0ad510cda940ae8424cb2d6b11e708f53126da5383e6013415fa16013d335232

Sharing

Copy URL

Twitter E-mail

General

Target

0ad510cda940ae8424cb2d6b11e708f53126da5383e6013415fa16013d335232
Size

147KB
MD5

b0a09657782664140acee4e7cad1e1bd
SHA1

e7f2c50a33b688fa84eec1db6834fbf7ed046a84
SHA256

0ad510cda940ae8424cb2d6b11e708f53126da5383e6013415fa16013d335232
SHA512

44dde8186a72ea89c4c9698232281f2c08dec8f0c60512284d1f1f64791aef59763da55121df136feec037e57c7d43afe82c43fe6f199572ce26ad2893f167b7
SSDEEP

3072:N8n4lIDdSiHW1bGUUOjyRJ5qw/PFS9GHHYF:NgWIDdSi6GayRvJlS96HE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/ed8e31c2fccca230c75e8246d3e31ee548af0139a1e8dfb4038fa256d362c3d3.exe

Files

0ad510cda940ae8424cb2d6b11e708f53126da5383e6013415fa16013d335232
.zip

Password: infected
ed8e31c2fccca230c75e8246d3e31ee548af0139a1e8dfb4038fa256d362c3d3.exe
.exe windows:5 windows x86 arch:x86

e8e51dea98dc7701b104446165cbe5db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLocaleInfoA
WriteConsoleInputW
WritePrivateProfileStructA
DeleteVolumeMountPointA
VerSetConditionMask
ReadConsoleA
InterlockedDecrement
ZombifyActCtx
SetDefaultCommConfigW
CreateJobObjectW
GetProfileSectionA
GetComputerNameW
MoveFileWithProgressA
FindNextVolumeMountPointA
CreateActCtxW
GlobalAlloc
TerminateThread
ReadConsoleInputA
SetConsoleCP
InterlockedPopEntrySList
GlobalFlags
WriteConsoleW
GetTimeZoneInformation
GetNamedPipeHandleStateW
GetLargestConsoleWindowSize
CreateFileA
GetLastError
GetProcAddress
PeekConsoleInputW
VerLanguageNameW
SearchPathA
GetPrivateProfileStringA
SetFileApisToOEM
OpenWaitableTimerA
LoadLibraryA
GetConsoleScreenBufferInfo
IsWow64Process
BuildCommDCBAndTimeoutsW
GetNumberFormatW
FoldStringA
GlobalFindAtomW
GetModuleHandleA
GetProcessShutdownParameters
OpenFileMappingW
GetCPInfoExA
LocalSize
GetWindowsDirectoryW
CloseHandle
SetStdHandle
FlushFileBuffers
FindFirstFileA
GetCommandLineW
WideCharToMultiByte
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapReAlloc
HeapSetInformation
GetStartupInfoW
GetCPInfo
RaiseException
RtlUnwind
HeapAlloc
LCMapStringW
IsProcessorFeaturePresent
HeapCreate
HeapSize
GetModuleHandleW
ExitProcess
SetUnhandledExceptionFilter
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryW
SetFilePointer
GetConsoleCP
GetConsoleMode
CreateFileW

user32

CharToOemBuffW
CharUpperW

advapi32

IsTextUnicode

Sections

.text
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

e8e51dea98dc7701b104446165cbe5db

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 192KB - Virtual size: 191KB

.data Size: 19KB - Virtual size: 3.5MB

.rsrc Size: 32KB - Virtual size: 32KB

.text
Size: 192KB - Virtual size: 191KB

.data
Size: 19KB - Virtual size: 3.5MB

.rsrc
Size: 32KB - Virtual size: 32KB