a5e61836d4ca8f4f5fca62b50f6387cb73875a8379598ce5b0bc4c49b51f71db

Sharing

Copy URL Twitter E-mail

General

Target

a5e61836d4ca8f4f5fca62b50f6387cb73875a8379598ce5b0bc4c49b51f71db
Size

204KB
MD5

2cca0d99ef9380ae0ef68a0d053ad795
SHA1

f0aa113074b628a37ba3b29d418739c3af3b6f72
SHA256

a5e61836d4ca8f4f5fca62b50f6387cb73875a8379598ce5b0bc4c49b51f71db
SHA512

3dce3450cbae60ac07af297d39aaea1ba941f9e12db9270b7b2d81ef108e509b028baf111b65e584994145caaff08e72a4965156156a73d6b39101b2a548fae9
SSDEEP

3072:HTZvSByyTua6fPjvHFKaZPXFf8NMaE8slxgHz//x40slL1DpuzBI3r2VbSH6SLG6:HTZvHyTcAaZ1kTsoT//A5D7aYaT/PBw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2b7385aa5abdda5bbf3da3fc48215fc837b3cd15270fc618ceac03bfb5c0ddca

Files

a5e61836d4ca8f4f5fca62b50f6387cb73875a8379598ce5b0bc4c49b51f71db
.zip

Password: infected
2b7385aa5abdda5bbf3da3fc48215fc837b3cd15270fc618ceac03bfb5c0ddca
.exe windows:5 windows x86 arch:x86

af44dcafed165daab29f132f710193c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\sugun\xuyukinubo\newevegovog\jozanuh9\yuxugucoseru\g.pdb

Imports

kernel32

SearchPathW
SetInformationJobObject
lstrlenA
InterlockedDecrement
InitializeSListHead
GetSystemWindowsDirectoryW
GetProfileStringW
FlushViewOfFile
GetUserDefaultLangID
LoadLibraryW
ReadConsoleInputA
FreeConsole
GetSystemWow64DirectoryW
HeapDestroy
SetConsoleCursorPosition
GetModuleFileNameW
GetOverlappedResult
GetStartupInfoW
CreateDirectoryA
GetCPInfoExW
GetLastError
GetProcAddress
VirtualAlloc
CreateNamedPipeA
SetStdHandle
GetPrivateProfileStringA
OpenMutexA
LocalAlloc
MoveFileA
PostQueuedCompletionStatus
FindAtomA
GetPrivateProfileStructA
SetEnvironmentVariableA
WTSGetActiveConsoleSessionId
HeapSetInformation
FreeEnvironmentStringsW
GetCurrentDirectoryA
OutputDebugStringA
FindAtomW
CloseHandle
SetFilePointer
GetCommandLineA
InterlockedIncrement
DecodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
RtlUnwind
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentThreadId
TlsFree
GetModuleHandleW
SetLastError
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
ExitProcess
GetModuleFileNameA
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
HeapValidate
IsBadReadPtr
HeapCreate
WriteFile
GetStringTypeW
MultiByteToWideChar
WriteConsoleW
OutputDebugStringW
LCMapStringW
HeapAlloc
HeapReAlloc
HeapSize
HeapQueryInformation
HeapFree
IsProcessorFeaturePresent
RaiseException
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
CreateFileW

winhttp

WinHttpReadData

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14.3MB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

af44dcafed165daab29f132f710193c2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

winhttp

Sections

.text Size: 138KB - Virtual size: 137KB

.rdata Size: 42KB - Virtual size: 41KB

.data Size: 69KB - Virtual size: 4.2MB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 14.3MB - Virtual size: 23KB

.text
Size: 138KB - Virtual size: 137KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 69KB - Virtual size: 4.2MB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 14.3MB - Virtual size: 23KB