5dde1846f1d669b3ec1f043c7dffa3f4f02496f136add4319ff5fc806b0b9d04

Sharing

Copy URL

Twitter E-mail

General

Target

5dde1846f1d669b3ec1f043c7dffa3f4f02496f136add4319ff5fc806b0b9d04
Size

143KB
MD5

4a9e72f9a8608972cc3ea1d086994162
SHA1

66940bc93d403fc5542fffadf8c011e559f2a990
SHA256

5dde1846f1d669b3ec1f043c7dffa3f4f02496f136add4319ff5fc806b0b9d04
SHA512

e277f58989e5ae4c3ddbc21f3454afa9e96eab64e485b7d04bc26751d7c8c53f7320b2b024546b3b28e6d8ac4b2d97d93a20f6f737dcdca8c5e3984c16d0e605
SSDEEP

3072:LknNWpuwo63RhQd5EJTWNvVus+MRLTSLGCj4QCQAupy4i3X:wybudsSts9qTq4QvAupyrn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/1d778359ab155cb190b9f2a7086c3bcb4082aa195ff8f754dae2d665fd20aa05.exe

Files

5dde1846f1d669b3ec1f043c7dffa3f4f02496f136add4319ff5fc806b0b9d04
.zip

Password: infected
1d778359ab155cb190b9f2a7086c3bcb4082aa195ff8f754dae2d665fd20aa05.exe
.exe windows:5 windows x86 arch:x86

0f630aaf8b5c4e958445ec0c2d5ec47e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

*Qf69@+mESRA.RY7*+6XEF#NH.pdb

Imports

secur32

EnumerateSecurityPackagesA

msvcrt

_controlfp
_except_handler3
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs

kernel32

GetThreadLocale
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
FlushInstructionCache
EnumUILanguagesW
GetConsoleSelectionInfo
PrepareTape

gdi32

SetBitmapDimensionEx

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt1
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CRT
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

0f630aaf8b5c4e958445ec0c2d5ec47e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

secur32

msvcrt

kernel32

gdi32

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 51KB - Virtual size: 50KB

.data Size: 2KB - Virtual size: 7KB

.crt1 Size: 10KB - Virtual size: 10KB

CRT Size: 39KB - Virtual size: 39KB

.crt Size: 15KB - Virtual size: 14KB

.rsrc Size: 73KB - Virtual size: 73KB

.reloc Size: 1KB - Virtual size: 2KB

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 51KB - Virtual size: 50KB

.data
Size: 2KB - Virtual size: 7KB

.crt1
Size: 10KB - Virtual size: 10KB

CRT
Size: 39KB - Virtual size: 39KB

.crt
Size: 15KB - Virtual size: 14KB

.rsrc
Size: 73KB - Virtual size: 73KB

.reloc
Size: 1KB - Virtual size: 2KB