bd99f06af8514a81a68a42510f9735ee969e0572dc1b0c9c2dad88d6307eeab3

Sharing

Copy URL Twitter E-mail

General

Target

bd99f06af8514a81a68a42510f9735ee969e0572dc1b0c9c2dad88d6307eeab3
Size

150KB
MD5

033195c55cd534394dd6fdda6f46cb3b
SHA1

c2195c4a3113e29a2c05110db09a4a987f9c60b7
SHA256

bd99f06af8514a81a68a42510f9735ee969e0572dc1b0c9c2dad88d6307eeab3
SHA512

eac730ae671cd312c2b79e640d922e13c0d92fd6fc73a9b0d297753a7969e50348f3eee97a14b75f8d29e7b25eee7edc284dd0d82c6d104e1e0b68af99331f58
SSDEEP

3072:+TtydjZJOHoN+eg87sqhI7kCD8t/OCy7ASWTecEXk7SOjB/vjxk/X:+TodjrO+QqhIgCg47AEnXke6B/vtMX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/782bdfd0de0d78f62dc62dbfc64e50e0f1dbaecf04340fdd41aa2da00e0ccdbc.exe

Files

bd99f06af8514a81a68a42510f9735ee969e0572dc1b0c9c2dad88d6307eeab3
.zip

Password: infected
782bdfd0de0d78f62dc62dbfc64e50e0f1dbaecf04340fdd41aa2da00e0ccdbc.exe
.exe windows:5 windows x86 arch:x86

4696cd4eba2b1db3a82c2253e8f38d96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\hefujawasotab we.pdb

Imports

kernel32

InterlockedCompareExchange
SetComputerNameW
AddConsoleAliasW
GetComputerNameW
GetTickCount
GetNumberFormatA
GetUserDefaultLangID
GlobalFindAtomA
AssignProcessToJobObject
GetSystemPowerStatus
VerifyVersionInfoA
CompareStringW
GetLogicalDriveStringsA
GetLastError
GetProcAddress
FindResourceA
MoveFileW
LoadLibraryA
WriteConsoleA
InterlockedExchangeAdd
LocalAlloc
RemoveDirectoryW
SetFileApisToANSI
QueryDosDeviceW
EnumResourceTypesW
CreateWaitableTimerW
GetConsoleTitleW
VirtualProtect
GetFileAttributesExW
DeleteFileW
GetCurrentProcessId
GetFileInformationByHandle
GetVolumeInformationW
VirtualAlloc
GetTempFileNameW
CreateFileA
GetModuleHandleW
Sleep
ExitProcess
GetStartupInfoW
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
WriteFile
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetModuleHandleA
RaiseException
RtlUnwind
HeapAlloc
HeapReAlloc
HeapSize
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
CloseHandle
GetConsoleOutputCP
WriteConsoleW
SetStdHandle

gdi32

GetCharABCWidthsFloatW

winhttp

WinHttpWriteData

Sections

.text
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

4696cd4eba2b1db3a82c2253e8f38d96

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

winhttp

Sections

.text Size: 157KB - Virtual size: 156KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 20KB - Virtual size: 73KB

.rsrc Size: 33KB - Virtual size: 33KB

.text
Size: 157KB - Virtual size: 156KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 20KB - Virtual size: 73KB

.rsrc
Size: 33KB - Virtual size: 33KB