dfd2582978abdbdecda841863142f019962cc297f5220709dde742611ac8c5b6

Sharing

Copy URL Twitter E-mail

General

Target

dfd2582978abdbdecda841863142f019962cc297f5220709dde742611ac8c5b6
Size

328KB
MD5

11deb1df9a7c30ca2cfe891a432ae04c
SHA1

3fc8af4e608d4a2661a4c909e0f5ca84d15ad49f
SHA256

dfd2582978abdbdecda841863142f019962cc297f5220709dde742611ac8c5b6
SHA512

dfdbf939cf4140c5891fd50ff54f892f75f98cf0a5d74bf931cd9c15afdb2394016de2efebb5e07d397163da1fd72d61f384fa3ddb7aa4c87edd123ef1881e09
SSDEEP

6144:B2Y5BFxsf2SDVKrd3RPiC3WngF1nPPdKT:B95BFxg2kVKrJRPiC3Wny9a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfd2582978abdbdecda841863142f019962cc297f5220709dde742611ac8c5b6

Files

dfd2582978abdbdecda841863142f019962cc297f5220709dde742611ac8c5b6
.exe windows:5 windows x86 arch:x86

0ecc0028e5c73b9490a704edc7bb7552

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesW
SetConsoleTextAttribute
WriteProcessMemory
TzSpecificLocalTimeToSystemTime
AddConsoleAliasA
LoadLibraryExW
SetComputerNameA
GetUserDefaultLangID
GetSystemDefaultLangID
IsBadStringPtrA
CreateDirectoryW
InterlockedCompareExchange
lstrcatA
GetDefaultCommConfigA
BuildCommDCBA
GetLastError
VirtualProtect
LocalAlloc
QueryInformationJobObject
FoldStringA
SetLastError
GetWindowsDirectoryW
GetNumberFormatA
GetModuleFileNameW
CreateFileW
WriteConsoleW
SetStdHandle
OpenEventA
GetProcAddress
LoadLibraryW
FindFirstVolumeMountPointW
GetACP
GetTickCount
LoadLibraryA
IsValidLocale
EnumSystemLocalesA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
HeapFree
RtlUnwind
RaiseException
HeapReAlloc
GetCommandLineW
HeapSetInformation
GetStartupInfoW
LCMapStringW
GetCPInfo
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
HeapCreate
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetCurrentThreadId
HeapSize
ExitProcess
SetFilePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetOEMCP
IsValidCodePage
GetLocaleInfoW
GetUserDefaultLCID
GetLocaleInfoA
CloseHandle

user32

LoadMenuW
CloseWindow
DrawCaption
GetUserObjectSecurity

gdi32

DeleteMetaFile
GdiComment

advapi32

ClearEventLogA
RegOpenKeyW
CloseEventLog
BackupEventLogA

winhttp

WinHttpWriteData

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 153KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lojuxe
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ecc0028e5c73b9490a704edc7bb7552

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

winhttp

Sections

.text Size: 89KB - Virtual size: 88KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 153KB - Virtual size: 2.4MB

.lojuxe Size: 1024B - Virtual size: 1024B

.rsrc Size: 62KB - Virtual size: 62KB

.text
Size: 89KB - Virtual size: 88KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 153KB - Virtual size: 2.4MB

.lojuxe
Size: 1024B - Virtual size: 1024B

.rsrc
Size: 62KB - Virtual size: 62KB