e2174b13537dc8234e6c932a9120ab6d5eb004dd091857a181ae9eb3df542497

Sharing

Copy URL

Twitter E-mail

General

Target

e2174b13537dc8234e6c932a9120ab6d5eb004dd091857a181ae9eb3df542497
Size

11.8MB
MD5

ade63dc75ea4fa564bf4e22305ed117d
SHA1

7f82f3e44665fc2c7c5700199f12660147d715ac
SHA256

e2174b13537dc8234e6c932a9120ab6d5eb004dd091857a181ae9eb3df542497
SHA512

8fcf2d0bb49fad3c74047339f2c34b5dfffba5646141385715466c09f2dd3dbadefff0c8af2aab16944e6bc19ddaeda079e2c0bc86f1fd1383408e4e26806690
SSDEEP

6144:0mi0ogaXSQeSb79dvDUqpTOZ2mGs2839FLP+oUe5mjXFt0/DAooooooooooooooH:S0oRXSQeE79dvDUqlOUkP9F21pt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
e2174b13537dc8234e6c932a9120ab6d5eb004dd091857a181ae9eb3df542497

Files

e2174b13537dc8234e6c932a9120ab6d5eb004dd091857a181ae9eb3df542497
.exe windows:5 windows x86 arch:x86

aeb50bff33b8a37e3f9606bcafa1d581

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VerifyVersionInfoA
IsBadWritePtr
ReplaceFileW
GetModuleFileNameW
GetThreadPriorityBoost
lstrlenW
DisconnectNamedPipe
GetCPInfoExW
FindFirstFileExA
GetProcAddress
GetLongPathNameA
PeekConsoleInputW
CopyFileA
EnumSystemCodePagesW
GlobalGetAtomNameA
SetFileAttributesA
BuildCommDCBW
LoadLibraryA
ProcessIdToSessionId
LocalAlloc
TransmitCommChar
LockResource
SetFileApisToANSI
GlobalGetAtomNameW
SetConsoleWindowInfo
GetVolumePathNamesForVolumeNameW
Module32FirstW
WaitForMultipleObjects
GlobalWire
WTSGetActiveConsoleSessionId
GetProcessAffinityMask
FindNextFileW
GetCPInfoExA
SetFileShortNameA
GetDiskFreeSpaceExW
WriteFileEx
GetWindowsDirectoryW
GetVolumeNameForVolumeMountPointW
DeleteAtom
MoveFileWithProgressW
GetThreadTimes
FindActCtxSectionStringW
SetFileAttributesW
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CreateFileW
GetProcessHeap
SetEndOfFile
FlushFileBuffers
WritePrivateProfileStructW
lstrcpynW
GetSystemPowerStatus
GetThreadSelectorEntry
IsProcessInJob
WriteFileGather
WriteFile
ReadConsoleW
GetNumberFormatA
OutputDebugStringW
FreeEnvironmentStringsA
DosDateTimeToFileTime
GetCommProperties
GetSystemDefaultLCID
WriteConsoleInputA
QueryDosDeviceA
ScrollConsoleScreenBufferW
WriteTapemark
LoadLibraryExW
ClearCommError
HeapAlloc
GetCPInfo
lstrlenA
FindResourceA
GlobalDeleteAtom
SetCriticalSectionSpinCount
OpenJobObjectW
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
DecodePointer
EncodePointer
GetLastError
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
RtlUnwind
MultiByteToWideChar
ReadFile
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
Sleep
FatalAppExitA
CloseHandle
CreateFileA
SetStdHandle
HeapSize
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryW
GetLocaleInfoW
WriteConsoleW
LCMapStringW
GetStringTypeW
HeapReAlloc
IsValidLocale

user32

GetMonitorInfoA
UnhookWindowsHook
GetWindowLongW
GetMenuInfo
LoadCursorA
VkKeyScanExA

advapi32

AbortSystemShutdownA
GetSecurityDescriptorDacl
SetPrivateObjectSecurity
InitiateSystemShutdownW
AdjustTokenPrivileges
LookupPrivilegeDisplayNameW
MakeSelfRelativeSD
GetSecurityDescriptorSacl
ClearEventLogA
RegReplaceKeyA
EnumServicesStatusW
MakeAbsoluteSD
RegDeleteValueW
LookupAccountSidW
GetAce
OpenBackupEventLogA
RegDeleteKeyW
RegQueryInfoKeyW
RegOpenKeyW
RegQueryMultipleValuesW
OpenEventLogW
GetSidSubAuthority
RegisterEventSourceW
RegSetValueA
CreateProcessAsUserA
DestroyPrivateObjectSecurity

Sections

.text
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 102KB - Virtual size: 61.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11.5MB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aeb50bff33b8a37e3f9606bcafa1d581

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 165KB - Virtual size: 164KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 102KB - Virtual size: 61.3MB

.rsrc Size: 23KB - Virtual size: 22KB

.reloc Size: 11.5MB - Virtual size: 38KB

.text
Size: 165KB - Virtual size: 164KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 102KB - Virtual size: 61.3MB

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 11.5MB - Virtual size: 38KB