e044f6c67b37691b8a0748c6cb20fdb52e0b2e2a3cd5aa23e8be53ea3f78a392

Sharing

Copy URL Twitter E-mail

General

Target

e044f6c67b37691b8a0748c6cb20fdb52e0b2e2a3cd5aa23e8be53ea3f78a392
Size

79KB
MD5

a3651f36146a323c568cc2a0ede39d2f
SHA1

154f63f7d7cbb9217e39d84fb88142e26405cbf7
SHA256

e044f6c67b37691b8a0748c6cb20fdb52e0b2e2a3cd5aa23e8be53ea3f78a392
SHA512

4921d9c344f5762fa878ae33c72a8d0e1ffb893bdfe30354f0941847ca6216bb269c943722c44125c6051dbef0ee4a5a110679590f25f12df0a2357a143124f8
SSDEEP

1536:LF2B3Yh1uXfTETikSytAhsNqn7pwNqv+1UOZuhGY9DBx5y1vZ6dxW0tfphcnhc0e:QB3Yh1uXfTETikSytAhsNqn7pwNqv+1Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e044f6c67b37691b8a0748c6cb20fdb52e0b2e2a3cd5aa23e8be53ea3f78a392

Files

e044f6c67b37691b8a0748c6cb20fdb52e0b2e2a3cd5aa23e8be53ea3f78a392
.exe windows:5 windows x86 arch:x86

21df7be1f5bfc3f19ce6457e30e7afa5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

evcreate.pdb

Imports

msvcrt

strtok
wcstok
fprintf
fflush
wcstol
wcstoul
wcstod
_vsnwprintf
_fileno
_get_osfhandle
_errno
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__winitenv
exit
_cexit
_XcptFilter
_exit
_c_exit
_iob

advapi32

RegisterEventSourceW
OpenEventLogW
OpenProcessToken
GetTokenInformation
ReportEventW
DeregisterEventSource
CloseEventLog
RegConnectRegistryW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

kernel32

GetProcessHeap
HeapSize
ReadConsoleW
ReadFile
WriteConsoleW
SetConsoleMode
HeapFree
HeapReAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
ExitProcess
GetConsoleOutputCP
GetModuleFileNameW
GetComputerNameExW
SetLastError
CloseHandle
GetLastError
GetCurrentProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapValidate
WideCharToMultiByte
MultiByteToWideChar
HeapAlloc
LocalFree
FormatMessageW
CompareStringA
GetThreadLocale
CompareStringW
lstrlenW
lstrlenA
GetFileType
GetStdHandle
VerifyVersionInfoW
VerSetConditionMask
GetConsoleMode

user32

LoadStringW
CharUpperW

mpr

WNetCancelConnection2W
WNetAddConnection2W
WNetGetLastErrorW

secur32

GetUserNameExW

ws2_32

WSAGetLastError
inet_addr
gethostbyaddr
WSACleanup
WSAStartup

netapi32

NetApiBufferFree
NetServerGetInfo

shlwapi

StrChrIW
StrStrIW
StrStrW
StrChrW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

21df7be1f5bfc3f19ce6457e30e7afa5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

user32

mpr

secur32

ws2_32

netapi32

shlwapi

version

Sections

.text Size: 28KB - Virtual size: 28KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 49KB - Virtual size: 81KB

.text
Size: 28KB - Virtual size: 28KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 49KB - Virtual size: 81KB