088el19l[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

088el19l.exe
Size

19.8MB
MD5

e39def1bb49d48920fab490af64b7605
SHA1

88dc1b5b2208c36411506df987abe1b3f717afae
SHA256

98306605c9c24c0f3be781702430093cce3bb2078c52cf4d511aac5014edd4ef
SHA512

2776151215f9484a3cc1a068eb8c440953aec363789c84ce2330072462e09627a02f11fdd4da95b3b6b6379511569332a7c85cf0f282f3de00297e257b158a40
SSDEEP

393216:8lOFA/WbFv8iHgtg6zSNHreRzXFIiS4bWLISyYpu+/gukfg+b/ykeB:HFA/wWggtYFreRz1G4+yEu+VOg+mkeB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
088el19l.exe

Files

088el19l.exe
.exe windows:6 windows x64 arch:x64

413d69fddde9368024fde149275cc790

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

htonl

crypt32

CryptStringToBinaryA

wldap32

ord35

normaliz

IdnToAscii

kernel32

InitializeSListHead

user32

ShowWindow

advapi32

CryptReleaseContext

msvcp140

?always_noconv@codecvt_base@std@@QEBA_NXZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memmove

api-ms-win-crt-string-l1-1-0

strpbrk

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback

api-ms-win-crt-heap-l1-1-0

calloc

api-ms-win-crt-stdio-l1-1-0

fputc

api-ms-win-crt-convert-l1-1-0

mbstowcs_s

api-ms-win-crt-conio-l1-1-0

_getch

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-filesystem-l1-1-0

_stat64

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-utility-l1-1-0

qsort

Exports

Exports

ClientDestruct
InjectableClientLog

Sections

.text
Size: - Virtual size: 503KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.:V=
Size: - Virtual size: 13.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.c`N
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.0U$
Size: 19.8MB - Virtual size: 19.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

413d69fddde9368024fde149275cc790

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

wldap32

normaliz

kernel32

user32

advapi32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

Exports

Exports

Sections

.text Size: - Virtual size: 503KB

.rdata Size: - Virtual size: 124KB

.data Size: - Virtual size: 4KB

.pdata Size: - Virtual size: 18KB

.:V= Size: - Virtual size: 13.1MB

.c`N Size: 512B - Virtual size: 392B

.0U$ Size: 19.8MB - Virtual size: 19.8MB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 503KB

.rdata
Size: - Virtual size: 124KB

.data
Size: - Virtual size: 4KB

.pdata
Size: - Virtual size: 18KB

.:V=
Size: - Virtual size: 13.1MB

.c`N
Size: 512B - Virtual size: 392B

.0U$
Size: 19.8MB - Virtual size: 19.8MB

.rsrc
Size: 512B - Virtual size: 480B