092f6d561f5dd5639a78d085761693166f92f383ef825198023dad1e097b559b

Sharing

Copy URL Twitter E-mail

General

Target

092f6d561f5dd5639a78d085761693166f92f383ef825198023dad1e097b559b
Size

185KB
MD5

6aca57753f8e458cec458f2a5d0e7770
SHA1

5f35a8ccfa55453dbdfbe5ab5c4ba38c3f779271
SHA256

092f6d561f5dd5639a78d085761693166f92f383ef825198023dad1e097b559b
SHA512

b82cdfdfe6a6884484b7a7e75a6730e4d6e82eb07d9e89771d872b102974b4562bbcf11fb3fbcf22347c780cbdb9ba060ac50e195668b05edda2590f7c074cc7
SSDEEP

3072:QCat+XFk/F2D/hTeP6yMYZjq2s+9VSnoXPaeRSSiAl3Vsz4rAe46Y4JScKe097P:Q6FkOBet5xq2FVOrdSieVsz4p46Y4JSr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2f956197a4d1936813be2945bd9bd2bad0c30613d5929a0826bc95e106d2714d.exe

Files

092f6d561f5dd5639a78d085761693166f92f383ef825198023dad1e097b559b
.zip

Password: infected
2f956197a4d1936813be2945bd9bd2bad0c30613d5929a0826bc95e106d2714d.exe
.exe windows:5 windows x86 arch:x86

b55d52bd4fb8575e7457803bdb9b409f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetNumaProcessorNode
HeapAlloc
InterlockedIncrement
WaitForSingleObject
SetEvent
GetModuleHandleW
GetTickCount
FindNextVolumeMountPointA
LoadLibraryW
GetLocaleInfoW
GetFileAttributesA
HeapValidate
CreateFileW
GetConsoleOutputCP
GetLastError
GetCurrentDirectoryW
GetProcAddress
HeapSize
SetComputerNameA
GetAtomNameA
LoadLibraryA
UnhandledExceptionFilter
CreateHardLinkW
GlobalFindAtomW
CreatePipe
ConvertDefaultLocale
GetModuleFileNameA
SetConsoleTitleW
HeapSetInformation
SetCalendarInfoA
FindAtomW
ReadFile
FlushFileBuffers
HeapReAlloc
GetCommandLineA
GetStartupInfoW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
DecodePointer
EncodePointer
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
EnterCriticalSection
LeaveCriticalSection
HeapFree
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
RtlUnwind
MultiByteToWideChar
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
IsProcessorFeaturePresent
CloseHandle

user32

GetMonitorInfoA

ole32

CoTaskMemFree

winhttp

WinHttpOpen

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

b55d52bd4fb8575e7457803bdb9b409f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

winhttp

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 147KB - Virtual size: 147KB

.data Size: 7KB - Virtual size: 1.0MB

.tls Size: 2KB - Virtual size: 2KB

.rsrc Size: 93KB - Virtual size: 92KB

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 147KB - Virtual size: 147KB

.data
Size: 7KB - Virtual size: 1.0MB

.tls
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 93KB - Virtual size: 92KB