437037db7a33fb435588e924ad6cab7dc39d7d5da16def6bd06293e7d1b1bb62

Sharing

Copy URL

Twitter E-mail

General

Target

437037db7a33fb435588e924ad6cab7dc39d7d5da16def6bd06293e7d1b1bb62
Size

167KB
MD5

c5b85705b78773deeaac72dbbe413b3b
SHA1

0071f6bebe2e919c95e7d0373e6f387a3d8e4c6b
SHA256

437037db7a33fb435588e924ad6cab7dc39d7d5da16def6bd06293e7d1b1bb62
SHA512

128d1ae10661b239d83459d86c60a3d7d63766bfa111076995d1ce6645ff612e620c228d97b1a6c80a2ffdacdc99774bc46c8823437947f3859bbe45c72eda38
SSDEEP

3072:YRATOaGXDAnufgDJmuoK2StUpNKOYE7YKfDwPvWAVlKfs+GEpVlAMVa:YaTOnfgDJmuttqBYf6DevTVSs+hGJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/b09798c07fc468fb557b044326305a10d5b4a7b19c0d6adb88f794990c3634b9.exe

Files

437037db7a33fb435588e924ad6cab7dc39d7d5da16def6bd06293e7d1b1bb62
.zip

Password: infected
b09798c07fc468fb557b044326305a10d5b4a7b19c0d6adb88f794990c3634b9.exe
.exe windows:5 windows x86 arch:x86

f7df7285cdb520de588415d277cad136

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\luh-zuviz\vuwihilifuk-bosepihiza_la.pdb

Imports

kernel32

GetConsoleAliasesLengthW
FindResourceW
InterlockedIncrement
QueryDosDeviceA
InterlockedCompareExchange
SetComputerNameW
FindCloseChangeNotification
GetTickCount
GetConsoleAliasesLengthA
GlobalFindAtomA
SetConsoleMode
WriteConsoleW
SetComputerNameExW
GetStartupInfoA
GetLastError
SetLastError
ReadConsoleOutputCharacterA
GetProcAddress
VirtualAlloc
LoadLibraryA
InterlockedExchangeAdd
LocalAlloc
CreateHardLinkW
AddAtomW
lstrcmpiW
GetModuleHandleA
PurgeComm
CompareStringA
DeleteFileW
GetCurrentProcessId
DebugBreak
ResetWriteWatch
ResumeThread
GetConsoleOutputCP
MultiByteToWideChar
GetModuleHandleW
Sleep
ExitProcess
GetStartupInfoW
GetCPInfo
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
HeapFree
WriteFile
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
RaiseException
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CloseHandle
CreateFileA
HeapAlloc
HeapReAlloc
HeapSize
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
SetFilePointer
SetEndOfFile
GetProcessHeap
ReadFile
WriteConsoleA

user32

SetMessageExtraInfo

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

f7df7285cdb520de588415d277cad136

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 130KB - Virtual size: 130KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 9KB - Virtual size: 4.1MB

.rsrc Size: 128KB - Virtual size: 128KB

.text
Size: 130KB - Virtual size: 130KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 9KB - Virtual size: 4.1MB

.rsrc
Size: 128KB - Virtual size: 128KB