f9f47e6c68eda38d13f3166cf64fb0401bb53cbbc0372e4759ebe7e77c760ad1

Sharing

Copy URL Twitter E-mail

General

Target

f9f47e6c68eda38d13f3166cf64fb0401bb53cbbc0372e4759ebe7e77c760ad1
Size

160KB
MD5

dabaaa85fea4836810bebcfce376c55d
SHA1

4c05a6385785ba5500da5fe90ad71f8bae70e989
SHA256

f9f47e6c68eda38d13f3166cf64fb0401bb53cbbc0372e4759ebe7e77c760ad1
SHA512

3d7e0d25d2e44b4ea6cbd8b3c4fb4eeee631207181a4ce6fbf39ffc7299ea32eaaabaac14f2e5dff4e924f5a0957bf313fb579442255044746b74e7ce16aa51e
SSDEEP

3072:M0ewxsLN9dsdjQBuru+wbQZZ30YTfHECW1+KISYDstCW408G1Li:MAyp3SEu6+t0YT8QiWstCW405i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/f995e7b6121391a9214a3f3068a1d0ce7ccace5ff86a12bb51c8f9ae325b1d0a.exe

Files

f9f47e6c68eda38d13f3166cf64fb0401bb53cbbc0372e4759ebe7e77c760ad1
.zip

Password: infected
f995e7b6121391a9214a3f3068a1d0ce7ccace5ff86a12bb51c8f9ae325b1d0a.exe
.exe windows:5 windows x86 arch:x86

37e590bbf45f6bad9a23f55f39eacc34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
QueryDosDeviceA
CreateDirectoryW
GetFileAttributesExA
GetTickCount
FindNextVolumeMountPointA
ReadConsoleW
GetWindowsDirectoryA
EnumTimeFormatsA
GlobalAlloc
WideCharToMultiByte
GetVolumeInformationA
GlobalFindAtomA
TerminateThread
GetLocaleInfoW
GetSystemPowerStatus
FreeConsole
GetConsoleAliasExesLengthW
GetVersionExW
GetConsoleAliasW
GetLocaleInfoA
GetModuleFileNameW
GetLastError
GetCurrentDirectoryW
GetProcAddress
LoadLibraryA
GetNumberFormatW
RemoveDirectoryW
GetModuleHandleA
VirtualProtect
PeekConsoleInputA
GetCurrentProcessId
ReadConsoleOutputCharacterW
CloseHandle
CreateFileW
SetStdHandle
OutputDebugStringW
LoadLibraryExW
CreateFileA
FindResourceA
WriteConsoleW
GetEnvironmentVariableW
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetStringTypeW
HeapFree
HeapAlloc
IsProcessorFeaturePresent
GetCommandLineA
RaiseException
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetProcessHeap
IsDebuggerPresent
GetStdHandle
GetFileType
ExitProcess
GetModuleHandleExW
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
GetCurrentThreadId
ReadFile
SetFilePointerEx
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetACP
IsValidCodePage
GetOEMCP
HeapReAlloc

user32

GetClassInfoW
CharLowerA
SetUserObjectSecurity
GetAltTabInfoW
DrawFrameControl
CharUpperBuffW

gdi32

CreateDCA

advapi32

ReadEventLogA

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 148KB - Virtual size: 41.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

37e590bbf45f6bad9a23f55f39eacc34

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 62KB - Virtual size: 62KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 148KB - Virtual size: 41.1MB

.rsrc Size: 61KB - Virtual size: 61KB

.text
Size: 62KB - Virtual size: 62KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 148KB - Virtual size: 41.1MB

.rsrc
Size: 61KB - Virtual size: 61KB