5be88f03884a55c2b374519b82a5409fd97b6413b6e24f03a9368784eb517fd5

Sharing

Copy URL

Twitter E-mail

General

Target

5be88f03884a55c2b374519b82a5409fd97b6413b6e24f03a9368784eb517fd5
Size

45KB
MD5

b2f47ab25e0a26264eadc807d6d48381
SHA1

04ee4815c0874697dd6d10edc95f0583a02e3236
SHA256

5be88f03884a55c2b374519b82a5409fd97b6413b6e24f03a9368784eb517fd5
SHA512

25b68f50b23cdbdfdc7638389da70cf1a449308c8702a12454e9e25f75db5c5bcdccb9c8af8b52d89818a2e95cf212c04bb0452780911479db200f5cc64cb9eb
SSDEEP

768:9wyxy78ycGt0e3N32jz7SLwQgrgml+f54GAXcsPEu2owRA1WdUvBC6NM:9Dy78ycGtj2tgm7Xcscu2OWy5o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5be88f03884a55c2b374519b82a5409fd97b6413b6e24f03a9368784eb517fd5

Files

5be88f03884a55c2b374519b82a5409fd97b6413b6e24f03a9368784eb517fd5
.exe windows:5 windows x86 arch:x86

b37fee49451871e8d6750352b26c77fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

esentutl.pdb

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__initenv
_cexit
_XcptFilter
_exit
_c_exit
_strupr
atoi
atol
fwprintf
_iob
iswascii
??2@YAPAXI@Z
??3@YAXPAX@Z
swprintf
_wctime
wprintf
wcslen
wcscpy
strchr
_fullpath
_strcmpi
_splitpath
_makepath
_getch
sprintf
exit
printf
_mbsnbcpy

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

kernel32

SetEvent
ReadFile
InterlockedIncrement
SetThreadAffinityMask
GetCurrentThread
GetSystemInfo
GetQueuedCompletionStatus
SetThreadPriorityBoost
VirtualFree
WaitForSingleObjectEx
CreateEventW
VirtualAlloc
GetFileSize
CreateThread
GetProcAddress
LoadLibraryExA
GetLastError
FormatMessageA
GetTickCount
GetModuleHandleA
CopyFileA
MoveFileA
DeleteFileA
MoveFileExA
FindClose
FindFirstFileA
CloseHandle
GetCurrentProcess
MultiByteToWideChar
LocalFree
FormatMessageW
LoadLibraryA
FreeLibrary
GetComputerNameA
GetCurrentProcessId
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateIoCompletionPort
CreateFileW
LocalAlloc

user32

MessageBoxA

esent

JetRestore2
JetBackup
JetEndSession
JetDBUtilities
JetDetachDatabase
JetBeginSession
JetCompact
JetGetSystemParameter
JetSetSystemParameter
JetTerm2
JetInit2
JetInit
JetGetDatabaseFileInfo
JetAttachDatabaseWithStreaming
JetOpenDatabase
JetCloseDatabase
JetTerm
JetOpenTable
JetGetTableColumnInfo
JetCloseTable
JetMove
JetRetrieveColumns

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b37fee49451871e8d6750352b26c77fc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

user32

esent

Sections

.text Size: 42KB - Virtual size: 41KB

.data Size: 512B - Virtual size: 97KB

.rsrc Size: 2KB - Virtual size: 66KB

.text
Size: 42KB - Virtual size: 41KB

.data
Size: 512B - Virtual size: 97KB

.rsrc
Size: 2KB - Virtual size: 66KB