8d7795e565558f472cef93c4d960ba71676d4a1fd45ddd6d7912223878a8285b

Sharing

Copy URL

Twitter E-mail

General

Target

8d7795e565558f472cef93c4d960ba71676d4a1fd45ddd6d7912223878a8285b
Size

166KB
MD5

c0407a73aa3aabd7f06c0082770e70bf
SHA1

05e4d8cefffdf347af32d30cd61cf0fef6d0ff22
SHA256

8d7795e565558f472cef93c4d960ba71676d4a1fd45ddd6d7912223878a8285b
SHA512

323788b0b39c31c4ee63d8afd055a0c90f02521247438536edf8eb8ece63b160d2414c56b2457e038b5cf9c65a0b104fe7415cc851ace51eac90354594e2367a
SSDEEP

3072:Qiec6mlBLsdZFjohTmcpjDuF8/Laq5SdiG34ktnuFGs2UPIaPKVPV2GJSA:9ecXhcF4TfpQMbSd14nFGslPIZZ1b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/204063581a5aac527fc0be421097ddc37b338cedced74ca6858f88f3d31bcc51.exe

Files

8d7795e565558f472cef93c4d960ba71676d4a1fd45ddd6d7912223878a8285b
.zip

Password: infected
204063581a5aac527fc0be421097ddc37b338cedced74ca6858f88f3d31bcc51.exe
.exe windows:5 windows x86 arch:x86

99958f84824363d70f77dd17df64c197

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameA
CreateFileA
OpenFile
SetLocaleInfoA
WriteConsoleInputW
DeleteVolumeMountPointA
VerSetConditionMask
InterlockedDecrement
ZombifyActCtx
SetDefaultCommConfigW
CreateJobObjectW
GetProfileSectionA
MoveFileWithProgressA
FindNextVolumeMountPointA
ReadConsoleW
GetCommandLineA
CreateActCtxW
GlobalAlloc
TerminateThread
ReadConsoleInputA
SetConsoleCP
InterlockedPopEntrySList
GlobalFlags
WritePrivateProfileStructW
WriteConsoleW
GetTimeZoneInformation
GetNamedPipeHandleStateW
GetLargestConsoleWindowSize
FindFirstFileA
GetCPInfoExW
GetLastError
GetProcAddress
PeekConsoleInputW
VerLanguageNameW
SearchPathA
GetPrivateProfileStringA
SetFileApisToOEM
OpenWaitableTimerA
LoadLibraryA
GetConsoleScreenBufferInfo
IsWow64Process
BuildCommDCBAndTimeoutsW
GetNumberFormatW
FoldStringA
GlobalFindAtomW
GetModuleHandleA
GetProcessShutdownParameters
OpenFileMappingW
LocalSize
GetWindowsDirectoryW
CloseHandle
SetStdHandle
FlushFileBuffers
WideCharToMultiByte
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapReAlloc
GetCommandLineW
HeapSetInformation
GetStartupInfoW
GetCPInfo
RaiseException
RtlUnwind
HeapAlloc
LCMapStringW
IsProcessorFeaturePresent
HeapCreate
HeapSize
GetModuleHandleW
ExitProcess
SetUnhandledExceptionFilter
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryW
SetFilePointer
GetConsoleCP
GetConsoleMode
CreateFileW

user32

CharToOemBuffW
CharUpperW

Sections

.text
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

99958f84824363d70f77dd17df64c197

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 191KB - Virtual size: 190KB

.data Size: 6KB - Virtual size: 3.5MB

.rsrc Size: 105KB - Virtual size: 104KB

.text
Size: 191KB - Virtual size: 190KB

.data
Size: 6KB - Virtual size: 3.5MB

.rsrc
Size: 105KB - Virtual size: 104KB