5f344c80096e18a98b6acd77482886f402cfbccb90d922d03aac07d1ae6261af

Sharing

Copy URL

Twitter E-mail

General

Target

5f344c80096e18a98b6acd77482886f402cfbccb90d922d03aac07d1ae6261af
Size

391KB
MD5

19d257c7f63ff3dbf8b5ae26f2c1b45a
SHA1

dc84514dd1471efa7db9e34c43c6a60827dadad0
SHA256

5f344c80096e18a98b6acd77482886f402cfbccb90d922d03aac07d1ae6261af
SHA512

7cd1aa6e9c404965050e4f11bb6ec0c135332a339e734dc8a3aada0385effcda1fbea0317e02aad92a9c9d18af802538376169963fe695c11a114d17792801fb
SSDEEP

6144:u59jzB1LkOHcUR1p8oOdaQ/Lgy/pmbo3uCJL0q6ZTutv7XZfDj:gxB+icUjmoOdXt/pmbStWZT8FDj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
5f344c80096e18a98b6acd77482886f402cfbccb90d922d03aac07d1ae6261af

Files

5f344c80096e18a98b6acd77482886f402cfbccb90d922d03aac07d1ae6261af
.exe windows:5 windows x86 arch:x86

98b9329a7eb6e97cc831608075bf14f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\milobavop\beremewec.pdb

Imports

kernel32

LocalSize
WriteConsoleInputA
EnumDateFormatsA
CopyFileExW
DnsHostnameToComputerNameA
VerifyVersionInfoA
FindNextFileW
VirtualUnlock
LockFile
GetProfileSectionW
RequestWakeupLatency
SetProcessPriorityBoost
GlobalGetAtomNameW
DeleteFileA
FindNextVolumeMountPointA
TlsSetValue
LoadResource
WriteConsoleInputW
GetConsoleTitleA
GetComputerNameExW
OpenEventA
CallNamedPipeW
GetModuleHandleA
GetSystemDirectoryA
GetDriveTypeA
BuildCommDCBAndTimeoutsW
GetProcAddress
GetShortPathNameA
ReleaseActCtx
GetCommandLineW
InterlockedIncrement
GetConsoleTitleW
CopyFileW
CreateActCtxW
FormatMessageA
EnterCriticalSection
FindNextVolumeA
GetThreadSelectorEntry
LoadLibraryA
CreateNamedPipeA
GetSystemDefaultLCID
GetConsoleAliasesLengthW
WriteProfileSectionA
AddAtomW
InterlockedDecrement
HeapFree
_hread
InterlockedExchangeAdd
GetStartupInfoA
CreateMailslotA
GetCPInfoExA
GetSystemWow64DirectoryW
GetLastError
GetPrivateProfileIntA
GetConsoleAliasExesLengthW
WaitForDebugEvent
EndUpdateResourceA
SetLastError
ExitThread
GetACP
lstrcatW
GetConsoleAliasA
GetDiskFreeSpaceExA
DefineDosDeviceW
CreateIoCompletionPort
EnumResourceLanguagesW
GetCPInfoExW
SetConsoleTextAttribute
SetInformationJobObject
WriteConsoleW
SetCriticalSectionSpinCount
GetComputerNameW
EnumSystemLocalesA
WritePrivateProfileSectionA
WritePrivateProfileStructA
GetPrivateProfileSectionNamesW
FileTimeToSystemTime
GlobalMemoryStatus
SetTapeParameters
lstrcmpW
SetEvent
FreeLibrary
FindResourceW
SetCommState
FormatMessageW
InterlockedCompareExchange
CreateFiber
GetConsoleFontSize
MoveFileA
LocalAlloc
SetFileShortNameW
lstrcpyA
HeapQueryInformation
SetCalendarInfoW
SetComputerNameW
GetConsoleAliasesA
EnumDateFormatsExA
GetConsoleOutputCP
GetStdHandle
GetLocalTime
GetStringTypeA
FindActCtxSectionStringA
FreeEnvironmentStringsA
GetModuleHandleExW
LoadLibraryW
GetBinaryTypeA
GetFileAttributesA
GetSystemWindowsDirectoryA
LocalFlags
GetSystemTimeAdjustment
SetProcessShutdownParameters
lstrcpynA
GlobalWire
FillConsoleOutputCharacterA
GetCompressedFileSizeA
GetFullPathNameA
ReadConsoleW
FreeUserPhysicalPages
WriteConsoleOutputCharacterA
OpenJobObjectA
CreateFileW
DeleteTimerQueueTimer
SetCurrentDirectoryW
GetNamedPipeHandleStateA
TerminateProcess
GetNamedPipeHandleStateW
CreateFileA
WideCharToMultiByte
RaiseException
GetCommandLineA
HeapValidate
IsBadReadPtr
DeleteCriticalSection
LeaveCriticalSection
GetModuleFileNameW
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetOEMCP
GetCPInfo
IsValidCodePage
TlsGetValue
GetModuleHandleW
TlsAlloc
GetCurrentThreadId
TlsFree
SetFilePointer
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
ExitProcess
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
WriteFile
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
RtlUnwind
InitializeCriticalSectionAndSpinCount
DebugBreak
OutputDebugStringA
OutputDebugStringW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeW
GetLocaleInfoA
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
WriteConsoleA
CloseHandle

user32

LoadMenuW
CharUpperW
GetMenuInfo

gdi32

SelectObject

msimg32

AlphaBlend

Sections

.text
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 142KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hux
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.puzogu
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bowo
Size: 512B - Virtual size: 150B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98b9329a7eb6e97cc831608075bf14f7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

Sections

.text Size: 198KB - Virtual size: 197KB

.data Size: 142KB - Virtual size: 172KB

.hux Size: 1024B - Virtual size: 1024B

.puzogu Size: 1024B - Virtual size: 1024B

.bowo Size: 512B - Virtual size: 150B

.rsrc Size: 47KB - Virtual size: 47KB

.text
Size: 198KB - Virtual size: 197KB

.data
Size: 142KB - Virtual size: 172KB

.hux
Size: 1024B - Virtual size: 1024B

.puzogu
Size: 1024B - Virtual size: 1024B

.bowo
Size: 512B - Virtual size: 150B

.rsrc
Size: 47KB - Virtual size: 47KB