e8f94ec399c40e9882180fa2d6d3eaeb2955998849013bfb6d7867f0d18c8dea

Sharing

Copy URL Twitter E-mail

General

Target

e8f94ec399c40e9882180fa2d6d3eaeb2955998849013bfb6d7867f0d18c8dea
Size

124KB
MD5

f8aba579057ec1cb188469184d637eb1
SHA1

cfcdd00fb9d6d44ab0057314c34d14a0768d378d
SHA256

e8f94ec399c40e9882180fa2d6d3eaeb2955998849013bfb6d7867f0d18c8dea
SHA512

31095cb7b420904b30fd34e203e689672a877abad126b6ac7098a9963ccba4407414062bd669c3cd2b39f291e211312e0b05886cf6d5624d776ad7ed1269efd1
SSDEEP

1536:FwwuXVZa+ysaRTdQeUKT+FTHu3zw4gBvO2eKln/0qW0WjmNlkTkcsXrb:UXzaMyd7bToa0NbeKl8ANlTc+rb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e8f94ec399c40e9882180fa2d6d3eaeb2955998849013bfb6d7867f0d18c8dea

Files

e8f94ec399c40e9882180fa2d6d3eaeb2955998849013bfb6d7867f0d18c8dea
.dll windows:4 windows x86 arch:x86

07bb85ba36bcfc9cf3aeafe86842f181

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\sbroot\obj\eip\x86_nt_5_debug\eip\dk\msg\RUS\debug_obj_v7\cmbmsgod817d.pdb

Imports

kernel32

GetCurrentThreadId
TlsSetValue
GetCommandLineA
GetVersionExA
TerminateProcess
GetCurrentProcess
ExitProcess
GetProcAddress
GetModuleHandleA
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetCurrentThread
IsBadWritePtr
IsBadReadPtr
HeapValidate
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
WriteFile
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
UnhandledExceptionFilter
GetACP
GetOEMCP
GetCPInfo
RtlUnwind
HeapAlloc
DebugBreak
InterlockedDecrement
OutputDebugStringA
LoadLibraryA
InterlockedIncrement
HeapReAlloc
VirtualAlloc
InitializeCriticalSection
GetTimeFormatA
GetDateFormatA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
LCMapStringA
LCMapStringW
SetConsoleCtrlHandler
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTimeZoneInformation
VirtualProtect
GetSystemInfo
VirtualQuery
SetFilePointer
GetLocaleInfoW
SetStdHandle
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
CloseHandle

Sections

.text
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07bb85ba36bcfc9cf3aeafe86842f181

Headers

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 88KB - Virtual size: 86KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 88KB - Virtual size: 86KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 5KB