84de08f39937e8314f0080be4324f063518a90ff548b411a86e659dcf6f5da86

Sharing

Copy URL Twitter E-mail

General

Target

84de08f39937e8314f0080be4324f063518a90ff548b411a86e659dcf6f5da86
Size

284KB
MD5

494eadb3bda4bab3dc79bd0075abbd9d
SHA1

ddae66be6ea809f57e0c4b4c8e203837c5b00084
SHA256

84de08f39937e8314f0080be4324f063518a90ff548b411a86e659dcf6f5da86
SHA512

66988ac4c872fbc3298dee0cb7e775114dfa0ff1ef5c17f3bdcac5018bef252f4bc42e6c1589831c04021397feae4e75ac5af62ba43bb6bb35af355ec8ce16b0
SSDEEP

3072:To+WNCYPV0x+HAuw5US50HTI9JqGKEliXK2bE7cnESHakml558X:sVfAuwOSmzI913+Jn+V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84de08f39937e8314f0080be4324f063518a90ff548b411a86e659dcf6f5da86

Files

84de08f39937e8314f0080be4324f063518a90ff548b411a86e659dcf6f5da86
.exe windows:5 windows x86 arch:x86

709b53653347f07d3d3d891ff1120ab3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\fokugeyivapu\jixakafuzixi\soso27\sihelub.pdb

Imports

kernel32

InterlockedDecrement
AddConsoleAliasW
GetComputerNameW
GetFileAttributesExA
GetTickCount
FindNextVolumeMountPointA
GetNumberFormatA
EnumTimeFormatsA
GlobalAlloc
GetLocaleInfoW
ReadConsoleInputA
GetThreadSelectorEntry
GetConsoleAliasExesLengthW
WriteConsoleW
CreateDirectoryA
GetLastError
GetProcAddress
VirtualAlloc
LoadLibraryA
ReadConsoleA
RemoveDirectoryW
GlobalFindAtomW
SetEnvironmentVariableA
GetModuleFileNameA
GetConsoleTitleW
GetCurrentDirectoryA
DuplicateHandle
GetVersionExA
GetWindowsDirectoryW
GetCurrentProcessId
GetVolumeInformationW
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
FindResourceA
GetLocaleInfoA
InterlockedExchangeAdd
CreateFileA
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
HeapFree
RaiseException
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
VirtualFree
HeapReAlloc
HeapCreate
GetModuleHandleW
Sleep
ExitProcess
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleA
SetFilePointer
InitializeCriticalSectionAndSpinCount
RtlUnwind
WriteConsoleA
GetConsoleOutputCP
MultiByteToWideChar
SetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
CloseHandle

user32

CharLowerBuffA
CharUpperBuffW
LoadKeyboardLayoutW
GetAltTabInfoA
UnregisterClassA

gdi32

StretchDIBits

advapi32

ReadEventLogA

shell32

FindExecutableW

winhttp

WinHttpCheckPlatform

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 22.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

709b53653347f07d3d3d891ff1120ab3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

winhttp

Sections

.text Size: 164KB - Virtual size: 164KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 76KB - Virtual size: 22.0MB

.rsrc Size: 30KB - Virtual size: 30KB

.text
Size: 164KB - Virtual size: 164KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 76KB - Virtual size: 22.0MB

.rsrc
Size: 30KB - Virtual size: 30KB