adc1b56f7597be5415a70733114185919a85c8b2d3f133a861702ac7218d4ae9

Sharing

Copy URL

Twitter E-mail

General

Target

adc1b56f7597be5415a70733114185919a85c8b2d3f133a861702ac7218d4ae9
Size

160KB
MD5

bc25cb9accf644dc9d5205b4fb047cfd
SHA1

ef7225dc2ffc5fd24cac9e3ccd777adaba0dea42
SHA256

adc1b56f7597be5415a70733114185919a85c8b2d3f133a861702ac7218d4ae9
SHA512

b2cbcc61508b10039843b2d0c0a2a24af1460d6c393adb42a0724fcef34ad1887772e223135bea06670be455f2108f34aed3c914333d0568389aaf944270c5d8
SSDEEP

3072:72mm5zJMARxxGXliw9208PZ12kc5BevsdPezWzExIYJb7:6m0tMAPGXlH2DPvGbdToxIYJb7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/d44236eeb92cc872600b3d0ae889c11912c1bb08c9a0f9c1657c9e2d58466879.exe

Files

adc1b56f7597be5415a70733114185919a85c8b2d3f133a861702ac7218d4ae9
.zip

Password: infected
d44236eeb92cc872600b3d0ae889c11912c1bb08c9a0f9c1657c9e2d58466879.exe
.exe windows:5 windows x86 arch:x86

d3ecaa3ff256d295d638233f7023beb2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameA
CreateFileA
OpenFile
SetLocaleInfoA
WriteConsoleInputW
DeleteVolumeMountPointA
VerSetConditionMask
InterlockedDecrement
ZombifyActCtx
SetDefaultCommConfigW
CreateJobObjectW
GetProfileSectionA
MoveFileWithProgressA
FindNextVolumeMountPointA
ReadConsoleW
GetCommandLineA
CreateActCtxW
GlobalAlloc
TerminateThread
ReadConsoleInputA
SetConsoleCP
InterlockedPopEntrySList
GlobalFlags
WritePrivateProfileStructW
WriteConsoleW
GetTimeZoneInformation
GetNamedPipeHandleStateW
GetLargestConsoleWindowSize
FindFirstFileA
GetCPInfoExW
GetLastError
GetProcAddress
PeekConsoleInputW
VerLanguageNameW
SearchPathA
GetPrivateProfileStringA
SetFileApisToOEM
OpenWaitableTimerA
LoadLibraryA
GetConsoleScreenBufferInfo
IsWow64Process
BuildCommDCBAndTimeoutsW
GetNumberFormatW
FoldStringA
GlobalFindAtomW
GetModuleHandleA
GetProcessShutdownParameters
OpenFileMappingW
LocalSize
GetWindowsDirectoryW
ExpandEnvironmentStringsW
CloseHandle
SetStdHandle
FlushFileBuffers
WideCharToMultiByte
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapReAlloc
GetCommandLineW
HeapSetInformation
GetStartupInfoW
GetCPInfo
RaiseException
RtlUnwind
HeapAlloc
LCMapStringW
IsProcessorFeaturePresent
HeapCreate
HeapSize
GetModuleHandleW
ExitProcess
SetUnhandledExceptionFilter
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryW
SetFilePointer
GetConsoleCP
GetConsoleMode
CreateFileW

user32

CharToOemBuffW
CharUpperW

Sections

.text
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

d3ecaa3ff256d295d638233f7023beb2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 192KB - Virtual size: 192KB

.data Size: 19KB - Virtual size: 3.5MB

.rsrc Size: 78KB - Virtual size: 78KB

.text
Size: 192KB - Virtual size: 192KB

.data
Size: 19KB - Virtual size: 3.5MB

.rsrc
Size: 78KB - Virtual size: 78KB