369b713689771a00af1406314ad546d8f5564ffc0481eb271778398950d90ca2

Sharing

Copy URL Twitter E-mail

General

Target

369b713689771a00af1406314ad546d8f5564ffc0481eb271778398950d90ca2
Size

256KB
MD5

d9fc2a617b8b4398abcc61b95f370274
SHA1

7fe7667c52c7d3b376b6a493d8bc028eb9094e91
SHA256

369b713689771a00af1406314ad546d8f5564ffc0481eb271778398950d90ca2
SHA512

66b449c1b8e83852e41a5afcdaeb40a73e01063068e50c21c8f7539af0ac9bd93f8daeaecf4f87f678f558b423fa4bfd308e84925549fdba82c4ad57a0b2f411
SSDEEP

1536:EnM4zy196OLRKxzuxmLy1iv6asYOanW8e6lWZAxgS01QCFiiVtO1:E7zy19rUuxky1msYbze6lW31QCNDO1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
369b713689771a00af1406314ad546d8f5564ffc0481eb271778398950d90ca2

Files

369b713689771a00af1406314ad546d8f5564ffc0481eb271778398950d90ca2
.exe windows:6 windows x64 arch:x64

205ca29adcb10fd67a8ab0dd121df11a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\assemblage\Builds\1288292285159619487ogcabaguqs\EasySniff-master\EasySniff\assemblage_outdir_bin\EasySniff.pdb

Imports

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
Sleep

api-ms-win-crt-runtime-l1-1-0

terminate
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
abort
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_crt_at_quick_exit

api-ms-win-crt-string-l1-1-0

memset

vcruntime140

__CxxRegisterExceptionObject
__CxxDetectRethrow
__CxxExceptionFilter
__CxxQueryExceptionSize
__FrameUnwindFilter
__C_specific_handler
__CxxUnregisterExceptionObject

mscoree

_CorExeMain

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

205ca29adcb10fd67a8ab0dd121df11a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

vcruntime140

mscoree

Sections

.text Size: 30KB - Virtual size: 29KB

.nep Size: 1KB - Virtual size: 1KB

.rdata Size: 140KB - Virtual size: 140KB

.data Size: 1KB - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 288B

.gfids Size: 512B - Virtual size: 12B

.rsrc Size: 80KB - Virtual size: 80KB

.reloc Size: 512B - Virtual size: 24B

.text
Size: 30KB - Virtual size: 29KB

.nep
Size: 1KB - Virtual size: 1KB

.rdata
Size: 140KB - Virtual size: 140KB

.data
Size: 1KB - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 288B

.gfids
Size: 512B - Virtual size: 12B

.rsrc
Size: 80KB - Virtual size: 80KB

.reloc
Size: 512B - Virtual size: 24B