f9b2bdda5d0575c68fdc108b468e0feb3713e28a29fb00805b1bcf7328b7f27f

Sharing

Copy URL Twitter E-mail

General

Target

f9b2bdda5d0575c68fdc108b468e0feb3713e28a29fb00805b1bcf7328b7f27f
Size

143KB
MD5

3fab7b44ab2e00e140a667a5c6af02f4
SHA1

41b434dffeb40fb7fe535351e4865482545d1557
SHA256

f9b2bdda5d0575c68fdc108b468e0feb3713e28a29fb00805b1bcf7328b7f27f
SHA512

fd0faea73c6c6aa982c30a70606cc2a33ea78dbb45c2d656fb1dba6dbb2f08da9c498aa74b835e61e8a37a82fd582bcfb66ed1c80f8f7ee547a7b9111c85cbd3
SSDEEP

3072:AIdYJnbXsVW+BTiVzWmzk8f/NSpvNp77bpDJiFoIG9q9W:ddYJb8VW+pozWmzk8f/cpvH7hke6W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/18b6d9af4a2895a4fe0d00a8345fac2e2b6186a3fafb34d6bb6af4f9e3a07477.exe

Files

f9b2bdda5d0575c68fdc108b468e0feb3713e28a29fb00805b1bcf7328b7f27f
.zip

Password: infected
18b6d9af4a2895a4fe0d00a8345fac2e2b6186a3fafb34d6bb6af4f9e3a07477.exe
.exe windows:5 windows x86 arch:x86

06115774cf36cf0ea7fdd99b0e95ce6a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vurageweho\cajafesihuy\timaruza_kubomu42-xanufibe62\kebasox-xudo.pdb

Imports

kernel32

GetSystemDefaultLangID
FillConsoleOutputCharacterA
FindResourceA
GetConsoleAliasesLengthW
SetComputerNameExA
InterlockedDecrement
SetComputerNameW
CreateHardLinkA
GetModuleHandleW
GetTickCount
VirtualFree
GetConsoleAliasesLengthA
LoadLibraryW
ReadConsoleInputA
FreeConsole
GetStartupInfoW
GetLastError
SetLastError
GetProcAddress
VirtualAlloc
SetComputerNameA
LoadLibraryA
WriteConsoleA
InterlockedExchangeAdd
LocalAlloc
MoveFileA
QueryDosDeviceW
FindNextChangeNotification
GlobalFindAtomW
FindFirstVolumeMountPointA
PurgeComm
GetCurrentProcessId
DebugBreak
ReadConsoleOutputCharacterW
OpenFileMappingA
DeleteFileA
MultiByteToWideChar
Sleep
ExitProcess
GetCPInfo
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
CloseHandle
EnterCriticalSection
LeaveCriticalSection
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapAlloc
HeapReAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwind
HeapSize
GetConsoleOutputCP
WriteConsoleW
SetFilePointer
CreateFileA
RaiseException

user32

GetWindowTextLengthA
GetKeyNameTextA

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

06115774cf36cf0ea7fdd99b0e95ce6a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 119KB - Virtual size: 118KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 19KB - Virtual size: 4.1MB

.rsrc Size: 80KB - Virtual size: 80KB

.text
Size: 119KB - Virtual size: 118KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 19KB - Virtual size: 4.1MB

.rsrc
Size: 80KB - Virtual size: 80KB