0d60f1b8aec8c0e0b5b9304fb6d7af7580802f65e3b9e0de043faa54240e8dac

Sharing

Copy URL

Twitter E-mail

General

Target

0d60f1b8aec8c0e0b5b9304fb6d7af7580802f65e3b9e0de043faa54240e8dac
Size

152KB
MD5

0b1324bf98988b0fdba9a7d3fdd4c06a
SHA1

9ad3caf475e25661140cf49bcd6aa3d41a5db6b6
SHA256

0d60f1b8aec8c0e0b5b9304fb6d7af7580802f65e3b9e0de043faa54240e8dac
SHA512

4ef4e9459e56f6ef6e54bfba902cf5e04adedb3a1c42151b9ba9a9fdbfc439ff2d525b76176a68e94202ca39723fffea2c587045566e1495d25669e7223e42fb
SSDEEP

3072:U+6h6aLyDVpsdk7XBEfQtHFRhjlSdbPT0E45VuG9fNM:U+6h6RDzsiBEItljl4bwEirS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/a8905ed9ed1f5b9d74cee3da53ebc0a21af8cbcbf86504ac52f4234cc54c60e1.exe

Files

0d60f1b8aec8c0e0b5b9304fb6d7af7580802f65e3b9e0de043faa54240e8dac
.zip

Password: infected
a8905ed9ed1f5b9d74cee3da53ebc0a21af8cbcbf86504ac52f4234cc54c60e1.exe
.exe windows:5 windows x86 arch:x86

090041695468dcbe4eb2f63f21330c94

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\jayavejay_nohiti.pdb

Imports

kernel32

GlobalSize
CreateJobObjectW
CreateHardLinkA
GetTickCount
GetCommConfig
GlobalFindAtomA
LoadLibraryW
SetConsoleMode
EnumResourceLanguagesA
SetComputerNameExW
FlushInstructionCache
InterlockedExchange
GetLastError
SetLastError
BackupRead
GetProcAddress
VirtualAlloc
SetComputerNameA
WriteConsoleA
GetConsoleAliasA
LocalAlloc
TransmitCommChar
RemoveDirectoryW
QueryDosDeviceW
AddAtomA
SetSystemTime
FindFirstVolumeMountPointA
GetThreadPriority
GetModuleHandleA
GetStringTypeW
GetCurrentProcessId
ResetWriteWatch
SetFileAttributesW
DeleteFileA
lstrcpyA
GetConsoleAliasesLengthW
FindFirstChangeNotificationW
WriteConsoleOutputCharacterW
InterlockedExchangeAdd
GetComputerNameA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
HeapFree
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetLocaleInfoA
HeapSize
RaiseException

user32

CharLowerBuffW

gdi32

GetCharABCWidthsFloatA
SetColorAdjustment

advapi32

AreAnyAccessesGranted

Sections

.text
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

090041695468dcbe4eb2f63f21330c94

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 115KB - Virtual size: 115KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 4.1MB

.rsrc Size: 108KB - Virtual size: 107KB

.text
Size: 115KB - Virtual size: 115KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 4.1MB

.rsrc
Size: 108KB - Virtual size: 107KB