379ca83aa9e775151a10c620998e9bbd4a56aa8d447e8d18d9e123eeebb195b0

Sharing

Copy URL

Twitter E-mail

General

Target

379ca83aa9e775151a10c620998e9bbd4a56aa8d447e8d18d9e123eeebb195b0
Size

166KB
MD5

0e9b97c7b9a3aecc97e15c0d6ecbd3a7
SHA1

ca30b3adfd129819012e42dc5360d768c2eeed41
SHA256

379ca83aa9e775151a10c620998e9bbd4a56aa8d447e8d18d9e123eeebb195b0
SHA512

d44bcc3f77096696fab1eb1f98d712672436fd1c5d04b62b4096ce01d7decda5658b935539e3596fe853a632875e21b9b0d42b1a4e7d5d680c4fbce5caa8bdb1
SSDEEP

3072:x3Ai1t5W7coHfH09aJmLzF3KyRAsGH3PhAkqxqYGTjvRzNV73FMjEuKkYTRA8:x3AYmlcEknRWuxqYsvB37FPkYTRA8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/489f26c346d2ff193ea6802b5c23e2bfa596960d2358d10ca70c60e590f61d3e.exe

Files

379ca83aa9e775151a10c620998e9bbd4a56aa8d447e8d18d9e123eeebb195b0
.zip

Password: infected
489f26c346d2ff193ea6802b5c23e2bfa596960d2358d10ca70c60e590f61d3e.exe
.exe windows:5 windows x86 arch:x86

a8ca86a93d9814ac3826edb072ebc505

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\dotag\pusu.pdb

Imports

kernel32

LoadResource
GlobalAddAtomA
EndUpdateResourceW
GetCurrentProcess
CreateJobObjectW
InterlockedCompareExchange
SignalObjectAndWait
SetComputerNameW
GetComputerNameW
GetModuleHandleW
GetTickCount
GetDateFormatA
EnumTimeFormatsW
TzSpecificLocalTimeToSystemTime
GlobalAlloc
SetFileShortNameW
GlobalFindAtomA
GetConsoleAliasExesLengthW
FormatMessageW
GetVersionExW
SetConsoleCursorPosition
CreateFileW
GetVolumePathNameA
LCMapStringA
GetConsoleAliasesW
GetLastError
SetLastError
BackupRead
TlsGetValue
GetProcAddress
VirtualAlloc
EnumDateFormatsExA
HeapUnlock
SetComputerNameA
LoadLibraryA
OpenMutexA
InterlockedExchangeAdd
CreateFileMappingA
DeleteTimerQueue
CreateFileMappingW
FindFirstVolumeMountPointW
SetThreadIdealProcessor
FoldStringW
FindFirstVolumeMountPointA
GetModuleHandleA
FindFirstChangeNotificationA
VirtualProtect
CompareStringA
GetCurrentThreadId
OpenSemaphoreW
TerminateJobObject
GetWindowsDirectoryW
lstrcpyA
GetNativeSystemInfo
ReadConsoleOutputCharacterA
GetFullPathNameA
Sleep
ExitProcess
GetCommandLineA
GetStartupInfoA
RaiseException
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapSize
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
RtlUnwind
GetLocaleInfoA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

DdeQueryStringA
SetMessageExtraInfo
CharUpperW

gdi32

CreateCompatibleBitmap
SetDeviceGammaRamp

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 38.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

a8ca86a93d9814ac3826edb072ebc505

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

Sections

.text Size: 164KB - Virtual size: 163KB

.data Size: 6KB - Virtual size: 38.5MB

.rsrc Size: 136KB - Virtual size: 135KB

.text
Size: 164KB - Virtual size: 163KB

.data
Size: 6KB - Virtual size: 38.5MB

.rsrc
Size: 136KB - Virtual size: 135KB