e693241b3b29ea1b5af3618898f640e7aff6a4571de2ecaf9396a849b56a2599

Sharing

Copy URL Twitter E-mail

General

Target

e693241b3b29ea1b5af3618898f640e7aff6a4571de2ecaf9396a849b56a2599
Size

105KB
MD5

47b56ae8855de13239f12683fc882b73
SHA1

768c54a38da791eea93f1edfb5214fb66c529f2f
SHA256

e693241b3b29ea1b5af3618898f640e7aff6a4571de2ecaf9396a849b56a2599
SHA512

41e7ad43372f38337e802f771116b4da9928849a35b9a9b8d2e74774ffc11dd2194a4ba71c2e0df9559c5c2dd72b085704c3789ee01079c49f816a5e2bdb381d
SSDEEP

1536:PySAt+LMUtjhGIX5WQjhMNzFL18TePLro9nNNSkSA/mcenhyvX:PfIuX5r6FL180wl8A/mThyvX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e693241b3b29ea1b5af3618898f640e7aff6a4571de2ecaf9396a849b56a2599

Files

e693241b3b29ea1b5af3618898f640e7aff6a4571de2ecaf9396a849b56a2599
.exe windows:5 windows x86 arch:x86

ddbac893235c7bfbe754f4762d0c7cab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
MultiByteToWideChar
ReadFile
PeekNamedPipe
CreateProcessA
GetStartupInfoA
CreatePipe
CloseHandle
WaitForSingleObject
TerminateProcess
ExpandEnvironmentStringsA
Sleep
GetSystemTime
ExitProcess
GetLastError
CreateMutexA
DeleteFileA
SetFilePointer
GetFileSize
CreateFileA
CreateThread
GetDiskFreeSpaceA
SetErrorMode
GetDriveTypeA
GetLogicalDrives
FileTimeToSystemTime
WideCharToMultiByte
FindClose
FindNextFileA
FindFirstFileA
GetLocalTime
GetSystemDefaultLangID
GetVersionExA
IsWow64Process
GetCurrentProcess
GlobalMemoryStatus
GetSystemInfo
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetStringTypeW
LCMapStringW
GetConsoleMode
GetConsoleCP
LoadLibraryW
FileTimeToLocalFileTime
WriteFile
RtlUnwind
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
IsProcessorFeaturePresent
HeapAlloc
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetProcAddress
HeapSize
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
CreateFileW

ws2_32

gethostname
WSAGetLastError
setsockopt
socket
htons
inet_addr
connect
gethostbyname
inet_ntoa
recv
send
closesocket
WSACleanup
WSAStartup

iphlpapi

GetAdaptersAddresses

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ddbac893235c7bfbe754f4762d0c7cab

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

iphlpapi

Sections

.text Size: 66KB - Virtual size: 65KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 66KB - Virtual size: 65KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 6KB - Virtual size: 5KB