ff88d66b924049cdb5c3ddd688cbc999637749e114453e8b788ba90669946410

Sharing

Copy URL

Twitter E-mail

General

Target

ff88d66b924049cdb5c3ddd688cbc999637749e114453e8b788ba90669946410
Size

4.4MB
MD5

e6d890a78b62392efffb3fb7832615c0
SHA1

e134941f6c20236e8067962667949f5eccdf75ed
SHA256

ff88d66b924049cdb5c3ddd688cbc999637749e114453e8b788ba90669946410
SHA512

5b8999d7a19da53ab282954324a9a76c6a3a5947a3a40d6115ff7a555097dc1c792b803ebbd633cbad82cec7ee550aefd3b09bc6fdfec993307ea9a3bfef5325
SSDEEP

98304:RB3T1Ave8k85dvm+nVk9yoErNGmKq6v6tF2gXytIn9TAhl1ic:rOe8d3xVXD/K76z2FtG9TAhl1

Score

1^/10

Malware Config

Signatures

Files

ff88d66b924049cdb5c3ddd688cbc999637749e114453e8b788ba90669946410
.exe windows:5 windows x86 arch:x86

0e505561e4a7cf571623e5bc39a38b30

Code Sign

28:67:14:7f:4d:c7:48:ec:fb:78:78:c7:a9:fd:89:73
Certificate

Issuer

POSTALCODE=10091

Not Before

04-07-2021 13:23

Not After

04-07-2022 13:23

Subject

POSTALCODE=10091

ff:2b:e8:f1:52:82:3e:bd:44:ac:1e:9b:26:41:79:b5:05:f6:9f:50:a1:34:ce:a2:6b:3f:c4:aa:04:08:3e:6d
Signer

Actual PE Digest

ff:2b:e8:f1:52:82:3e:bd:44:ac:1e:9b:26:41:79:b5:05:f6:9f:50:a1:34:ce:a2:6b:3f:c4:aa:04:08:3e:6d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vawadicalaz\yopepicaf.pdb

Imports

kernel32

GetConsoleAliasesA
OpenEventW
HeapAlloc
GetUserDefaultLangID
GetGeoInfoW
VirtualProtect
LocalAlloc
HeapUnlock
WriteConsoleInputW
CreateMutexA
ReleaseMutex
GetAtomNameA
CreateJobObjectW
GetTempPathA
GetProcessHeap
CompareStringA
GetACP
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetLastError
HeapReAlloc
GetCommandLineA
GetStartupInfoA
HeapFree
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapCreate
VirtualFree
VirtualAlloc
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetOEMCP
IsValidCodePage
HeapSize
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
LoadLibraryA
SetStdHandle
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA

advapi32

BackupEventLogW

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 54KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e505561e4a7cf571623e5bc39a38b30

Code Sign

28:67:14:7f:4d:c7:48:ec:fb:78:78:c7:a9:fd:89:73Certificate

ff:2b:e8:f1:52:82:3e:bd:44:ac:1e:9b:26:41:79:b5:05:f6:9f:50:a1:34:ce:a2:6b:3f:c4:aa:04:08:3e:6dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Sections

.text Size: 4.3MB - Virtual size: 4.3MB

.data Size: 54KB - Virtual size: 1.7MB

.rsrc Size: 26KB - Virtual size: 3.2MB

.reloc Size: 21KB - Virtual size: 20KB

28:67:14:7f:4d:c7:48:ec:fb:78:78:c7:a9:fd:89:73
Certificate

ff:2b:e8:f1:52:82:3e:bd:44:ac:1e:9b:26:41:79:b5:05:f6:9f:50:a1:34:ce:a2:6b:3f:c4:aa:04:08:3e:6d
Signer

.text
Size: 4.3MB - Virtual size: 4.3MB

.data
Size: 54KB - Virtual size: 1.7MB

.rsrc
Size: 26KB - Virtual size: 3.2MB

.reloc
Size: 21KB - Virtual size: 20KB