48d565173a19594e28a7525b9da5553bdd08e8e0a18a976b4fbd52d08970b4e9

Sharing

Copy URL

Twitter E-mail

General

Target

48d565173a19594e28a7525b9da5553bdd08e8e0a18a976b4fbd52d08970b4e9
Size

162KB
MD5

96dd6804ba3cb016af903155f2559901
SHA1

957843a9ff5daceb63c8af69197e8714d025d4f6
SHA256

48d565173a19594e28a7525b9da5553bdd08e8e0a18a976b4fbd52d08970b4e9
SHA512

45bcc898446de4bb5338adbe1503db583975e0755a74701ba03de1d1df7cadf696accf4ca870a40d1757a38d2e8abb6382171c97f25e433d619860b1f1cdb860
SSDEEP

3072:nSoPYMGkEDviXDI6VomeFiYkteETlLNkO2E8o2CTQPExXT:dPY7VDv8fRsueETv7QPG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/53a3ddba0b75161ce2d48cfe94f0b45371f879edcbf45756da50f729b664888c.exe

Files

48d565173a19594e28a7525b9da5553bdd08e8e0a18a976b4fbd52d08970b4e9
.zip

Password: infected
53a3ddba0b75161ce2d48cfe94f0b45371f879edcbf45756da50f729b664888c.exe
.exe windows:5 windows x86 arch:x86

22d51019ef926c7d67891a16d936728c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadConsoleA
GetConsoleAliasA
CreateDirectoryW
GetFileAttributesExA
GetModuleHandleW
GetTickCount
EnumTimeFormatsW
GlobalAlloc
GetVolumeInformationA
GlobalFindAtomA
LoadLibraryW
GetSystemPowerStatus
FreeConsole
GetConsoleAliasExesLengthW
WriteConsoleW
CreateFileW
MultiByteToWideChar
FindNextVolumeMountPointW
GetLastError
GetProcAddress
InterlockedIncrement
GetExitCodeThread
GetNumberFormatW
RemoveDirectoryW
QueryDosDeviceW
GetModuleFileNameA
VirtualProtect
GetCurrentDirectoryA
GetVersionExA
GetWindowsDirectoryW
GetCurrentProcessId
ReadConsoleOutputCharacterW
CloseHandle
SetStdHandle
OutputDebugStringW
LoadLibraryExW
HeapReAlloc
FindResourceA
GetLocaleInfoA
PeekConsoleInputW
GetEnvironmentVariableW
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WideCharToMultiByte
GetStringTypeW
HeapFree
HeapAlloc
IsProcessorFeaturePresent
GetCommandLineA
RaiseException
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
LCMapStringW
GetProcessHeap
IsDebuggerPresent
GetStdHandle
GetFileType
ExitProcess
GetModuleHandleExW
WriteFile
GetModuleFileNameW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
GetCurrentThreadId
ReadFile
SetFilePointerEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetACP

user32

GetKeyboardLayoutNameA
CharUpperBuffW
DrawEdge
GetClassInfoW
CharLowerA
SetUserObjectSecurity
GetAltTabInfoW

gdi32

CreateDCA

advapi32

ReadEventLogA

winhttp

WinHttpOpen

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 149KB - Virtual size: 41.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

22d51019ef926c7d67891a16d936728c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

winhttp

Sections

.text Size: 63KB - Virtual size: 62KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 149KB - Virtual size: 41.1MB

.rsrc Size: 69KB - Virtual size: 68KB

.text
Size: 63KB - Virtual size: 62KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 149KB - Virtual size: 41.1MB

.rsrc
Size: 69KB - Virtual size: 68KB