dda366bd5ed3713b174a8db1ba0a388fa41750a7185eafd97284a3e03ba8f151

Sharing

Copy URL Twitter E-mail

General

Target

dda366bd5ed3713b174a8db1ba0a388fa41750a7185eafd97284a3e03ba8f151
Size

739KB
MD5

4f5b17dfceb38ea6255aaf0674538e10
SHA1

23e991111c8baf5f4f678f9da39e51089fdd382c
SHA256

dda366bd5ed3713b174a8db1ba0a388fa41750a7185eafd97284a3e03ba8f151
SHA512

9a8240fbc8809c9b0393a1ce2e1e7be3e047c5084c2714eec43c129f7ba4b046233b5932706d820ddac68b36b87351adeebb0882ce41594d7c7127b73fd02f44
SSDEEP

12288:u6StDQZrq3pjdJKUDGM+m/kAZIgLYUpmszy6Ee5VaVuaETgQ1Df11UeEzi74EWlu:bSRQJqlvKUDn9ZIgUUQcaEtT/EkWlu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2c842e8a9e3ab59cd6d22f252ac5ec9647585fd522c4df7d09422c80a9990777.exe

Files

dda366bd5ed3713b174a8db1ba0a388fa41750a7185eafd97284a3e03ba8f151
.zip

Password: infected
2c842e8a9e3ab59cd6d22f252ac5ec9647585fd522c4df7d09422c80a9990777.exe
.exe windows:5 windows x86 arch:x86

9cbe07299899d36fced0522536c0d21e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\jonivagupabo waruhacavimoye\tibuwobijomuze\dagimutosadabu.pdb

Imports

kernel32

AddConsoleAliasW
GetComputerNameW
SetCommBreak
GetTickCount
GetUserDefaultLangID
AssignProcessToJobObject
WriteConsoleW
GetModuleFileNameW
SetComputerNameExW
FindNextVolumeMountPointW
CreateJobObjectA
InterlockedExchange
GetLastError
GetProcAddress
VirtualAlloc
LoadLibraryA
GetLogicalDriveStringsW
MoveFileA
GetNumberFormatW
RemoveDirectoryW
GlobalFindAtomW
EnumResourceTypesW
GetModuleHandleA
CreateWaitableTimerW
GetConsoleTitleW
VirtualProtect
GetFileAttributesExW
GetCurrentProcessId
UnregisterWaitEx
DeleteFileA
GetVolumeInformationW
LocalAlloc
InterlockedDecrement
CreateFileA
SetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleW
Sleep
ExitProcess
GetStartupInfoW
GetCPInfo
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
HeapFree
WriteFile
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RaiseException
RtlUnwind
HeapAlloc
HeapReAlloc
HeapSize
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
CloseHandle
WriteConsoleA
GetConsoleOutputCP

user32

GetMenu

gdi32

GetCharABCWidthsFloatW

winhttp

WinHttpSetOption

Sections

.text
Size: 741KB - Virtual size: 740KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

9cbe07299899d36fced0522536c0d21e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winhttp

Sections

.text Size: 741KB - Virtual size: 740KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 20KB - Virtual size: 73KB

.rsrc Size: 41KB - Virtual size: 448KB

.text
Size: 741KB - Virtual size: 740KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 20KB - Virtual size: 73KB

.rsrc
Size: 41KB - Virtual size: 448KB