943870a8fa6b12305e86ece6e3c5625ead0771c91bfe8d666beb026ecb4899ec

Sharing

Copy URL Twitter E-mail

General

Target

943870a8fa6b12305e86ece6e3c5625ead0771c91bfe8d666beb026ecb4899ec
Size

185KB
MD5

fc80f9ef0d574a117c858b49141fd749
SHA1

bd2ff87c929c24fc53d683c41cbdf90202a75f1e
SHA256

943870a8fa6b12305e86ece6e3c5625ead0771c91bfe8d666beb026ecb4899ec
SHA512

d91847354c43226840bdc1ef6d4b5cfa46bee4e7105e9ad4d21ddd4b8cdfc3212f90b754874efe6a24c52164ecee9767cfcef1a2953902c4371012dcbeca8cde
SSDEEP

3072:DEwtf+qxF9YvcnY+xtKCS5//ojfBiQoOo3RmdJkNbNhB7jZBUm0kvlO5zxVOOAnm:jWGY0YEtbAARe3RmPibN3ZJvl8x0OAf+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/523beeb57c19076e7177e7a016bab52ff21ac5ecbbbafd0b8dc5c8dc5b9d5cc1.exe

Files

943870a8fa6b12305e86ece6e3c5625ead0771c91bfe8d666beb026ecb4899ec
.zip

Password: infected
523beeb57c19076e7177e7a016bab52ff21ac5ecbbbafd0b8dc5c8dc5b9d5cc1.exe
.exe windows:5 windows x86 arch:x86

0af8560cfad62a70e1f6684099ea52da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\coguhahuyosibo9-yifamiw\dimore-zilayomiwezu-paxapoy.pdb

Imports

kernel32

ReadConsoleA
AddConsoleAliasW
GetComputerNameW
GetTimeFormatA
GetFileAttributesExA
GetTickCount
GenerateConsoleCtrlEvent
FindNextVolumeMountPointA
GetConsoleTitleA
ReadConsoleW
GetConsoleAliasExesW
CreateDirectoryExW
GlobalAlloc
GlobalFindAtomA
LoadLibraryW
GetLocaleInfoW
ReadConsoleInputA
GetConsoleAliasW
FlushFileBuffers
InterlockedIncrement
SetLastError
GetProcAddress
VirtualAlloc
SetStdHandle
GetTempFileNameA
LoadLibraryA
WriteConsoleA
GetNumberFormatW
RemoveDirectoryW
GetModuleHandleA
GetVersionExA
GetVolumeInformationW
CreateThread
CloseHandle
SetComputerNameExA
GetConsoleAliasExesLengthA
GetLastError
CreateFileA
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
HeapFree
WideCharToMultiByte
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
VirtualFree
HeapReAlloc
HeapCreate
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetModuleFileNameA
GetConsoleCP
GetConsoleMode
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
InterlockedDecrement
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
HeapSize
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

CharUpperBuffA
GetAltTabInfoA
LoadKeyboardLayoutA
GetMenu

gdi32

StretchDIBits

advapi32

RegSetValueA

Sections

.text
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 22.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

0af8560cfad62a70e1f6684099ea52da

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 178KB - Virtual size: 177KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 40KB - Virtual size: 22.0MB

.rsrc Size: 62KB - Virtual size: 61KB

.text
Size: 178KB - Virtual size: 177KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 40KB - Virtual size: 22.0MB

.rsrc
Size: 62KB - Virtual size: 61KB