ec489a9b8c3650493c685472b5573d7213d6f024f9e312f01bc58f6d1dd407ef

Sharing

Copy URL Twitter E-mail

General

Target

ec489a9b8c3650493c685472b5573d7213d6f024f9e312f01bc58f6d1dd407ef
Size

15.1MB
MD5

09305c185172baf27dc6439c2a95cf34
SHA1

df83a24c19bf71b3bab6635a41528b523ddecfb1
SHA256

ec489a9b8c3650493c685472b5573d7213d6f024f9e312f01bc58f6d1dd407ef
SHA512

e2e13f61b15facf9896b55e3025e680f816370d42809283d88507f2925bfafda506ae559292884fedd7901a730ad5359f8c7746ebc2a391d406cddfba88a599a
SSDEEP

393216:B5brQa1DbUjuLe+Vn2zp2GVoi1G/c77OHh:B5brRD1e+Vn2FL1KAOB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ec489a9b8c3650493c685472b5573d7213d6f024f9e312f01bc58f6d1dd407ef

Files

ec489a9b8c3650493c685472b5573d7213d6f024f9e312f01bc58f6d1dd407ef
.exe windows:5 windows x86 arch:x86

bb2c2e6f804cb70552867e21dd4639a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Out\PakSetup\Bin\PakSetup.pdb

Imports

kernel32

ExitProcess
CreateFileA
GetFileSize
SetFilePointer
SetUnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
WaitForSingleObject
GetTickCount
GetCurrentThread
WriteFile
InitializeCriticalSection
OpenProcess
WideCharToMultiByte
Sleep
LeaveCriticalSection
CreateProcessA
ReadFile
RaiseException
CreateDirectoryA
GetLastError
SetLastError
GetProcAddress
CopyFileA
EnterCriticalSection
SetFileAttributesA
LoadLibraryA
GetFileType
GetModuleFileNameA
GetModuleHandleA
DeleteCriticalSection
GetCurrentThreadId
OutputDebugStringA
CloseHandle
FileTimeToLocalFileTime
GetCurrentProcessId
DeleteFileA
CreateThread
CreateFileW
FindResourceW
FreeLibrary
LoadResource
ActivateActCtx
GetSystemDirectoryW
LoadLibraryW
SizeofResource
GetVersionExW
MultiByteToWideChar
lstrlenW
DeactivateActCtx
LockResource
lstrcpyW
GetSystemDefaultLangID
GetFullPathNameA
SearchPathW
FindFirstFileW
FreeResource
MoveFileExA
LoadLibraryExW
QueryPerformanceCounter
GlobalLock
GetModuleHandleW
GetWindowsDirectoryA
GetCommandLineA
GetSystemWow64DirectoryA
GlobalAlloc
FormatMessageW
GetFileAttributesA
GetFileAttributesW
TerminateProcess
FileTimeToSystemTime
GetModuleFileNameW
GetSystemDirectoryA
GetEnvironmentVariableA
GlobalUnlock
GetStdHandle
FindFirstFileA
GetLongPathNameA
RemoveDirectoryA
GlobalFree
FindClose
Process32FirstW
LocalAlloc
GetExitCodeThread
SetEnvironmentVariableA
Process32NextW
FindNextFileA
IsDebuggerPresent
FindNextFileW
GetCurrentDirectoryA
CreateToolhelp32Snapshot
DeleteFileW
GetFileInformationByHandle
GetTempPathA
LocalFree
MulDiv
lstrcmpW
GlobalFlags
CompareStringW
InitializeCriticalSectionAndSpinCount
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
CreateActCtxW
ReleaseActCtx
InterlockedExchange
GetLocaleInfoW
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetUserDefaultUILanguage
lstrcmpA
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
lstrlenA
FlushFileBuffers
GetVolumeInformationW
GetFullPathNameW
SetErrorMode
GetFileAttributesExW
HeapFree
HeapAlloc
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RtlUnwind
HeapQueryInformation
HeapReAlloc
HeapSize
UnhandledExceptionFilter
IsProcessorFeaturePresent
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
SetHandleCount
SetStdHandle
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
LCMapStringW
WriteConsoleW

Sections

.text
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb2c2e6f804cb70552867e21dd4639a9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 257KB - Virtual size: 256KB

.rdata Size: 69KB - Virtual size: 68KB

.data Size: 51KB - Virtual size: 110KB

.rsrc Size: 35KB - Virtual size: 35KB

.text
Size: 257KB - Virtual size: 256KB

.rdata
Size: 69KB - Virtual size: 68KB

.data
Size: 51KB - Virtual size: 110KB

.rsrc
Size: 35KB - Virtual size: 35KB