631e088e8d60d38b5408b10bc35a3b253aed1fafaf625ebe2d156c78d60aa9bb

Sharing

Copy URL Twitter E-mail

General

Target

631e088e8d60d38b5408b10bc35a3b253aed1fafaf625ebe2d156c78d60aa9bb
Size

139KB
MD5

361a7883fe63e363b5c2f3d77c0a7fdc
SHA1

9798362e57641e5f803d0c839420d673f18c5041
SHA256

631e088e8d60d38b5408b10bc35a3b253aed1fafaf625ebe2d156c78d60aa9bb
SHA512

6575f1fbd437e1dd6fa9c820ed664506dce1b685f37ab0f7fa01dc4199a9cc999725e15f788674e909ba36893b6cb1ac7d916ae52c7ca8b35fc36d922a356fa8
SSDEEP

3072:cbqJZreW2NNp2ZeBKQW+Z4iWri05U74eUVNYlExR:r7WDp2TQVmiECUehlExR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/b1f57f9e13e75717674eeca314a042ac3e0816f17e7743c361e0be7f45bf9897.exe

Files

631e088e8d60d38b5408b10bc35a3b253aed1fafaf625ebe2d156c78d60aa9bb
.zip

Password: infected
b1f57f9e13e75717674eeca314a042ac3e0816f17e7743c361e0be7f45bf9897.exe
.exe windows:5 windows x86 arch:x86

09d0411b4f65505d70685766dbc9fb8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\zudibisig\kotuduwaja\rucika\luku.pdb

Imports

kernel32

GetConsoleAliasExesLengthA
FindResourceW
InterlockedIncrement
ReadConsoleA
InterlockedDecrement
AddConsoleAliasW
GetFileAttributesExA
GetTickCount
FindNextVolumeMountPointA
GetConsoleAliasesLengthA
GetNumberFormatA
GetWindowsDirectoryA
EnumTimeFormatsW
GlobalAlloc
GetVolumeInformationA
GlobalFindAtomA
GetLocaleInfoW
ReadConsoleInputA
GetThreadSelectorEntry
CreateDirectoryA
CreateFileA
GetLastError
GetProcAddress
VirtualAlloc
RemoveDirectoryA
LoadLibraryA
WriteConsoleA
SetEnvironmentVariableA
GetModuleFileNameA
GetConsoleTitleW
GetCurrentDirectoryA
DuplicateHandle
GetVersionExA
GetCurrentProcessId
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
OpenMutexW
GetComputerNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
RaiseException
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
Sleep
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
GetModuleHandleA
SetFilePointer
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
SetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
CloseHandle
GetLocaleInfoA

user32

GetAltTabInfoA
UnregisterClassA
CharLowerBuffA
LoadKeyboardLayoutW
CharUpperBuffW

gdi32

StretchDIBits

shell32

FindExecutableW

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 22.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

09d0411b4f65505d70685766dbc9fb8a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

Sections

.text Size: 141KB - Virtual size: 140KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 76KB - Virtual size: 22.0MB

.rsrc Size: 29KB - Virtual size: 29KB

.text
Size: 141KB - Virtual size: 140KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 76KB - Virtual size: 22.0MB

.rsrc
Size: 29KB - Virtual size: 29KB