ed58b876078543d65db10642b630c006a5f12246bf0c921164c4e9e4414c4bf0

General

Target

ed58b876078543d65db10642b630c006a5f12246bf0c921164c4e9e4414c4bf0
Size

14KB
MD5

b3fef432f160a972150b0d1f55d8e6e9
SHA1

63dcfd25a741217b512c83cf09199eb742ada3e8
SHA256

ed58b876078543d65db10642b630c006a5f12246bf0c921164c4e9e4414c4bf0
SHA512

d373ace83f0eb1c75c74db27322cbb2d3b532089731265666897727e6b686cafefe2abb4d1bc61f4da677b6cf01001463bc740881d812e2cc44e0c162c8463d0
SSDEEP

384:U6XxW3eTHITYFJSixB9AFwHoXu1JpN3f3p8G:UnIEY2QPoXufX3Pp8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed58b876078543d65db10642b630c006a5f12246bf0c921164c4e9e4414c4bf0

Files

ed58b876078543d65db10642b630c006a5f12246bf0c921164c4e9e4414c4bf0
.exe windows:6 windows x64 arch:x64

f6d9f7957bdd0fb8f2a0cb5ba17e5e88

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CheckRemoteDebuggerPresent
GetCurrentProcess
GetModuleHandleA
GetProcAddress
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
TerminateProcess
GetModuleHandleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
QueryPerformanceCounter

vcruntime140d

__C_specific_handler
__current_exception
__current_exception_context
memcpy

ucrtbased

_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_cexit
__p___argv
__p___argc
_set_fmode
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
__setusermatherr
_set_app_type
_seh_filter_exe
exit
strlen
_c_exit

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6d9f7957bdd0fb8f2a0cb5ba17e5e88

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140d

ucrtbased

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 600B

.reloc Size: 512B - Virtual size: 52B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 600B

.reloc
Size: 512B - Virtual size: 52B