b40fecd61638f8d0f3d210cc17402e3e67c7e6282a683ca8f5056431ad46c087

Sharing

Copy URL Twitter E-mail

General

Target

b40fecd61638f8d0f3d210cc17402e3e67c7e6282a683ca8f5056431ad46c087
Size

185KB
MD5

7f172f3581c989ff08029efd5eb83940
SHA1

362ef6541d3bf2584550dad232532b93f2dbdad4
SHA256

b40fecd61638f8d0f3d210cc17402e3e67c7e6282a683ca8f5056431ad46c087
SHA512

c23816a76459aa389559abc6888969f3353da21dc3585238a55532122e2a2d4da95c92ef028a7b06a41a3cdfb004ba08f1981bc2ff7e11e3e65d992c10be0fa1
SSDEEP

3072:LToByfCeAyD1XVcaHsCdcs7JLM34AbJcVuSijbUfEuj2TiUQBbqdtNbMt:Lqy8yRTpL7O39mU4fEQ2TlQBbqdtNw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2f956197a4d1936813be2945bd9bd2bad0c30613d5929a0826bc95e106d2714d.exe

Files

b40fecd61638f8d0f3d210cc17402e3e67c7e6282a683ca8f5056431ad46c087
.zip

Password: infected
2f956197a4d1936813be2945bd9bd2bad0c30613d5929a0826bc95e106d2714d.exe
.exe windows:5 windows x86 arch:x86

b55d52bd4fb8575e7457803bdb9b409f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetNumaProcessorNode
HeapAlloc
InterlockedIncrement
WaitForSingleObject
SetEvent
GetModuleHandleW
GetTickCount
FindNextVolumeMountPointA
LoadLibraryW
GetLocaleInfoW
GetFileAttributesA
HeapValidate
CreateFileW
GetConsoleOutputCP
GetLastError
GetCurrentDirectoryW
GetProcAddress
HeapSize
SetComputerNameA
GetAtomNameA
LoadLibraryA
UnhandledExceptionFilter
CreateHardLinkW
GlobalFindAtomW
CreatePipe
ConvertDefaultLocale
GetModuleFileNameA
SetConsoleTitleW
HeapSetInformation
SetCalendarInfoA
FindAtomW
ReadFile
FlushFileBuffers
HeapReAlloc
GetCommandLineA
GetStartupInfoW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
DecodePointer
EncodePointer
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
EnterCriticalSection
LeaveCriticalSection
HeapFree
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
RtlUnwind
MultiByteToWideChar
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
IsProcessorFeaturePresent
CloseHandle

user32

GetMonitorInfoA

ole32

CoTaskMemFree

winhttp

WinHttpOpen

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

b55d52bd4fb8575e7457803bdb9b409f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

winhttp

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 147KB - Virtual size: 147KB

.data Size: 7KB - Virtual size: 1.0MB

.tls Size: 2KB - Virtual size: 2KB

.rsrc Size: 93KB - Virtual size: 92KB

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 147KB - Virtual size: 147KB

.data
Size: 7KB - Virtual size: 1.0MB

.tls
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 93KB - Virtual size: 92KB