9a2073e7fd9e73b17ab239c32ea2c2852c9d958abf3a7501cbca8ac4b03e188c

Sharing

Copy URL

Twitter E-mail

General

Target

9a2073e7fd9e73b17ab239c32ea2c2852c9d958abf3a7501cbca8ac4b03e188c
Size

107KB
MD5

d1b1025866b6487e5dc946427f8addfa
SHA1

245d66172edd4c0f1717735486e5c5693e480fe3
SHA256

9a2073e7fd9e73b17ab239c32ea2c2852c9d958abf3a7501cbca8ac4b03e188c
SHA512

c7dac2e26a43066e0f5ddd5d9aa5ad48912eb448c5e6223db00c492af4749b4b8f5b951c01bf2c61bb4d272470488b97d331f749af83c701e16f12980b80a3b1
SSDEEP

3072:7ldz4JW6PG9G+yACSizY0JD8ShbeRz40Jx/C96WEwdq:zN9lQFdDfhbeR7a9nE1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/2feee675a296f24476606968e2669d0efda3c14b2c56e8507bc22efbbb54ce6b.exe

Files

9a2073e7fd9e73b17ab239c32ea2c2852c9d958abf3a7501cbca8ac4b03e188c
.zip

Password: infected
2feee675a296f24476606968e2669d0efda3c14b2c56e8507bc22efbbb54ce6b.exe
.exe windows:5 windows x86 arch:x86

518370577aa5c0bcbfd6ece4cf8b6db7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
SetEvent
CreateHardLinkA
ConnectNamedPipe
GetModuleHandleW
GetTickCount
GlobalAlloc
GlobalFindAtomA
LoadLibraryW
GetFileAttributesA
HeapValidate
GetACP
FindNextVolumeMountPointW
GetConsoleOutputCP
GetLocaleInfoA
GetCurrentDirectoryW
GetThreadLocale
GetProcAddress
HeapSize
SetComputerNameA
GetAtomNameA
LoadLibraryA
UnhandledExceptionFilter
OpenWaitableTimerW
SetCalendarInfoW
GetModuleFileNameA
SetConsoleTitleW
HeapSetInformation
FindAtomW
CloseHandle
CreateFileW
GetLastError
GetNumaProcessorNode
IsProcessorFeaturePresent
EncodePointer
DecodePointer
HeapReAlloc
ExitProcess
GetCommandLineA
GetStartupInfoW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
Sleep
HeapFree
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetOEMCP
IsValidCodePage
RtlUnwind
SetStdHandle
WriteConsoleW
MultiByteToWideChar
LCMapStringW
GetStringTypeW
FlushFileBuffers

user32

GetMonitorInfoA

advapi32

GetPrivateObjectSecurity

ole32

CoTaskMemFree

winhttp

WinHttpOpen

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

518370577aa5c0bcbfd6ece4cf8b6db7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

winhttp

Sections

.text Size: 43KB - Virtual size: 42KB

.rdata Size: 92KB - Virtual size: 91KB

.data Size: 10KB - Virtual size: 1.0MB

.rsrc Size: 40KB - Virtual size: 39KB

.text
Size: 43KB - Virtual size: 42KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 10KB - Virtual size: 1.0MB

.rsrc
Size: 40KB - Virtual size: 39KB