5cf2924b8575066f7a4c1cbc4195510745c684f250eaf85bf225027d982b86f4

Sharing

Copy URL

Twitter E-mail

General

Target

5cf2924b8575066f7a4c1cbc4195510745c684f250eaf85bf225027d982b86f4
Size

148KB
MD5

2ffeae1cade8986f86e86e6783db0bca
SHA1

ba8e6509089ff07ee4c5221695830822d203bfbe
SHA256

5cf2924b8575066f7a4c1cbc4195510745c684f250eaf85bf225027d982b86f4
SHA512

ff3bb1422b6a786eaa13a5d174b42e1104317270b7d1f57cd0b4004e479e2b99ca5515dfb2860628d48eb8d0d679cbebb103f255d7faeca95ab4d02ceb970c45
SSDEEP

3072:xU8CgQZ+sCpqOi3GlULAO+a1Fpsla8eKEtpse8Ub1UhQ9T3xPK:ut+T9SLLAMIla8eKEr38dhQ9ThPK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/58892f621a5b05339536004b2102cac88ea63b2148b784ea7a4745c27633444b.exe

Files

5cf2924b8575066f7a4c1cbc4195510745c684f250eaf85bf225027d982b86f4
.zip

Password: infected
58892f621a5b05339536004b2102cac88ea63b2148b784ea7a4745c27633444b.exe
.exe windows:5 windows x86 arch:x86

e8e51dea98dc7701b104446165cbe5db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLocaleInfoA
WriteConsoleInputW
WritePrivateProfileStructA
DeleteVolumeMountPointA
VerSetConditionMask
ReadConsoleA
InterlockedDecrement
ZombifyActCtx
SetDefaultCommConfigW
CreateJobObjectW
GetProfileSectionA
GetComputerNameW
MoveFileWithProgressA
FindNextVolumeMountPointA
CreateActCtxW
GlobalAlloc
TerminateThread
ReadConsoleInputA
SetConsoleCP
InterlockedPopEntrySList
GlobalFlags
WriteConsoleW
GetTimeZoneInformation
GetNamedPipeHandleStateW
GetLargestConsoleWindowSize
CreateFileA
GetLastError
GetProcAddress
PeekConsoleInputW
VerLanguageNameW
SearchPathA
GetPrivateProfileStringA
SetFileApisToOEM
OpenWaitableTimerA
LoadLibraryA
GetConsoleScreenBufferInfo
IsWow64Process
BuildCommDCBAndTimeoutsW
GetNumberFormatW
FoldStringA
GlobalFindAtomW
GetModuleHandleA
GetProcessShutdownParameters
OpenFileMappingW
GetCPInfoExA
LocalSize
GetWindowsDirectoryW
CloseHandle
SetStdHandle
FlushFileBuffers
FindFirstFileA
GetCommandLineW
WideCharToMultiByte
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapReAlloc
HeapSetInformation
GetStartupInfoW
GetCPInfo
RaiseException
RtlUnwind
HeapAlloc
LCMapStringW
IsProcessorFeaturePresent
HeapCreate
HeapSize
GetModuleHandleW
ExitProcess
SetUnhandledExceptionFilter
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryW
SetFilePointer
GetConsoleCP
GetConsoleMode
CreateFileW

user32

CharToOemBuffW
CharUpperW

advapi32

IsTextUnicode

Sections

.text
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

e8e51dea98dc7701b104446165cbe5db

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 192KB - Virtual size: 191KB

.data Size: 19KB - Virtual size: 3.5MB

.rsrc Size: 32KB - Virtual size: 32KB

.text
Size: 192KB - Virtual size: 191KB

.data
Size: 19KB - Virtual size: 3.5MB

.rsrc
Size: 32KB - Virtual size: 32KB