b8068e556b9e6c36a3b8328f8aa6b621e6a6234b680f6ce969152b54edc196a9

General

Target

b8068e556b9e6c36a3b8328f8aa6b621e6a6234b680f6ce969152b54edc196a9
Size

190KB
MD5

b869b969f654b618e196b22ba84c478b
SHA1

49a7bd72b261a7544544a23134993ac6776952fa
SHA256

b8068e556b9e6c36a3b8328f8aa6b621e6a6234b680f6ce969152b54edc196a9
SHA512

a94f869fa2a1f90a215921ce92aac07ae4f2fb152a927986760f2113ce45438a7000f8b3fc4cdf9eef02ee3d3f11346c6075a31c1439ca597bac3eaca5d32dec
SSDEEP

3072:cpUiLFUYkfZ0WAFy/YxCpZ+9SNVKzjNPfl8g1z6iziwMBWO5o6mX8EG45pp1qXRk:mdFkNAmgSDK59xVjiwuFIX8Dqpp1UXU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/01ce2c3c8448bae948c37ceeb6e9631805055738b5b94b22dfa8a005ece895c4.exe

Files

b8068e556b9e6c36a3b8328f8aa6b621e6a6234b680f6ce969152b54edc196a9
.zip

Password: infected
01ce2c3c8448bae948c37ceeb6e9631805055738b5b94b22dfa8a005ece895c4.exe
.exe windows:4 windows x86 arch:x86

e858a14f217810d78466806d95d7fceb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSizeEx
CreateFileA
InitializeCriticalSection
DeleteCriticalSection
GetFileSize
LeaveCriticalSection
EnterCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
SetErrorMode
VirtualAlloc
VirtualFree
FreeLibrary
HeapAlloc
GetProcessHeap
GetModuleHandleA
SetLastError
VirtualProtect
IsBadReadPtr
HeapFree
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateDirectoryA
GetStartupInfoA
ReadFile
SetFilePointer
WriteFile
SetFileTime
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
GlobalAlloc
LoadLibraryA
GetProcAddress
GlobalFree
GetModuleFileNameA
CloseHandle

user32

wsprintfA

advapi32

CryptDecrypt
CryptDestroyKey
CryptReleaseContext
CryptImportKey
CryptAcquireContextA

ws2_32

WSAStartup
inet_addr
WSACleanup

msvcrt

_controlfp
__set_app_type
__p__fmode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
__p__commode
strcpy
memset
strlen
memcpy
__CxxFrameHandler
??3@YAXPAX@Z
memcmp
_except_handler3
_local_unwind2
??2@YAPAXI@Z
sscanf
strcmp
__p___argv
__p___argc
strrchr
realloc
_stricmp
free
malloc
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
calloc
strcat
_mbsstr

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

e858a14f217810d78466806d95d7fceb

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

msvcrt

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 8KB - Virtual size: 5KB

.rsrc Size: 160KB - Virtual size: 158KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 160KB - Virtual size: 158KB