be10f8d66194827ccaa6bfb7a84efd49e242676972aa49109f81cbdcf8ee3eca

Sharing

Copy URL Twitter E-mail

General

Target

be10f8d66194827ccaa6bfb7a84efd49e242676972aa49109f81cbdcf8ee3eca
Size

162KB
MD5

21b9b341d5403ad9c3dfb62a7b1a86bb
SHA1

5cfa7b274de63ee48146dde735dd17175ea8ac2b
SHA256

be10f8d66194827ccaa6bfb7a84efd49e242676972aa49109f81cbdcf8ee3eca
SHA512

997270726caf315020271be8d12ed01f152e2ed55e29b7324f47c91cdebdec9199e7b7d70a1928ac8a4b8276a2d73aa9229805cdce53cb8addda70a7e2372735
SSDEEP

3072:V9xSXohuAsQa0xYWnCJOYo1B6iOadg7nJdBH6AXiy9NqFzgJL4C8odnGZm5:V9sXohpaPWndvzlTFSHhoZM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2c286e5121fd51b65f2909943887b32b69c916dada2c73320d0e11592c9751bc.exe

Files

be10f8d66194827ccaa6bfb7a84efd49e242676972aa49109f81cbdcf8ee3eca
.zip

Password: infected
2c286e5121fd51b65f2909943887b32b69c916dada2c73320d0e11592c9751bc.exe
.exe windows:5 windows x86 arch:x86

5a21299c9e523d932e96c629a301a84f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\lahutazaxe\cilagav\giw.pdb

Imports

kernel32

InterlockedIncrement
SetConsoleTextAttribute
ReadConsoleA
GetCurrentProcess
CreateDirectoryW
GetFileAttributesExA
GetTickCount
GetCommConfig
GetConsoleAliasesLengthA
GetWindowsDirectoryA
GlobalAlloc
GetVolumeInformationA
GetFirmwareEnvironmentVariableA
TerminateThread
GetLocaleInfoW
GetSystemPowerStatus
GetConsoleAliasExesLengthW
GetVersionExW
FindNextVolumeW
GetConsoleAliasW
GetModuleFileNameW
CreateFileW
FindResourceA
GetLastError
GetCurrentDirectoryW
GetProcAddress
PeekConsoleInputW
RemoveDirectoryA
LoadLibraryA
WriteConsoleA
FindFirstVolumeMountPointW
GetNumberFormatW
QueryDosDeviceW
GlobalFindAtomW
VirtualProtect
_lopen
GetCurrentProcessId
ResetWriteWatch
AreFileApisANSI
OutputDebugStringW
HeapReAlloc
WriteConsoleW
SetStdHandle
LCMapStringW
GetHandleInformation
GetEnvironmentVariableW
MultiByteToWideChar
EncodePointer
DecodePointer
ReadFile
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
GetCommandLineA
RaiseException
RtlUnwind
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
DeleteCriticalSection
HeapSize
HeapFree
IsDebuggerPresent
SetFilePointerEx
GetStdHandle
GetFileType
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LoadLibraryExW
HeapAlloc
GetProcessHeap
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
CloseHandle

user32

CharUpperBuffW
ChangeMenuA
CharLowerBuffA
DrawAnimatedRects

advapi32

ReadEventLogA

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 143KB - Virtual size: 6.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

5a21299c9e523d932e96c629a301a84f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 143KB - Virtual size: 6.8MB

.rsrc Size: 73KB - Virtual size: 72KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 143KB - Virtual size: 6.8MB

.rsrc
Size: 73KB - Virtual size: 72KB