27d0a2bb6100c46fbe5f98e4459b5b58ffd6c53eaa5668b64f86c4554b7ef0ec

Sharing

Copy URL Twitter E-mail

General

Target

27d0a2bb6100c46fbe5f98e4459b5b58ffd6c53eaa5668b64f86c4554b7ef0ec
Size

162KB
MD5

dd5008b449f1ce5c2d3f922c49c1cd7d
SHA1

1738c10639cba24c3ee1bd2b2e67b8fe5b561124
SHA256

27d0a2bb6100c46fbe5f98e4459b5b58ffd6c53eaa5668b64f86c4554b7ef0ec
SHA512

62ac017e61985e3e94e0b19fff8ee2fbeb0d2a94f1c9106d1f647df8c6a587b2ff4d9963a1312c1d000e459ed96adcf502a1abdc476fcc2356b235dd22738f3d
SSDEEP

3072:h3BYhY/lsc9tpAHnM76DRRRqiSBvakfJoDGXSKftB3FopVI:Iul9TAFRRcvakKGiKDFopVI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/5337ee7f8aa1a26585d70bc5b2e2aacd0f3346eb638e8b80fabf6ca36df4963e.exe

Files

27d0a2bb6100c46fbe5f98e4459b5b58ffd6c53eaa5668b64f86c4554b7ef0ec
.zip

Password: infected
5337ee7f8aa1a26585d70bc5b2e2aacd0f3346eb638e8b80fabf6ca36df4963e.exe
.exe windows:5 windows x86 arch:x86

bb4ed0427869e9924833098334fcbc32

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
FreeEnvironmentStringsA
GetModuleHandleW
TlsSetValue
IsProcessInJob
SetConsoleCP
LeaveCriticalSection
CreateJobObjectA
LCMapStringA
GetConsoleOutputCP
SetCurrentDirectoryA
GetLastError
SetLastError
GetProcAddress
GetLongPathNameA
CreateNamedPipeA
TryEnterCriticalSection
LoadLibraryA
OpenWaitableTimerW
LocalAlloc
AddAtomW
VirtualLock
FindNextChangeNotification
GetModuleFileNameA
lstrcmpiW
LoadLibraryExA
CreateWaitableTimerW
EraseTape
CompareStringA
EnumCalendarInfoExA
LocalFree
CopyFileExA
LocalFileTimeToFileTime
SetFileAttributesA
LocalUnlock
GetStartupInfoW
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
TlsGetValue
TlsAlloc
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
Sleep
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FatalAppExitA
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
LCMapStringW
GetLocaleInfoW
GetTimeZoneInformation
CompareStringW
SetEnvironmentVariableA

advapi32

GetAce

Sections

.text
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 417B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xodogu
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vohom
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

bb4ed0427869e9924833098334fcbc32

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 185KB - Virtual size: 185KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 33KB - Virtual size: 37KB

.tls Size: 512B - Virtual size: 417B

.xodogu Size: 512B - Virtual size: 12B

.vohom Size: 1024B - Virtual size: 777B

.rsrc Size: 69KB - Virtual size: 1.9MB

.text
Size: 185KB - Virtual size: 185KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 33KB - Virtual size: 37KB

.tls
Size: 512B - Virtual size: 417B

.xodogu
Size: 512B - Virtual size: 12B

.vohom
Size: 1024B - Virtual size: 777B

.rsrc
Size: 69KB - Virtual size: 1.9MB