4fe6e2ac319397f53a6ea46e77cde425187df6fca2f0f630fc0f5d6eb0901ae1

Sharing

Copy URL

Twitter E-mail

General

Target

4fe6e2ac319397f53a6ea46e77cde425187df6fca2f0f630fc0f5d6eb0901ae1
Size

570KB
MD5

81c96278fb83c436d0fd8aaae5db5ee6
SHA1

93081fa2fc13d69480426d9c38921c78a3edc35c
SHA256

4fe6e2ac319397f53a6ea46e77cde425187df6fca2f0f630fc0f5d6eb0901ae1
SHA512

c8b561135677b5942f16f01d608b2e7ee3a8eaeac19b1fe752120567789689097cd2243226ec5331b0a830fe9ed4b6e2575341b7d368a6b9759e485d93bf175e
SSDEEP

12288:9mL2/mMj8gMDnzorOwLWeWXt8yLXFrdTFq6Of1+X952n:9m0mMj4jzoCwnuxTg1M2n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/48689c986eb553e6a7aeba973501b9660cb1418d4ec3ba9d0511f82799d1422c.exe

Files

4fe6e2ac319397f53a6ea46e77cde425187df6fca2f0f630fc0f5d6eb0901ae1
.zip

Password: infected
48689c986eb553e6a7aeba973501b9660cb1418d4ec3ba9d0511f82799d1422c.exe
.exe windows:5 windows x86 arch:x86

efd88b96a3d1bf9894e7822b198a54f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
InterlockedDecrement
ZombifyActCtx
GetEnvironmentStringsW
SetEvent
GetModuleHandleW
GetWindowsDirectoryA
GetConsoleCP
GetSystemPowerStatus
GetCalendarInfoW
ReadProcessMemory
GetFileAttributesW
AllocConsole
lstrlenW
GetProcAddress
GetProcessHeaps
HeapUnlock
LocalAlloc
HeapLock
GetModuleFileNameA
CreateMutexA
SetFileShortNameA
FindActCtxSectionStringW
CommConfigDialogW
DeleteFileA
GetACP
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
HeapAlloc
GetLastError
HeapFree
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
Sleep
HeapSize
ExitProcess
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
SetFilePointer
WriteFile
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleMode
GetCPInfo
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
CloseHandle
CreateFileA
GetModuleHandleA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
FlushFileBuffers
SetEndOfFile
GetProcessHeap
ReadFile

advapi32

AdjustTokenPrivileges

Sections

.text
Size: 556KB - Virtual size: 556KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 46.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

efd88b96a3d1bf9894e7822b198a54f3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 556KB - Virtual size: 556KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 11KB - Virtual size: 46.4MB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 51KB - Virtual size: 50KB

.text
Size: 556KB - Virtual size: 556KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 11KB - Virtual size: 46.4MB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 51KB - Virtual size: 50KB