c75af78aee0af789556e3220005f5a1960ead0038de23208ec23d003106af521

Sharing

Copy URL

Twitter E-mail

General

Target

c75af78aee0af789556e3220005f5a1960ead0038de23208ec23d003106af521
Size

151KB
MD5

b2ade24d5ddb38b33b136289b6ba2ebc
SHA1

907814e6b029ee3d027eac0660eb18757f5fea46
SHA256

c75af78aee0af789556e3220005f5a1960ead0038de23208ec23d003106af521
SHA512

ed6d7fa24a2e0d0863a9493e53b4b930fe3b8b6d8c203a89c6ff49d77aa6624d95e0b35dafe99206be875d5b65e245491370a038d42314d288cd23e0fdb01615
SSDEEP

3072:9gG875mhlIJLNJcQVXl8v77YBP8dZgp4xPCrB12j:tdIJLNuQd2U8dZgePEH2j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/3d24879020f71f37768efb2dcd3724477b190b9f0c7f87c72edb472f81123ec5.exe

Files

c75af78aee0af789556e3220005f5a1960ead0038de23208ec23d003106af521
.zip

Password: infected
3d24879020f71f37768efb2dcd3724477b190b9f0c7f87c72edb472f81123ec5.exe
.exe windows:5 windows x86 arch:x86

d06982428050f7f06adfc753e0db3b8f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\zutogupitaj\zubiracixis\kixozikamo_burom\rabebit.pdb

Imports

kernel32

GlobalSize
GetComputerNameW
GetTickCount
GetCommConfig
VirtualFree
GetConsoleAliasesLengthA
GlobalFindAtomA
LoadLibraryW
SetConsoleMode
SetComputerNameExW
InterlockedExchange
GetLastError
SetLastError
GetProcAddress
VirtualAlloc
BackupWrite
SetComputerNameA
LoadLibraryA
GetConsoleAliasA
InterlockedExchangeAdd
LocalAlloc
CreateHardLinkW
FindFirstVolumeMountPointW
TransmitCommChar
AddAtomW
RemoveDirectoryW
QueryDosDeviceW
SetSystemTime
GetThreadPriority
GetModuleHandleA
EnumResourceLanguagesW
GetCurrentProcessId
ResetWriteWatch
SetFileAttributesW
DeleteFileA
lstrcpyA
GetStringTypeA
FindFirstChangeNotificationW
WriteConsoleOutputCharacterW
WriteConsoleA
GetComputerNameA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
HeapFree
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
HeapReAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetStringTypeW
GetLocaleInfoA
HeapSize
RaiseException

gdi32

GetCharABCWidthsFloatA
StrokePath

advapi32

AreAnyAccessesGranted

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

d06982428050f7f06adfc753e0db3b8f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

advapi32

Sections

.text Size: 114KB - Virtual size: 114KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 4.1MB

.rsrc Size: 107KB - Virtual size: 107KB

.text
Size: 114KB - Virtual size: 114KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 4.1MB

.rsrc
Size: 107KB - Virtual size: 107KB