2024-03-28_a842604892ed7b5eb5fece068cf7de07_ekans

Sharing

Copy URL Twitter E-mail

General

Target

2024-03-28_a842604892ed7b5eb5fece068cf7de07_ekans
Size

8.5MB
MD5

a842604892ed7b5eb5fece068cf7de07
SHA1

6c9f986ad066a056929a4312d3c6cfd886d293eb
SHA256

55a02d27baca165ac7bdd9ba2a07ff07bf6e00439f00a03df389939e25cc26e6
SHA512

7d29054ae27c4ae8792ca70222c04ef21099303c48189d1c8d40a42efbc04dfc00d33d3aa92fd97c7264f60df64fc35097495936532d78d438010a1a17f6c85d
SSDEEP

98304:btPWNLixLjHNt514TV3EFb6F43bq5ZoE:FWNLixLjVGTV3EFb615Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-03-28_a842604892ed7b5eb5fece068cf7de07_ekans

Files

2024-03-28_a842604892ed7b5eb5fece068cf7de07_ekans
.exe windows:4 windows x86 arch:x86

7b0aea11265f18f3d6126046e1a0dcd1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ws2_32

WSAGetOverlappedResult

advapi32

CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

ntdll

NtWaitForSingleObject

kernel32

VirtualAlloc
VirtualFree
CreateIoCompletionPort
GetQueuedCompletionStatus
AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateThread
CreateWaitableTimerA
DuplicateHandle
ExitProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetProcAddress
GetStdHandle
GetSystemInfo
GetThreadContext
LoadLibraryW
LoadLibraryA
ResumeThread
SetConsoleCtrlHandler
SetEvent
SetProcessPriorityBoost
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
SuspendThread
WaitForSingleObject
WriteFile

winmm

timeBeginPeriod

Sections

.text
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 105KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 253B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 408KB - Virtual size: 407KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/71
Size: 310KB - Virtual size: 310KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/87
Size: 512B - Virtual size: 28B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 559KB - Virtual size: 558KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b0aea11265f18f3d6126046e1a0dcd1

Headers

File Characteristics

Imports

ws2_32

advapi32

ntdll

kernel32

winmm

Sections

.text Size: 5.4MB - Virtual size: 5.4MB

.data Size: 105KB - Virtual size: 200KB

/4 Size: 512B - Virtual size: 253B

/18 Size: 238KB - Virtual size: 238KB

/30 Size: 229KB - Virtual size: 228KB

/43 Size: 1.3MB - Virtual size: 1.3MB

/55 Size: 408KB - Virtual size: 407KB

/71 Size: 310KB - Virtual size: 310KB

/87 Size: 512B - Virtual size: 28B

.idata Size: 1KB - Virtual size: 1KB

.symtab Size: 559KB - Virtual size: 558KB

.text
Size: 5.4MB - Virtual size: 5.4MB

.data
Size: 105KB - Virtual size: 200KB

/4
Size: 512B - Virtual size: 253B

/18
Size: 238KB - Virtual size: 238KB

/30
Size: 229KB - Virtual size: 228KB

/43
Size: 1.3MB - Virtual size: 1.3MB

/55
Size: 408KB - Virtual size: 407KB

/71
Size: 310KB - Virtual size: 310KB

/87
Size: 512B - Virtual size: 28B

.idata
Size: 1KB - Virtual size: 1KB

.symtab
Size: 559KB - Virtual size: 558KB