9e8dbf9478afaa9d214f9736690b049db3a51990dd2f9e57854faa04ca09b2cd

Sharing

Copy URL Twitter E-mail

General

Target

9e8dbf9478afaa9d214f9736690b049db3a51990dd2f9e57854faa04ca09b2cd
Size

206KB
MD5

f3350ed5c77618179567eda4dbb8d880
SHA1

380f23e95fe5174f79e005089e117c6b69590a11
SHA256

9e8dbf9478afaa9d214f9736690b049db3a51990dd2f9e57854faa04ca09b2cd
SHA512

f4381a1e13fc5c49c6882a14cf8f1543fc8c055df4516c6d7759b059d84ab8596b19ab55c6b204eddb67c0789bc530b70f38af8043cd8030c9b6da2bccfffc63
SSDEEP

3072:aS30bEXWu1e2OmCOveUBU41t1KebIXaawK7UoG9oFtfsDKOYd9hunPc7:qYZ1ekmUBUmZbIXaafC9oXfsDeYnPQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6f1b4d725cae2956015beba0010823c69bc1c5985bbe49ccd1ea1428c7aafee3.exe

Files

9e8dbf9478afaa9d214f9736690b049db3a51990dd2f9e57854faa04ca09b2cd
.zip

Password: infected
6f1b4d725cae2956015beba0010823c69bc1c5985bbe49ccd1ea1428c7aafee3.exe
.exe windows:5 windows x86 arch:x86

c3d91f9f06e670398306893ad7f0764c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\yed 15\suzocak88\me.pdb

Imports

kernel32

InterlockedCompareExchange
SetComputerNameW
AddConsoleAliasW
GetComputerNameW
GetTickCount
GetNumberFormatA
GetUserDefaultLangID
GlobalFindAtomA
AssignProcessToJobObject
GetSystemPowerStatus
VerifyVersionInfoA
CompareStringW
GetLogicalDriveStringsA
GetLastError
GetProcAddress
FindResourceA
MoveFileW
LoadLibraryA
WriteConsoleA
InterlockedExchangeAdd
LocalAlloc
RemoveDirectoryW
SetFileApisToANSI
QueryDosDeviceW
EnumResourceTypesW
CreateWaitableTimerW
GetConsoleTitleW
VirtualProtect
GetFileAttributesExW
DeleteFileW
GetCurrentProcessId
GetFileInformationByHandle
GetVolumeInformationW
VirtualAlloc
GetTempFileNameW
CreateFileA
GetModuleHandleW
Sleep
ExitProcess
GetStartupInfoW
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
WriteFile
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetModuleHandleA
RaiseException
RtlUnwind
HeapAlloc
HeapReAlloc
HeapSize
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
CloseHandle
GetConsoleOutputCP
WriteConsoleW
SetStdHandle

gdi32

GetCharABCWidthsFloatW

winhttp

WinHttpReadData

Sections

.text
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

c3d91f9f06e670398306893ad7f0764c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

winhttp

Sections

.text Size: 216KB - Virtual size: 216KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 20KB - Virtual size: 73KB

.rsrc Size: 33KB - Virtual size: 33KB

.text
Size: 216KB - Virtual size: 216KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 20KB - Virtual size: 73KB

.rsrc
Size: 33KB - Virtual size: 33KB