els25457[.]exe | Triage

Sharing

General

Target

els25457.exe
Size

9.7MB
MD5

f3fff0f62b6c1b5bce340c9f907e2d56
SHA1

a74c6b0aca88415b2988a773ac521f00a0e3ca36
SHA256

6f15a992543608f5d751a2c95e77b7288c77cc785de5e10d01f83a0cd7c39317
SHA512

0082b4a9b0ce335efeae69e3af9897d3d0ba567c9d8c7128f7bff39a7e94865aeb6ecefb7bac12a92fbafecbbc9617d09ae8b0070f6ce2d0d16c2665b782a0ca
SSDEEP

196608:w3xMRFTV5cGh5h60W9/jlr/iO2TwMtxfkIdVNprJwc:6x2FTPZh5Y9rd6O2TwM7hNpre

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
els25457.exe

Files

els25457.exe
.exe windows:5 windows x64 arch:x64

baa93d47220682c04d92f7797d9224ce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

Size: 1.7MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dpubwvnr
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lbqghtga
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 270KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ