2024-05-13_ff8e6ed4d1d0865b4b3ee5c012221e5e_ekans

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-13_ff8e6ed4d1d0865b4b3ee5c012221e5e_ekans
Size

4.8MB
MD5

ff8e6ed4d1d0865b4b3ee5c012221e5e
SHA1

719b4896cf8acd42bead73e6ac3d62c015c4e120
SHA256

4fc3139ce9817afc5d78a5d503084c4e9e4212948a7338fa5aeac4ca97146d0a
SHA512

97ef6ae68c14f27935c43a8420cbc606b23a9db2d9194f4a7295d548957334d0cd05fc16d7280790c447c215316294f41463f28276aadcfa53265acd032cb10a
SSDEEP

49152:ba3pE+7mItrpBntGuXzS7dJprre4AlxHIaINCGrZ4qnjNqwhRXOaqdMwzO2YWKy3:ba3pT7m8rdGuXmdPAbHI/NFZ46AYy3H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-13_ff8e6ed4d1d0865b4b3ee5c012221e5e_ekans

Files

2024-05-13_ff8e6ed4d1d0865b4b3ee5c012221e5e_ekans
.exe windows:4 windows x86 arch:x86

1e76453e927ad29c9c4277ec931c423b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupAccountSidA

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateIoCompletionPort
CreateThread
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FreeEnvironmentStringsW
GetConsoleMode
GetEnvironmentStringsW
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatus
GetStdHandle
GetSystemInfo
InitializeCriticalSection
InterlockedDecrement
InterlockedExchangeAdd
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetProcessPriorityBoost
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SwitchToThread
TlsGetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WriteConsoleW
WriteFile

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_beginthread
_cexit
_errno
_iob
_onexit
_setmode
abort
atexit
calloc
fprintf
free
fwrite
malloc
memcpy
signal
vfprintf

winmm

timeBeginPeriod
timeEndPeriod

ws2_32

WSAGetOverlappedResult

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/14
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/61
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/73
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/87
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/99
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/112
Size: 512B - Virtual size: 31B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/123
Size: 1024B - Virtual size: 532B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/134
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/148
Size: 512B - Virtual size: 34B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e76453e927ad29c9c4277ec931c423b

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

winmm

ws2_32

Sections

.text Size: 4.3MB - Virtual size: 4.3MB

.data Size: 306KB - Virtual size: 306KB

.rdata Size: 1024B - Virtual size: 740B

/4 Size: 1024B - Virtual size: 928B

.bss Size: - Virtual size: 100KB

.idata Size: 2KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

/14 Size: 512B - Virtual size: 368B

/29 Size: 135KB - Virtual size: 135KB

/45 Size: 199KB - Virtual size: 199KB

/61 Size: 1.2MB - Virtual size: 1.2MB

/73 Size: 3KB - Virtual size: 2KB

/87 Size: 285KB - Virtual size: 284KB

/99 Size: 218KB - Virtual size: 217KB

/112 Size: 512B - Virtual size: 31B

/123 Size: 1024B - Virtual size: 532B

/134 Size: 512B - Virtual size: 24B

/148 Size: 512B - Virtual size: 34B

.text
Size: 4.3MB - Virtual size: 4.3MB

.data
Size: 306KB - Virtual size: 306KB

.rdata
Size: 1024B - Virtual size: 740B

/4
Size: 1024B - Virtual size: 928B

.bss
Size: - Virtual size: 100KB

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

/14
Size: 512B - Virtual size: 368B

/29
Size: 135KB - Virtual size: 135KB

/45
Size: 199KB - Virtual size: 199KB

/61
Size: 1.2MB - Virtual size: 1.2MB

/73
Size: 3KB - Virtual size: 2KB

/87
Size: 285KB - Virtual size: 284KB

/99
Size: 218KB - Virtual size: 217KB

/112
Size: 512B - Virtual size: 31B

/123
Size: 1024B - Virtual size: 532B

/134
Size: 512B - Virtual size: 24B

/148
Size: 512B - Virtual size: 34B