979a1acd102412633091d83d461d73b164155d01b8ffe6d87763e86f39c44d4e

Sharing

Copy URL Twitter E-mail

General

Target

979a1acd102412633091d83d461d73b164155d01b8ffe6d87763e86f39c44d4e
Size

3.6MB
MD5

d66cc4bcae12fa710c98489cbd315199
SHA1

5f4207d4a2772ba0da52230f14718f8b09ba4902
SHA256

979a1acd102412633091d83d461d73b164155d01b8ffe6d87763e86f39c44d4e
SHA512

9fd513beccfeec20d79c9edf4a29cf6c732e300b932c7fc76c37e099b8400cec5bea4c8195fb6a72808e0dc347546630be02532f72c9776cf00184ce41a1793b
SSDEEP

98304:GLhePR9yrgdsSM+QEwGQ9UMEOAyceZr2emOyscHN7ng2lHtcJ:mAcGQ7VrtrsOyscH3lGJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
979a1acd102412633091d83d461d73b164155d01b8ffe6d87763e86f39c44d4e

Files

979a1acd102412633091d83d461d73b164155d01b8ffe6d87763e86f39c44d4e
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

��ڼ��s��r&Q�FC�r*k�B�I�n�y��*1kmw�X�䈫� ^׫�g�՘I}5a+Ӽ< �jn�̶C�!��e��iY%/��'�t+_a>�νI��q�\6�(C�S��,mI�b�q�U�z�WT]"J��_��Z�=��O{Æ{*g踓r�إRx��ئi�v� l${��Y��4z��sy-6�swF��@.�zn|�h��]��"Q�[�sA�w��)Ă��*��%�ݕ[)q"��K~�E�{�w�=��qx��9Ȱc�<��_t�{��Ɨ�l,�9��=:��~��󁂅:�;�՗��^n�D�ʸ|�qJ�@��'�=!�)3 䱹��3��U�<r3q��\ YP;��ϔ��C}�苿��Z��S.��aT��~5�ė�?��]��N،��ES�s�]%�g��"�_�� q�@�a$ρ�]��՗4|�Vv � �}K�e� �G@�d��4N!J)��0L��ZV}�0jAc(�Ya��̀%��V�E)�FIa��I��2��)�kϒ��%��R��t�U8S�ΧY�(��n�^�6v��!�}pfҹ�.{�[��F�JRәn1��mҤB��?+�˩/0v�"D��U>l�AH��h�+�(��K��7�d+�5��[}��N�D4 �!� D<��R��n��O��G'��% Gm��` ƲQ�ل�y��k簙�H�̪��w/9YS�u�k��=�U.�X��"��V̺(�`��}Q#�O��R��&ѕi��#�Iĥ�n#N��s��X�2�� -BP� N�P7)L�hM�X;wmM|T�vl��`��&{��҉v &�z��1��G�c(�AFKUhv'�U��J��N��zB�͍A��z�:�� eW��3A�÷$�TP8��/}�Wwq�H6��d>H�K�-��z-_t �� f@hLY��:��I9��E��dqdx�F~ bG|ˀդ�a��ӹ�d�+�wZJ��G��4��#e\ޝ�L�t��|3qVҌ�{��Y�o��i�W �I,,�l��hٶN��Z��%0�|Gi��i?��"�(oڶjn��e��Ke��W�&H��KOf��Z��01�}��)�Y� ]en��hx<��i�q�mA�b�K��l`HH^揮K�y�u�Z�S�O��/c��S>g�I�Kn-`��0��<M�M&L��;�]��x[�� w��]fPFTr�V��\�h%�w@Ç��$o|O�dC㺂��y-o9�|'_�~CLnEZ$�|�]��i��ZG�!��N[�A�u��W�{y�� Y��\��c��U�!�}��&M^�p�JI�O��Ɨc�v�D.��/�Y^?��3��l�Y%�`b�y�D^V�=�Vs9u3��s�p�Ԗbu��Q��k�Ϳ"o�y��r��[�1B��F2#��;�r~��_�zv4�X#��ň��N��ؕqt�γ^� &=��7L��2�dG?��S6�<�m�n\�=�=�4YU��װEn��'��Bz��e��Jr�/�� .�|TQdj}o,<p��ʼ�c�G� ��-��V��t�� mOWl.�;��\m�T��hîk1��G��M��Vv�m�Jx�Y�R�/-4w�l#��F��!�ǼS��)�1� zR��7��4Pe��d��(:� Z��:��#��b"�υ�� ڱ�~�m�(�z�8��Q��̏P ��rk��G'!�G�)�?JT�l=ؐ��b�}*��g :�˜� �� v�ѯb�35�԰��]��baj1vTء��V٩��]�+ê�A��%��W,��a029�oA��eEe�'ņ�=YO��x��8��Ia^av9]t��e�P��L��_!��=��8�_+�$�h_�V��S�몏2='��qi��Y�@�5�"_��db[�Hg$��!||��x�_v��?�^��p�f��e�r\�[͞��QXV��b^/�O'�X�'1[��#9*Q��G.�S�`j�qCO�g�Y�nIhVy��)^�<Z�S�I��,�z�TՇ�a��4F��o�qE��K��>X>��8�~�@�Gl��֕T��w��ai��l,��!�r9`9�z �O麓�!��w��6]^�ws�K�cR��jh�Ʈ�9�G\�5#��wV��S<��Oݒk!8��+@&Q��E��*�I�ޞdGj+�?��\o��g�B�u�${�� y�<��n�4�1��Fֲ�� 衭��x��O΋��A��=��ϩݶ�m�%w��l��sO~ &1i[��P�8# ��!�0(��Ӂ�8��9�.�� "ӹ��U�"��.�%S� �Q��lW�gP�?e)�s��K�D6�up��n��3|��碹]F�<��-H߉�%#�k�o�nE�s��I�6�T'x��xR1Svn��-3��ffZ�t��io��t`Ds*�:��YR�v��Kd��/��!k��]�kfUS�b��S�~ ��y�U�vEJ�^��k��m��UJ�$K� �j�� P��7gd��A2��- <¾�#Nh��ױ�pp1Upk��^�y�/UW;0��k��DOOmz�V'�F ȣ�~r�B��I�L�� :Y�c�}��'9aG��1��{H�RR+D�_b��3�9%�C�9t��l�J��K�.�h-$1.��8�̨�I��^�$�[j�.�˶��rŜ�ء��E�Lw��C]�oJ{��M�.jb�Q��C��m��TP-L3\Y)��䞹�Ha��c��y̅.��]��A�#P}�rA�U�Y�Ӱ0�8�+~��V0&ŃTb�!5��O�;j!�>� �xkU�{a�pϧ��

Sections

.text
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zaas0
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.zaas1
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zaas2
Size: 8.2MB - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: - Virtual size: 1.8MB

.rdata Size: - Virtual size: 552KB

.data Size: - Virtual size: 58KB

.pdata Size: - Virtual size: 84KB

_RDATA Size: - Virtual size: 348B

.zaas0 Size: - Virtual size: 5.5MB

.zaas1 Size: 7KB - Virtual size: 6KB

.zaas2 Size: 8.2MB - Virtual size: 8.2MB

.rsrc Size: 18KB - Virtual size: 18KB

.text
Size: - Virtual size: 1.8MB

.rdata
Size: - Virtual size: 552KB

.data
Size: - Virtual size: 58KB

.pdata
Size: - Virtual size: 84KB

_RDATA
Size: - Virtual size: 348B

.zaas0
Size: - Virtual size: 5.5MB

.zaas1
Size: 7KB - Virtual size: 6KB

.zaas2
Size: 8.2MB - Virtual size: 8.2MB

.rsrc
Size: 18KB - Virtual size: 18KB