2b9421b148c42865886eccac365474d76e80f0735e1761f766968acc805cbb18

Sharing

Copy URL Twitter E-mail

General

Target

2b9421b148c42865886eccac365474d76e80f0735e1761f766968acc805cbb18
Size

180KB
MD5

e68626d9e17e52f170df1d89d46e37db
SHA1

af0569e94605248e2f28b61874e5652080416aea
SHA256

2b9421b148c42865886eccac365474d76e80f0735e1761f766968acc805cbb18
SHA512

27f353887b849875e77b2edc97d4af4b3f9e3c882cf7b9df68f3237f338ec6666a46360061bb2fe90e9aedf9706ed0a35b43d4da46d71cb1e2b48ffafeea6783
SSDEEP

3072:bgEzdDrnZGQ/oJebff+DPuxozFGxmZvdUPrUVVKrxAt8/xJDlEAG2PqeuQT:0gXnZGLEfmD2xozYAZGrUPcxFnJGf9QT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6a345ac4726c427e82a2121ae310adce203aa39c1c3d7ce48f5670cb833345a8.exe

Files

2b9421b148c42865886eccac365474d76e80f0735e1761f766968acc805cbb18
.zip

Password: infected
6a345ac4726c427e82a2121ae310adce203aa39c1c3d7ce48f5670cb833345a8.exe
.exe windows:5 windows x86 arch:x86

79134121236a21f4a744fb6dd4238594

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDateFormatW
GetFileSize
GetConsoleAliasExesLengthA
WriteConsoleOutputCharacterA
HeapAlloc
ZombifyActCtx
CreateHardLinkA
WideCharToMultiByte
LoadLibraryW
GetFileAttributesW
GetModuleFileNameW
CompareStringW
CreateJobObjectA
InterlockedExchange
SetThreadLocale
GetLastError
GetProcessHeaps
CreateNamedPipeA
GetConsoleDisplayMode
BuildCommDCBW
GetNumaHighestNodeNumber
GetAtomNameA
UnhandledExceptionFilter
LocalAlloc
DnsHostnameToComputerNameA
WritePrivateProfileStringA
AddAtomW
FindAtomA
CreatePipe
VirtualProtect
GetCurrentDirectoryA
ReleaseMutex
FindAtomW
FileTimeToLocalFileTime
HeapReAlloc
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
HeapCreate
HeapFree
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
HeapSize
IsProcessorFeaturePresent
LCMapStringW
MultiByteToWideChar
GetStringTypeW
RaiseException

user32

CopyRect
LoadIconW

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dabikog
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

79134121236a21f4a744fb6dd4238594

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 37KB - Virtual size: 37KB

.rdata Size: 180KB - Virtual size: 179KB

.data Size: 7KB - Virtual size: 43KB

.tls Size: 2KB - Virtual size: 2KB

.dabikog Size: 512B - Virtual size: 12B

.rsrc Size: 27KB - Virtual size: 26KB

.text
Size: 37KB - Virtual size: 37KB

.rdata
Size: 180KB - Virtual size: 179KB

.data
Size: 7KB - Virtual size: 43KB

.tls
Size: 2KB - Virtual size: 2KB

.dabikog
Size: 512B - Virtual size: 12B

.rsrc
Size: 27KB - Virtual size: 26KB