57c476d68c62ee3f2a731bbb69d9cc71a3f19295567ef42a5e30928a8bef886e

Sharing

Copy URL

Twitter E-mail

General

Target

57c476d68c62ee3f2a731bbb69d9cc71a3f19295567ef42a5e30928a8bef886e
Size

199KB
MD5

61213c04e2764518a8771fcbb492a302
SHA1

11704791fd38b146b9e8300022536309136a2894
SHA256

57c476d68c62ee3f2a731bbb69d9cc71a3f19295567ef42a5e30928a8bef886e
SHA512

ef8693a729b92aae4f1b46f2dce7511e4de826df090d38c9e352797c3a4d87bd153ac5bc8f9a369216b77585af635ab248223dbe8e00ceefa9a0de767ed10946
SSDEEP

6144:QzwPUlawfmJbKBulhfE6pMNqjyVdk9p794Qt:TPKetKAjEPhdGZ94Qt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bd3e7b833225e8cd094599a1980aca4f07aec1af7501020b1eb2fb94314c4eff.exe

Files

57c476d68c62ee3f2a731bbb69d9cc71a3f19295567ef42a5e30928a8bef886e
.zip

Password: infected
bd3e7b833225e8cd094599a1980aca4f07aec1af7501020b1eb2fb94314c4eff.exe
.exe windows:5 windows x86 arch:x86

22b013f0fa71f4c2291b734eaa2d7615

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\min\91-kigucujidof17\hoj\wubuliyijuli\dovoza-fepabuwa\vag.pdb

Imports

kernel32

DebugActiveProcess
SetThreadContext
FindVolumeClose
GetConsoleAliasA
GetCurrentProcess
WriteConsoleInputA
CreateHardLinkA
GetNumberFormatA
GetUserDefaultLangID
GlobalFindAtomA
LoadLibraryW
TerminateThread
GetLocaleInfoW
ReadConsoleInputA
ReadProcessMemory
GetConsoleAliasExesLengthW
WriteConsoleW
GetCompressedFileSizeA
GetACP
GetLastError
GetThreadLocale
RemoveDirectoryA
CopyFileA
VirtualAllocEx
GetNumaHighestNodeNumber
LoadLibraryA
WriteConsoleA
InterlockedExchangeAdd
LocalAlloc
SetCalendarInfoW
AddAtomW
VirtualLock
GetCommMask
GetModuleFileNameA
VirtualProtect
GetWindowsDirectoryW
DeleteTimerQueueTimer
FindNextVolumeA
SetFileAttributesW
GetVolumeInformationW
SetEndOfFile
CreateFileW
OutputDebugStringW
FlushFileBuffers
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
HeapFree
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
GetCurrentThreadId
IsDebuggerPresent
GetStdHandle
GetFileType
GetProcessHeap
ReadFile
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapSize
CloseHandle
WriteFile
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
ReadConsoleW
LoadLibraryExW
SetStdHandle

user32

GetMenuInfo

winhttp

WinHttpReadData

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 111KB - Virtual size: 41.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

22b013f0fa71f4c2291b734eaa2d7615

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

winhttp

Sections

.text Size: 105KB - Virtual size: 105KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 111KB - Virtual size: 41.0MB

.rsrc Size: 92KB - Virtual size: 92KB

.text
Size: 105KB - Virtual size: 105KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 111KB - Virtual size: 41.0MB

.rsrc
Size: 92KB - Virtual size: 92KB