23142ead1cc659c58d14dd560e6bdc0378b62a57f02b61f8f7d768afb5913700

Sharing

Copy URL Twitter E-mail

General

Target

23142ead1cc659c58d14dd560e6bdc0378b62a57f02b61f8f7d768afb5913700
Size

4.9MB
MD5

23b56e549f69b0ff6b08493edc456f45
SHA1

382dab0827cd5d697f80d44c06e65de65a02bc5f
SHA256

23142ead1cc659c58d14dd560e6bdc0378b62a57f02b61f8f7d768afb5913700
SHA512

c492349223bc719353143877ad9620e0a93016f24968e7fe46f2fc32e2890a5342c339c421cb1963d44b7639e20b7fbcb26cad7c91ed08abba536ed6f771b1bb
SSDEEP

98304:SXahhOEMXDaqCoPBdVQWELWaPCiZ2uo0tQrp+5tzzLOlhmCUuM:SXahhOEMXDaPideWCToUQrs5tzn99

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23142ead1cc659c58d14dd560e6bdc0378b62a57f02b61f8f7d768afb5913700

Files

23142ead1cc659c58d14dd560e6bdc0378b62a57f02b61f8f7d768afb5913700
.exe windows:5 windows x86 arch:x86

e17089235a31e0ad3dcd35c1660dfff0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

esent

JetRollback
JetInit
JetGetSecondaryIndexBookmark
JetCloseTable
JetTerm2

advapi32

GetTraceEnableFlags
RegCreateKeyExW
GetSidLengthRequired
RegQueryValueExW
GetLengthSid
RegCloseKey
CloseServiceHandle
RegEnumValueW
EqualSid
OpenThreadToken

kernel32

GetModuleFileNameW
FreeEnvironmentStringsW
DisableThreadLibraryCalls
TlsGetValue
HeapDestroy
HeapFree
GetLastError
DeleteCriticalSection
DeleteFileW
FindNextFileW
UnmapViewOfFile
InitializeCriticalSectionAndSpinCount
GetProcAddress
GetModuleHandleW
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
RaiseException
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
Sleep
VirtualAlloc
HeapReAlloc
RtlUnwind
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

ws2_32

htons
send
inet_addr
closesocket
WSAStartup

Sections

.text
Size: 644KB - Virtual size: 644KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.9MB - Virtual size: 48.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e17089235a31e0ad3dcd35c1660dfff0

Headers

File Characteristics

Imports

esent

advapi32

kernel32

ws2_32

Sections

.text Size: 644KB - Virtual size: 644KB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 1.9MB - Virtual size: 48.4MB

.rsrc Size: 363KB - Virtual size: 363KB

.text
Size: 644KB - Virtual size: 644KB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 1.9MB - Virtual size: 48.4MB

.rsrc
Size: 363KB - Virtual size: 363KB