1e904a4fd9be08d9892e2e5fbcd09ac35b3fc73bd3435ccced6433075b3ae5ef

Sharing

Copy URL Twitter E-mail

General

Target

1e904a4fd9be08d9892e2e5fbcd09ac35b3fc73bd3435ccced6433075b3ae5ef
Size

173KB
MD5

ce23fde8ef67f1252a5b67f7f1ffe7af
SHA1

72000965b41560da573818fe6c7265241fe374e0
SHA256

1e904a4fd9be08d9892e2e5fbcd09ac35b3fc73bd3435ccced6433075b3ae5ef
SHA512

d48df59125cc56999fed92f83621f7f79298d1d241d2af4b76ca4423c9d14c09d17c10ea320aa1e6b9ea32ce90d7346c52dde5b0d28231b0dc9c5cf68deac016
SSDEEP

3072:PsNug3kwlNh4eZwPYXUB9UGct6SJCC76vUi1l/Dc36lbe5dD4ZTEm45f5rOQKm6:E8g3kwZ4awPCUBot6fC76vv/Dm6lO2Tn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a1f6e1057197ed0131185f28c33e1756b83877c5c0fe5d49b98a19d8c93b9538.exe

Files

1e904a4fd9be08d9892e2e5fbcd09ac35b3fc73bd3435ccced6433075b3ae5ef
.zip

Password: infected
a1f6e1057197ed0131185f28c33e1756b83877c5c0fe5d49b98a19d8c93b9538.exe
.exe windows:5 windows x86 arch:x86

d56890d53749dde8bc65c65be68b457c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAlloc
GetCurrentProcessId
GetExitCodeThread
GetLastError
DuplicateHandle
GetTickCount
OpenMutexA
LoadLibraryA
LoadLibraryW
GetModuleFileNameW
SetEnvironmentVariableW
FindResourceA
GlobalFindAtomA
GetWindowsDirectoryW
GetCurrentDirectoryA
CreateDirectoryW
RemoveDirectoryW
CreateFileW
GetProcAddress
GetVolumeInformationW
GetVersionExA
FindNextVolumeMountPointW
GetLocaleInfoA
GetLocaleInfoW
GetNumberFormatA
EnumTimeFormatsA
ReadConsoleInputW
AttachConsole
ReadConsoleW
WriteConsoleA
AddConsoleAliasW
GetConsoleAliasesLengthW
GetConsoleAliasExesLengthA
SetEndOfFile
CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetFileAttributesExA
GetStringTypeW
OutputDebugStringW
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
RaiseException
RtlUnwind
GetCommandLineA
IsProcessorFeaturePresent
HeapAlloc
HeapFree
HeapSize
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetStdHandle
WriteFile
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetFileType
GetCurrentThreadId
GetProcessHeap
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
HeapReAlloc
ReadFile

user32

CharUpperBuffW
GetClassInfoA
LoadKeyboardLayoutW
CharLowerBuffA

gdi32

SetStretchBltMode

shell32

FindExecutableA

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 186KB - Virtual size: 22.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.joc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

d56890d53749dde8bc65c65be68b457c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Sections

.text Size: 90KB - Virtual size: 90KB

.data Size: 186KB - Virtual size: 22.1MB

.idata Size: 3KB - Virtual size: 2KB

.joc Size: 1024B - Virtual size: 1024B

.rsrc Size: 27KB - Virtual size: 26KB

.text
Size: 90KB - Virtual size: 90KB

.data
Size: 186KB - Virtual size: 22.1MB

.idata
Size: 3KB - Virtual size: 2KB

.joc
Size: 1024B - Virtual size: 1024B

.rsrc
Size: 27KB - Virtual size: 26KB