0e133075be0865484b62e1851cefdd946e2e03791c65d941ed11b59be9ab05f3

Sharing

Copy URL

Twitter E-mail

General

Target

0e133075be0865484b62e1851cefdd946e2e03791c65d941ed11b59be9ab05f3
Size

141KB
MD5

cca32e481fca43089061de0f45a6e9b6
SHA1

26274e2767ce71e16d396987c585e3771a23b4b4
SHA256

0e133075be0865484b62e1851cefdd946e2e03791c65d941ed11b59be9ab05f3
SHA512

1ea74892b31ea8da3fbb7c073452b3ad3fc44725edc95ceff9b6f0b0fb47f5ac45d38a5da05bdfebd371ce1b6443ffee01fd3e0077d62637596faceb3fc905b8
SSDEEP

3072:dSXvpTxFrHIgblA7e7ciionbtyJFmGb25AhlNoHDIBuH:d2TxF7Ig6q5lbMJF9YAhboHDIB4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/a7c2b8d081407da5d72f12eeef21c11674ff616c89be40f73f114c292c09e6de.exe

Files

0e133075be0865484b62e1851cefdd946e2e03791c65d941ed11b59be9ab05f3
.zip

Password: infected
a7c2b8d081407da5d72f12eeef21c11674ff616c89be40f73f114c292c09e6de.exe
.exe windows:5 windows x86 arch:x86

700b0dd8274fa766006677f2cd2b64ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\koliyayibuj\telu.pdb

Imports

kernel32

QueryDosDeviceA
AddConsoleAliasW
SetCommBreak
GetSystemDefaultLCID
GetTickCount
LoadLibraryW
FatalAppExitW
FreeConsole
SetComputerNameExW
CreateJobObjectA
GetLastError
SetLastError
GetProcAddress
VirtualAlloc
SetVolumeLabelW
ReadConsoleOutputAttribute
RemoveDirectoryA
LoadLibraryA
WriteConsoleA
LocalAlloc
FindNextChangeNotification
GlobalFindAtomW
GetModuleFileNameA
FindFirstVolumeMountPointA
GetModuleHandleA
GetFileAttributesExW
DeleteFileW
GetCurrentProcessId
MoveFileWithProgressW
DebugBreak
AreFileApisANSI
MoveFileW
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleW
Sleep
ExitProcess
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapFree
GetCPInfo
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
WriteFile
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapAlloc
HeapReAlloc
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
RtlUnwind

advapi32

GetAce

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 38.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

700b0dd8274fa766006677f2cd2b64ed

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Sections

.text Size: 126KB - Virtual size: 126KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 19KB - Virtual size: 38.9MB

.rsrc Size: 69KB - Virtual size: 69KB

.text
Size: 126KB - Virtual size: 126KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 19KB - Virtual size: 38.9MB

.rsrc
Size: 69KB - Virtual size: 69KB