e15cfa0ebee2434ea5754b8792e99fed

General

Target

e15cfa0ebee2434ea5754b8792e99fed
Size

457KB
MD5

e15cfa0ebee2434ea5754b8792e99fed
SHA1

5c266f0cc99ced529a6f45a75cf4028d3b129ef1
SHA256

44a3de7a127eb36b40a74a0060878511552e2c1cf1895fa1c3c94e2b97700e2f
SHA512

2274f30ea04d57a8c119ffa8cc6550bad318936b4ee3c079cd08f48d321b55460810115f77304705fdf38334a1f9f3e80197ade106b9b3fbe70bcb65ce774144
SSDEEP

12288:8ruv4bsMW39A6Mir4Zhp9TOZ7OoKkBfTqXheBZdo3Q:v4v6A7ZhIV2XheHO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e15cfa0ebee2434ea5754b8792e99fed

Files

e15cfa0ebee2434ea5754b8792e99fed
.exe windows:4 windows x86 arch:x86

f56dee3e97bf57b71b231fcbf95ccabd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
SetLastError
LeaveCriticalSection
DeviceIoControl
InterlockedIncrement
CreateEventA
GetOverlappedResult
PostQueuedCompletionStatus
SetEvent
GetQueuedCompletionStatus
InitializeCriticalSection
SleepEx
GetProcAddress
GlobalFree
WaitForSingleObject
EnterCriticalSection
GlobalAlloc
BindIoCompletionCallback
GetLastError
Sleep
ResetEvent
InterlockedDecrement
lstrcpyW

ntdll

NtCreateFile
strlen
qsort
wcsstr
RtlInitUnicodeString
NtAllocateVirtualMemory
RtlAllocateHeap
NtDeviceIoControlFile
NtClose
RtlQueueWorkItem
RtlNtStatusToDosError
wcsncpy
RtlFreeHeap

advapi32

SetServiceStatus
ControlService
StartServiceA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegisterServiceCtrlHandlerA
CloseServiceHandle

rpcrt4

RpcStringBindingComposeW
RpcBindingFree
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringFreeW
I_RpcExceptionFilter
NdrClientCall2
RpcEpResolveBinding

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 968KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f56dee3e97bf57b71b231fcbf95ccabd

Headers

File Characteristics

Imports

kernel32

ntdll

advapi32

rpcrt4

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 237KB - Virtual size: 236KB

.rsrc Size: 131KB - Virtual size: 130KB

.data Size: 58KB - Virtual size: 968KB

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 237KB - Virtual size: 236KB

.rsrc
Size: 131KB - Virtual size: 130KB

.data
Size: 58KB - Virtual size: 968KB