30273431103f308ce653299a4e1eac13591c36532ef995d5745ecbd6351063f3

Sharing

Copy URL

Twitter E-mail

General

Target

30273431103f308ce653299a4e1eac13591c36532ef995d5745ecbd6351063f3
Size

703KB
MD5

4b554f84a3d718261ce555197d03458e
SHA1

251a775ed2089554f06e2c7f16448470df791966
SHA256

30273431103f308ce653299a4e1eac13591c36532ef995d5745ecbd6351063f3
SHA512

11a4fa160a4a7b798d08f8850e71fed9202edad612527d18783cae48242e58ec9a44003debc110f691093cb772ba433521b6fe4f9cc8f2243454867b9dfd18f5
SSDEEP

12288:rdGC1pTS3wX0R7kUcI+7lYItCFMR6NqFmMyv+:p1pTtYkUcIUYtu0My

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30273431103f308ce653299a4e1eac13591c36532ef995d5745ecbd6351063f3

Files

30273431103f308ce653299a4e1eac13591c36532ef995d5745ecbd6351063f3
.exe windows:5 windows x86 arch:x86

d97b635a6cd4f40d327695cd5edf9627

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\EPM\EPM_main\SetupUE\Release\SetupUE.pdb

Imports

kernel32

GetProcAddress
LoadLibraryA
GetVersionExW
GetTimeZoneInformation
CloseHandle
WaitForSingleObject
FreeLibrary
LocalFree
GetModuleFileNameW
GetCommandLineW
GetModuleHandleW
GetSystemInfo
CreateProcessW
GetLocaleInfoW
FlushFileBuffers
CreateFileA
GetLocaleInfoA
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetStartupInfoW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapFree
HeapAlloc
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
VirtualAlloc
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

GetSystemMetrics

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyW

shell32

CommandLineToArgvW

netapi32

NetApiBufferFree
NetWkstaGetInfo

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 616KB - Virtual size: 620KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d97b635a6cd4f40d327695cd5edf9627

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

netapi32

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 616KB - Virtual size: 620KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 616KB - Virtual size: 620KB