e908efc5c057ba1a4fedc8d7f4ce76c29c50d7a4f03702de8945a47a9c21b24e

Sharing

Copy URL

Twitter E-mail

General

Target

e908efc5c057ba1a4fedc8d7f4ce76c29c50d7a4f03702de8945a47a9c21b24e
Size

128KB
MD5

4fa58c8e2b43af8f4187af538e24e3ef
SHA1

fcc2a05e18c22a210596b168041f7c159833449b
SHA256

e908efc5c057ba1a4fedc8d7f4ce76c29c50d7a4f03702de8945a47a9c21b24e
SHA512

1a9a13eae50b5979adddd015bdeb25edea41676b4f1f3f8cb170a70835b5677bf230f78511c2e8f82e54163562362b38e16fb78ff14fd88ab87873d370eac744
SSDEEP

3072:9Syi8zwswtvdcY24I8S3nlJqz1W43WiNZN5zlunOxg303:cySd0U2b43Dzlunqm03

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/2496bd1f22e675f292a9176022379b39bd6c0a74ca928ca3cca4d639a66f108f.exe

Files

e908efc5c057ba1a4fedc8d7f4ce76c29c50d7a4f03702de8945a47a9c21b24e
.zip

Password: infected
2496bd1f22e675f292a9176022379b39bd6c0a74ca928ca3cca4d639a66f108f.exe
.exe windows:5 windows x86 arch:x86

d77b02f65b7bb86e8f742226786b42db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapCompact
TlsGetValue
GetLocaleInfoA
GetTimeFormatA
FreeEnvironmentStringsA
GetModuleHandleW
VirtualFree
GetSystemTimes
LoadLibraryW
GetConsoleAliasExesLengthW
GetAtomNameW
GetMailslotInfo
WritePrivateProfileStringW
LCMapStringA
GetConsoleAliasesW
GetLastError
GetProcAddress
GetLongPathNameA
HeapSize
ResetEvent
LoadLibraryA
LocalAlloc
SetConsoleOutputCP
GetModuleFileNameA
CompareStringA
SetCalendarInfoA
LocalFree
HeapFree
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapCreate
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
VirtualAlloc
HeapReAlloc
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
Sleep
ExitProcess
WriteFile
GetStdHandle
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringW
GetLocaleInfoW
GetTimeZoneInformation
CompareStringW
SetEnvironmentVariableA

Sections

.text
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

d77b02f65b7bb86e8f742226786b42db

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 183KB - Virtual size: 183KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 11KB

.tls Size: 2KB - Virtual size: 2KB

.rsrc Size: 26KB - Virtual size: 25KB

.text
Size: 183KB - Virtual size: 183KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 11KB

.tls
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 26KB - Virtual size: 25KB