a9c79d6a8cfcbd21d8ef5aa56036d50a393dda9e4a56c541d8c6b11253b0a485

Sharing

Copy URL

Twitter E-mail

General

Target

a9c79d6a8cfcbd21d8ef5aa56036d50a393dda9e4a56c541d8c6b11253b0a485
Size

141KB
MD5

cbe58673cf8626741486b02bd8a20860
SHA1

7b161eb00f5501a254cff39a21e64e03adb1dc75
SHA256

a9c79d6a8cfcbd21d8ef5aa56036d50a393dda9e4a56c541d8c6b11253b0a485
SHA512

0b37851324e0f953625b551b5c539c7578eafbc506ffc1fa4aad0ecace27e10fa1faa577a5101adb992bfd4cd21c6f7929ef6e01a74c4e1b0ed819d1dd02703e
SSDEEP

3072:eMFHYIn8etGOUfFK2RJZ8hCR4dMYBJMFJEE9rXF2W9rhWiPS3rKZLtCxP:DFvlGr99XZaQtYoFJEiL4MIra+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/a7c2b8d081407da5d72f12eeef21c11674ff616c89be40f73f114c292c09e6de.exe

Files

a9c79d6a8cfcbd21d8ef5aa56036d50a393dda9e4a56c541d8c6b11253b0a485
.zip

Password: infected
a7c2b8d081407da5d72f12eeef21c11674ff616c89be40f73f114c292c09e6de.exe
.exe windows:5 windows x86 arch:x86

700b0dd8274fa766006677f2cd2b64ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\koliyayibuj\telu.pdb

Imports

kernel32

QueryDosDeviceA
AddConsoleAliasW
SetCommBreak
GetSystemDefaultLCID
GetTickCount
LoadLibraryW
FatalAppExitW
FreeConsole
SetComputerNameExW
CreateJobObjectA
GetLastError
SetLastError
GetProcAddress
VirtualAlloc
SetVolumeLabelW
ReadConsoleOutputAttribute
RemoveDirectoryA
LoadLibraryA
WriteConsoleA
LocalAlloc
FindNextChangeNotification
GlobalFindAtomW
GetModuleFileNameA
FindFirstVolumeMountPointA
GetModuleHandleA
GetFileAttributesExW
DeleteFileW
GetCurrentProcessId
MoveFileWithProgressW
DebugBreak
AreFileApisANSI
MoveFileW
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleW
Sleep
ExitProcess
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapFree
GetCPInfo
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
WriteFile
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapAlloc
HeapReAlloc
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
RtlUnwind

advapi32

GetAce

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 38.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

700b0dd8274fa766006677f2cd2b64ed

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Sections

.text Size: 126KB - Virtual size: 126KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 19KB - Virtual size: 38.9MB

.rsrc Size: 69KB - Virtual size: 69KB

.text
Size: 126KB - Virtual size: 126KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 19KB - Virtual size: 38.9MB

.rsrc
Size: 69KB - Virtual size: 69KB