e796a41db972265c40becbd20ad9d0b924858e83e288b960564bb06e5d5dc6fe

General

Target

e796a41db972265c40becbd20ad9d0b924858e83e288b960564bb06e5d5dc6fe
Size

126KB
MD5

cdfdd055f46ac83977e4173858c2bd5d
SHA1

a726910eee8986c7aa6e9750121bccd57882df75
SHA256

e796a41db972265c40becbd20ad9d0b924858e83e288b960564bb06e5d5dc6fe
SHA512

17aa88fb40df86441d7e4d4fc37b4e3ed039837fb9b67565f5ffb0e8864a45240797e86809b9675dc89c60e48421921350358aeb05d09f7c9848bb76ea4fc334
SSDEEP

3072:2JF8pWbYCA9xZxS26i/P4caUGHICZFG8Hf38zqU:2J+pWbaZxPBH6DoCTZf3tU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e796a41db972265c40becbd20ad9d0b924858e83e288b960564bb06e5d5dc6fe

Files

e796a41db972265c40becbd20ad9d0b924858e83e288b960564bb06e5d5dc6fe
.exe windows:5 windows x86 arch:x86

30e5135a0026ee0d2016bb9df0906258

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetComputerNameW
GetTickCount
GetWindowsDirectoryA
GetUserDefaultLangID
TlsSetValue
GlobalAlloc
LoadLibraryW
AssignProcessToJobObject
ReadProcessMemory
lstrcatA
GetACP
IsBadStringPtrA
GetLastError
SetLastError
GetProcAddress
SetComputerNameA
BuildCommDCBW
LoadLibraryA
InterlockedExchangeAdd
GetDiskFreeSpaceA
FoldStringW
FoldStringA
GetModuleFileNameA
FindFirstVolumeMountPointA
LoadLibraryExA
OutputDebugStringA
HeapFree
EncodePointer
DecodePointer
HeapReAlloc
GetCommandLineW
HeapSetInformation
GetStartupInfoW
HeapCreate
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
Sleep
HeapSize
GetModuleHandleW
ExitProcess
TlsAlloc
TlsGetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapAlloc
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
WriteConsoleW
MultiByteToWideChar
SetFilePointer
SetStdHandle
RtlUnwind
GetCPInfo
GetOEMCP
IsValidCodePage
CreateFileW
CloseHandle
GetStringTypeW
LCMapStringW
IsProcessorFeaturePresent

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 394KB - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30e5135a0026ee0d2016bb9df0906258

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 394KB - Virtual size: 450KB

.rsrc Size: 175KB - Virtual size: 175KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 394KB - Virtual size: 450KB

.rsrc
Size: 175KB - Virtual size: 175KB