01f5a1f72f3f59e7b23627dff52e6dc3d9f166b864d639d2cbe40fd8c7327ddd[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

01f5a1f72f3f59e7b23627dff52e6dc3d9f166b864d639d2cbe40fd8c7327ddd.exe
Size

828KB
MD5

de2d29373ade9c3b8b13c8ef6798ffc0
SHA1

0f4b8c0b9f0c9dbe972303a2072321d45ecc2ab8
SHA256

01f5a1f72f3f59e7b23627dff52e6dc3d9f166b864d639d2cbe40fd8c7327ddd
SHA512

6530b6cbee303621ae356e238dae6f800288609b58bf06028dc7784bf42ea7489c4713296b8988011970934c84a4cd562f1b44420531f1188e95f8534a2ed11c
SSDEEP

24576:H8R4J3kkCbtdsWhwgDaPWqimnOP8DeXXI:H8sd6lhwgDaPWqdDeo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01f5a1f72f3f59e7b23627dff52e6dc3d9f166b864d639d2cbe40fd8c7327ddd.exe

Files

01f5a1f72f3f59e7b23627dff52e6dc3d9f166b864d639d2cbe40fd8c7327ddd.exe
.exe windows:5 windows x86 arch:x86

bb5c85780accae38869d0dd0616cda73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\hagimif\winekuted-xifi72 jokejul\xipe16-da.pdb

Imports

kernel32

WriteProfileSectionW
GetNumaHighestNodeNumber
FindFirstVolumeW
SetConsoleCursorInfo
HeapLock
FindFirstChangeNotificationA
WaitForMultipleObjects
GetNamedPipeHandleStateW
FileTimeToDosDateTime
EnumResourceTypesW
EnumResourceNamesW
GetTimeZoneInformation
TerminateThread
WaitForMultipleObjectsEx
GetVersionExW
VerifyVersionInfoA
GetConsoleOutputCP
SetEvent
FindNextFileW
CopyFileExA
BuildCommDCBAndTimeoutsW
GetConsoleAliasesLengthA
GetCompressedFileSizeW
ReadConsoleOutputCharacterA
SetDefaultCommConfigA
VerLanguageNameA
_hread
GetCommConfig
WritePrivateProfileStructW
FreeEnvironmentStringsW
CreateTimerQueue
FindVolumeClose
ResetWriteWatch
WriteConsoleInputA
SetWaitableTimer
SetComputerNameExA
FindAtomA
ReleaseSemaphore
LocalUnlock
CallNamedPipeW
VirtualProtect
GlobalAlloc
TlsGetValue
GetCommandLineW
InterlockedDecrement
CopyFileA
AddRefActCtx
OutputDebugStringW
FormatMessageA
GetPriorityClass
WritePrivateProfileStringA
GetUserDefaultLCID
GlobalWire
GetVersionExA
HeapValidate
GetWindowsDirectoryA
GetStartupInfoW
ConnectNamedPipe
GetLastError
GetCalendarInfoA
GetComputerNameExW
SetLastError
GetSystemWow64DirectoryW
CopyFileExW
GetCPInfoExA
GetSystemWindowsDirectoryA
ContinueDebugEvent
InterlockedIncrement
CopyFileW
GetOEMCP
GetConsoleAliasA
EnumResourceNamesA
lstrlenA
LoadLibraryW
ReadConsoleA
WriteConsoleA
GetPrivateProfileSectionNamesA
FileTimeToSystemTime
GetSystemTimeAsFileTime
EnumCalendarInfoExW
SetThreadIdealProcessor
GetConsoleAliasW
GetWindowsDirectoryW
GetProfileStringA
CreateIoCompletionPort
AllocConsole
GetNumaNodeProcessorMask
GetConsoleAliasExesLengthW
CreateMailslotW
GetCommState
LocalFileTimeToFileTime
CheckRemoteDebuggerPresent
GetSystemTimeAdjustment
_lwrite
EnumSystemLocalesW
GetConsoleAliasExesLengthA
GetWriteWatch
GetModuleHandleW
GetPrivateProfileStringA
GetProfileStringW
CreateActCtxA
GetUserDefaultLangID
IsProcessInJob
GetDevicePowerState
AreFileApisANSI
OpenWaitableTimerA
OpenFileMappingW
GetProcessHandleCount
SetUnhandledExceptionFilter
SetProcessShutdownParameters
PeekNamedPipe
FillConsoleOutputCharacterW
FindNextVolumeMountPointA
SetThreadPriority
InitAtomTable
AddAtomA
CreateFileA
WriteConsoleOutputCharacterW
InitializeCriticalSection
GetConsoleAliasExesA
GetBinaryTypeW
DebugBreak
LoadLibraryA
UnhandledExceptionFilter
DeleteFileA
RaiseException
GetCommandLineA
GetStartupInfoA
IsBadReadPtr
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
Sleep
ExitProcess
GetModuleFileNameA
WriteFile
GetStdHandle
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
FreeEnvironmentStringsA
GetEnvironmentStrings
WideCharToMultiByte
GetEnvironmentStringsW
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetACP
GetCPInfo
IsValidCodePage
RtlUnwind
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointer
CloseHandle
SetStdHandle

gdi32

GetBitmapBits

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 589KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

A�Jg�uo
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bb5c85780accae38869d0dd0616cda73

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

Sections

.text Size: 180KB - Virtual size: 180KB

.data Size: 589KB - Virtual size: 1.2MB

.rsrc Size: 23KB - Virtual size: 22KB

.reloc Size: 17KB - Virtual size: 17KB

A�Jg�uo Size: 16KB - Virtual size: 20KB

.text
Size: 180KB - Virtual size: 180KB

.data
Size: 589KB - Virtual size: 1.2MB

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 17KB - Virtual size: 17KB

A�Jg�uo
Size: 16KB - Virtual size: 20KB