b2ed945fc6554c9df5c0b3cfec1ad40e699f7f4512fe1d44e995585da1da1a6d

Sharing

Copy URL

Twitter E-mail

General

Target

b2ed945fc6554c9df5c0b3cfec1ad40e699f7f4512fe1d44e995585da1da1a6d
Size

152KB
MD5

d80b80c9a36383481325108c05eba8a4
SHA1

fea5f588dd64e7f909c8e60311f2d17384c2256d
SHA256

b2ed945fc6554c9df5c0b3cfec1ad40e699f7f4512fe1d44e995585da1da1a6d
SHA512

6bf7e8ec05fb2baac96bbdfa2566a8899885b0d5a35092cf8a96616fd13c169c6b40ddeaed444b146a321089f075cfaef78c67394537cff7d2873bab58fccb51
SSDEEP

3072:fjZ/um5dMMNOA8c5k4vyOePrFw736AcZCbb9sjPItwQRhekO+:bZ/umxwzc57vbePOD60vkPItTRheW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/30205eaf6f581036262bfc099dfc5cc5d0e4d771dca3d1c4cf3dada59d097672.exe

Files

b2ed945fc6554c9df5c0b3cfec1ad40e699f7f4512fe1d44e995585da1da1a6d
.zip

Password: infected
30205eaf6f581036262bfc099dfc5cc5d0e4d771dca3d1c4cf3dada59d097672.exe
.exe windows:5 windows x86 arch:x86

08fc0ef0426f847a4d643196bc40d8e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\gin\nob_tejazocaxani\gubufovapisik.pdb

Imports

kernel32

CreateJobObjectW
SetComputerNameW
CreateHardLinkA
GetTickCount
GetCommConfig
VirtualFree
GetConsoleAliasesLengthA
GlobalFindAtomA
LoadLibraryW
SetConsoleMode
SetComputerNameExW
InterlockedExchange
GetLastError
SetLastError
GetProcAddress
VirtualAlloc
BackupWrite
WriteConsoleA
GlobalSize
LocalAlloc
FindFirstVolumeMountPointW
TransmitCommChar
RemoveDirectoryW
QueryDosDeviceW
AddAtomA
SetSystemTime
GetThreadPriority
GetModuleHandleA
GetStringTypeW
EnumResourceLanguagesW
GetCurrentProcessId
ResetWriteWatch
SetFileAttributesW
DeleteFileA
lstrcpyA
GetConsoleAliasA
FindFirstChangeNotificationW
WriteConsoleOutputCharacterW
InterlockedExchangeAdd
GetComputerNameA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
HeapFree
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetLocaleInfoA
HeapSize
RaiseException

gdi32

GetCharABCWidthsFloatA
SetColorAdjustment

advapi32

AreAnyAccessesGranted

Sections

.text
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

08fc0ef0426f847a4d643196bc40d8e6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

advapi32

Sections

.text Size: 115KB - Virtual size: 115KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 4.1MB

.rsrc Size: 108KB - Virtual size: 107KB

.text
Size: 115KB - Virtual size: 115KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 4.1MB

.rsrc
Size: 108KB - Virtual size: 107KB