EF2D1DE8BE7B216F6983BD43D120B512A0917EBE887F30D256ECA8395CE613CC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

EF2D1DE8BE7B216F6983BD43D120B512A0917EBE887F30D256ECA8395CE613CC.exe
Size

270KB
MD5

49d7edc4f51e03058654bdaffdfe9992
SHA1

8f6831a72019f1361e1174e1dbaa00113a034618
SHA256

53bcd8239258dcbb10f9d3b6d057103c18fe3dd614c5809053426b01b741500d
SHA512

05795d5a19f24bd6a14a8942730e588d5a5ef5b186d3f65ed3821efeb9d0e29c49352867bf8d8d7bc933f3f5356b55d40dd2e39080847d564bf0c24afd7a36d7
SSDEEP

6144:SzrS9ZldfBpR/xV/tlTUEuA38xplKK9/2Y/Um4voF:ScdfBpR/xV/tuTa85K4JU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
EF2D1DE8BE7B216F6983BD43D120B512A0917EBE887F30D256ECA8395CE613CC.exe

Files

EF2D1DE8BE7B216F6983BD43D120B512A0917EBE887F30D256ECA8395CE613CC.exe
.exe windows:5 windows x86 arch:x86

0aa6e337c2cfd6bc7063b3211897b34e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\gepucamu24_sipakegeluje\tawiyuwek\pufurolamusoy\xebakasajayor.pdb

Imports

kernel32

LoadLibraryA
CreateMutexW
SetLocaleInfoW
FindNextVolumeW
GetNamedPipeHandleStateA
LocalFileTimeToFileTime
EnumResourceTypesW
EnumResourceNamesA
FillConsoleOutputCharacterA
CreateTimerQueueTimer
TerminateProcess
SetLastError
SetEvent
FindNextFileW
GetCompressedFileSizeA
CopyFileExW
BuildCommDCBA
VerifyVersionInfoW
FreeResource
GetVersionExA
ReadConsoleOutputCharacterA
SetDefaultCommConfigW
VerLanguageNameW
GetCommConfig
WritePrivateProfileStructA
LocalFree
DeleteTimerQueueTimer
FindNextVolumeMountPointA
GetWriteWatch
WriteConsoleInputW
LoadResource
AddAtomW
GlobalDeleteAtom
GetThreadPriority
CallNamedPipeW
GetDriveTypeW
BuildCommDCBAndTimeoutsA
VirtualProtect
GlobalAlloc
GetVersionExW
GlobalFix
FindFirstChangeNotificationW
VerifyVersionInfoA
SearchPathW
FormatMessageW
SetDllDirectoryW
GetModuleHandleW
WritePrivateProfileStringA
GetUserDefaultLCID
TerminateThread
GlobalUnfix
SetConsoleWindowInfo
InterlockedDecrement
GetStartupInfoA
GetSystemWow64DirectoryW
CopyFileA
GetPrivateProfileIntA
SetCalendarInfoW
DebugBreak
SetConsoleCursorInfo
FreeLibraryAndExitThread
GetModuleFileNameA
SetConsoleScreenBufferSize
WaitForDebugEvent
InterlockedExchangeAdd
GetOEMCP
GetPrivateProfileStringW
CreateActCtxW
ReadConsoleInputW
OutputDebugStringW
PulseEvent
SetThreadAffinityMask
FlushConsoleInputBuffer
lstrlenA
LoadLibraryW
WriteConsoleW
GetThreadContext
FreeEnvironmentStringsA
TryEnterCriticalSection
QueryDepthSList
ConvertFiberToThread
SetProcessPriorityBoost
LockFile
FreeEnvironmentStringsW
GetConsoleCP
CreateIoCompletionPort
AllocConsole
GlobalGetAtomNameW
SetComputerNameA
GetConsoleAliasExesLengthA
CreateMailslotW
GetCommState
MoveFileWithProgressA
GetPrivateProfileIntW
GetSystemTimeAdjustment
EnumSystemLocalesW
OpenMutexA
GetLastError
WriteProfileStringA
OpenWaitableTimerW
OpenFileMappingW
GetConsoleAliasesLengthW
SetProcessShutdownParameters
FillConsoleOutputCharacterW
WriteConsoleOutputCharacterW
GetConsoleAliasExesA
GetDateFormatW
Sleep
InterlockedIncrement
GetProcAddress
ExitProcess
MoveFileA
DeleteFileA
RaiseException
GetStartupInfoW
HeapValidate
IsBadReadPtr
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
WriteFile
GetStdHandle
GetACP
GetCPInfo
IsValidCodePage
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
GetCommandLineW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
RtlUnwind
OutputDebugStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CloseHandle
CreateFileA

user32

CharUpperW

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�ʮ=�u
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0aa6e337c2cfd6bc7063b3211897b34e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 150KB - Virtual size: 149KB

.data Size: 68KB - Virtual size: 232KB

.rsrc Size: 34KB - Virtual size: 34KB

�ʮ=�u Size: 16KB - Virtual size: 20KB

.text
Size: 150KB - Virtual size: 149KB

.data
Size: 68KB - Virtual size: 232KB

.rsrc
Size: 34KB - Virtual size: 34KB

�ʮ=�u
Size: 16KB - Virtual size: 20KB