ee947da53f0d93bf60d9176504d938c587ad41178105a0690115dba2a8f7e3c5

Sharing

Copy URL Twitter E-mail

General

Target

ee947da53f0d93bf60d9176504d938c587ad41178105a0690115dba2a8f7e3c5
Size

592KB
MD5

e00c0be5c3d447f2f78616e50ff02a4b
SHA1

d6bf84f78022bd1095bcb88608b1ef2e94ae9350
SHA256

ee947da53f0d93bf60d9176504d938c587ad41178105a0690115dba2a8f7e3c5
SHA512

20ead61191de1d9e215432719f123f021475709ab845e49fb9dafed80e69bb87c9b42fb3942b3163a47cf395f92ae511ee1f70ab2fb6e5401eaa228abf5e1abd
SSDEEP

12288:1a0LBfoCsblAaIN3epT+Ud/Rio0N+G94DfPopONuFrrIZim2cg:1boCKGamepT+Uio0NR90ngO4RUAB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ee947da53f0d93bf60d9176504d938c587ad41178105a0690115dba2a8f7e3c5

Files

ee947da53f0d93bf60d9176504d938c587ad41178105a0690115dba2a8f7e3c5
.dll windows:4 windows x86 arch:x86

7bbcc23451fafd8c549dacecbb42955e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\o12-dist\jun06\autocvs\ctapi3\MS_German_Release\msth3ge.pdb

Imports

kernel32

GetModuleFileNameA
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetLastError
HeapFree
HeapAlloc
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
LCMapStringA
LCMapStringW
GetCPInfo
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
CloseHandle
ReadFile
GetACP
GetOEMCP
SetFilePointer
ExitProcess
WriteFile
GetStdHandle
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
GetFullPathNameA
GetCurrentDirectoryA
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
FlushFileBuffers
CreateFileA
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
GetLocaleInfoW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA

Exports

Exports

ThesaurusCheck
ThesaurusCloseLex
ThesaurusGetOptions
ThesaurusGetString
ThesaurusInit
ThesaurusOpenLex
ThesaurusSetOptions
ThesaurusTerminate
ThesaurusVersion

Sections

.text
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7bbcc23451fafd8c549dacecbb42955e

Headers

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 248KB - Virtual size: 247KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 32KB - Virtual size: 38KB

.rsrc Size: 4KB - Virtual size: 1016B

.reloc Size: 260KB - Virtual size: 260KB

.text
Size: 248KB - Virtual size: 247KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 32KB - Virtual size: 38KB

.rsrc
Size: 4KB - Virtual size: 1016B

.reloc
Size: 260KB - Virtual size: 260KB