CreateEventW
ResetEvent
SystemTimeToFileTime
HeapAlloc
QueueUserWorkItem
GetVolumePathNamesForVolumeNameW
DeleteTimerQueueTimer
CreateFileMappingA
GetProcessHeap
UnlockFile
GetCurrentThreadId
CreateMutexA
RegisterWaitForSingleObject
CreateFileMappingW
UnhandledExceptionFilter
TlsFree
IsValidLocale
GetOEMCP
WideCharToMultiByte
MapViewOfFile
GetUserDefaultLCID
DeleteCriticalSection
GetTempFileNameW
CreateEventA
HeapReAlloc
OpenMutexA
IsValidCodePage
GetCommandLineA
GetPriorityClass
SetEndOfFile
CreateFileW
OpenProcess
CreateTimerQueueTimer
TlsAlloc
GetSystemTime
FreeEnvironmentStringsW
UnregisterWait
TlsGetValue
GetConsoleCP
EnumSystemLocalesA
CreateIoCompletionPort
MoveFileW
UnmapViewOfFile
DeleteTimerQueueEx
GetFileType
GetThreadPriority
GetShortPathNameA
ExpandEnvironmentStringsW
GetDriveTypeW
LoadLibraryExA
GetStdHandle
FlushFileBuffers
GetFileSizeEx
SetThreadPriority
GetSystemTimeAsFileTime
CreateProcessW
CreateFileA
FreeLibrary
GlobalMemoryStatusEx
DeleteFileW
LCMapStringW
GetComputerNameW
WriteConsoleA
GetConsoleMode
SetFilePointer
EnterCriticalSection
CloseHandle
ReleaseMutex
LeaveCriticalSection
IsDebuggerPresent
GetFileSize
HeapSize
VirtualFree
LocalFree
WaitForMultipleObjects
CompareStringW
CopyFileW
LockFileEx
GetModuleHandleA
CreateTimerQueue
GlobalAlloc
RtlUnwind
GetComputerNameA
SetFilePointerEx
CreateDirectoryW
WaitForSingleObject
GetACP
SetLastError
CreateThread
SetStdHandle
TlsSetValue
OpenEventA
GetLocalTime
WriteConsoleW
SetUnhandledExceptionFilter
GetQueuedCompletionStatus
GetSystemInfo
WriteFile
SetPriorityClass
PostQueuedCompletionStatus
SetErrorMode
ReadFile
CompareStringA
GetStartupInfoW
VirtualAllocEx

rtm

RtmCloseEnumerationHandle
RtmGetFirstRoute
RtmGetListEnumRoutes
RtmReleaseNextHopInfo
MgmGetMfe
RtmUpdateAndUnlockRoute
InsertIntoTable
RtmReleaseDests
RtmReadInstanceConfig
DumpTable
MgmReleaseInterfaceOwnership
MgmGetNextMfe
RtmReleaseRoutes

qedit

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 240KB - Virtual size: 558KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c59df6083165220959cf80ab831c667

Headers

File Characteristics

Imports

user32

advapi32

rpcrt4

kernel32

rtm

qedit

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 240KB - Virtual size: 558KB

.rsrc Size: 4KB - Virtual size: 16KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 240KB - Virtual size: 558KB

.rsrc
Size: 4KB - Virtual size: 16KB