cd923ec67cb3afb2adf62d9fcaec9317c78f8169cf036139ec02f3c25ec6f380

Sharing

Copy URL Twitter E-mail

General

Target

cd923ec67cb3afb2adf62d9fcaec9317c78f8169cf036139ec02f3c25ec6f380
Size

8.0MB
MD5

f71df1efd2e42f48b74650799108a0c0
SHA1

ceaaf5a8149e7e93d6e982e4e5a267814f39ccaf
SHA256

cd923ec67cb3afb2adf62d9fcaec9317c78f8169cf036139ec02f3c25ec6f380
SHA512

0be161fb3ca690e6e56f4eab33e9b0bae8ca8b4d07ee271838ab298d54d9f3181157d28eb22629fb0fbca9044050f8af3cace7e79225b2e830a3687b70670ad2
SSDEEP

49152:Cc8Va4c+FlfuM7Iahm6ZOJ/EjeHVEUZ3RAeMX+IDOPmpYB78W4q6KVK5FH6+TX3b:cgT+FlvI6jZOJMjeH5IQaW4BKcvR3id

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd923ec67cb3afb2adf62d9fcaec9317c78f8169cf036139ec02f3c25ec6f380

Files

cd923ec67cb3afb2adf62d9fcaec9317c78f8169cf036139ec02f3c25ec6f380
.exe windows:5 windows x86 arch:x86

c5a5180b9e4ac5e6c6fa26dcdf9a20db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

debug.pdb

Imports

kernel32

SizeofResource
GetFileSizeEx
SetLastError
GetLongPathNameW
WriteFile
GetTempPathW
FindClose
CreateFileW
GetFileAttributesW
SetFileAttributesW
GetFileAttributesExW
DeleteFileW
LoadResource
FindResourceW
GetCurrentDirectoryW
SetFilePointerEx
ReadFile
MultiByteToWideChar
GetLastError
WideCharToMultiByte
GetProcAddress
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
GetCommandLineW
IsDebuggerPresent
VirtualQuery
VirtualProtect
GetSystemInfo
DecodePointer
HeapReAlloc
HeapSize
GetSystemTime
GetModuleHandleW
GetModuleFileNameW
GetModuleHandleExW
GetCurrentProcess
LoadLibraryExW
GetSystemDirectoryW
GetProcessHeap
HeapAlloc
CloseHandle
HeapFree
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetConsoleMode
ReadConsoleW
GetFileType
GetConsoleCP
SetStdHandle
ExitProcess
GetStdHandle
GetCommandLineA
GetACP
SetEndOfFile
WriteConsoleW
FlushFileBuffers
CompareStringW
LCMapStringW
GetStringTypeW
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
LoadLibraryExA

user32

wsprintfW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

ord165

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.9MB - Virtual size: 7.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5a5180b9e4ac5e6c6fa26dcdf9a20db

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 106KB - Virtual size: 106KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 7KB - Virtual size: 27KB

.rsrc Size: 7.9MB - Virtual size: 7.9MB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 106KB - Virtual size: 106KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 7KB - Virtual size: 27KB

.rsrc
Size: 7.9MB - Virtual size: 7.9MB

.reloc
Size: 6KB - Virtual size: 5KB