b2580cc725e45150d8bd087753752555d3f0cc48849e1075e874ab0d32066f16

Sharing

Copy URL

Twitter E-mail

General

Target

b2580cc725e45150d8bd087753752555d3f0cc48849e1075e874ab0d32066f16
Size

141KB
MD5

7995dd096b8ceb4fbf315650c5a2667f
SHA1

ffdeb23e2ba9208d9825881c76b2b2afb6545fa5
SHA256

b2580cc725e45150d8bd087753752555d3f0cc48849e1075e874ab0d32066f16
SHA512

4ac0cbd9cdcc8b8537dd3b932775c054869902c8529b214d16ffadbe0de6a5efb92cbc10d195da1183920ef7e9002a168e2079d4f341075539a014cebbfd27d3
SSDEEP

3072:Yv3Fm978anM8eUf2CieTrGpfP7pSIaC6VYR:rwAf2CRTrKP+eR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/a7c2b8d081407da5d72f12eeef21c11674ff616c89be40f73f114c292c09e6de.exe

Files

b2580cc725e45150d8bd087753752555d3f0cc48849e1075e874ab0d32066f16
.zip

Password: infected
a7c2b8d081407da5d72f12eeef21c11674ff616c89be40f73f114c292c09e6de.exe
.exe windows:5 windows x86 arch:x86

700b0dd8274fa766006677f2cd2b64ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\koliyayibuj\telu.pdb

Imports

kernel32

QueryDosDeviceA
AddConsoleAliasW
SetCommBreak
GetSystemDefaultLCID
GetTickCount
LoadLibraryW
FatalAppExitW
FreeConsole
SetComputerNameExW
CreateJobObjectA
GetLastError
SetLastError
GetProcAddress
VirtualAlloc
SetVolumeLabelW
ReadConsoleOutputAttribute
RemoveDirectoryA
LoadLibraryA
WriteConsoleA
LocalAlloc
FindNextChangeNotification
GlobalFindAtomW
GetModuleFileNameA
FindFirstVolumeMountPointA
GetModuleHandleA
GetFileAttributesExW
DeleteFileW
GetCurrentProcessId
MoveFileWithProgressW
DebugBreak
AreFileApisANSI
MoveFileW
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleW
Sleep
ExitProcess
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapFree
GetCPInfo
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
WriteFile
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapAlloc
HeapReAlloc
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
RtlUnwind

advapi32

GetAce

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 38.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

700b0dd8274fa766006677f2cd2b64ed

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Sections

.text Size: 126KB - Virtual size: 126KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 19KB - Virtual size: 38.9MB

.rsrc Size: 69KB - Virtual size: 69KB

.text
Size: 126KB - Virtual size: 126KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 19KB - Virtual size: 38.9MB

.rsrc
Size: 69KB - Virtual size: 69KB