37a6006013b8ae6b136b4dbb44ba232de94e1bed2197a7243e9143cd3a18fffb

Sharing

Copy URL

Twitter E-mail

General

Target

37a6006013b8ae6b136b4dbb44ba232de94e1bed2197a7243e9143cd3a18fffb
Size

619KB
MD5

923286a83c76e39fe35d0206733ccfb6
SHA1

5ec5fc824b383e68605df8aca793f5d8acaae7c0
SHA256

37a6006013b8ae6b136b4dbb44ba232de94e1bed2197a7243e9143cd3a18fffb
SHA512

d3a77fa5a94d501f5a90cc9f717c0847173785d1220ec83ef21d5218b220ebaf76e3ee48ba51719b8afed5f9f8b305514ffddd4438177d8173e19760693e1f46
SSDEEP

12288:MrN2J9PuUmiJ9Z3kx80iaS/gimGwhUU0S2bmjStlPU31Vgw16vsuZ/zh:MuP5mitkxQaRiUUUqft9U31Vx6vs2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/4bb311ba0e479264b1d3c7deab5bfb44b0c1fb100d82aa7d605369b0ac938981.exe

Files

37a6006013b8ae6b136b4dbb44ba232de94e1bed2197a7243e9143cd3a18fffb
.zip

Password: infected
4bb311ba0e479264b1d3c7deab5bfb44b0c1fb100d82aa7d605369b0ac938981.exe
.exe windows:5 windows x86 arch:x86

694d481161f15a3a50297f304cce5a11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumResourceNamesW
HeapCompact
SetEndOfFile
LocalCompact
CreateHardLinkA
GlobalAlloc
LoadLibraryW
ReadConsoleInputA
IsBadWritePtr
IsBadStringPtrA
GlobalUnlock
GetLastError
SetLastError
GetProcAddress
CreateJobSet
LoadLibraryA
SetConsoleCtrlHandler
AddAtomW
CreateEventW
HeapLock
EnumResourceTypesW
GetModuleFileNameA
GetOEMCP
GetCurrentDirectoryA
GetFileTime
GetCurrentThreadId
Module32NextW
GetDiskFreeSpaceExW
TerminateJobObject
DebugBreak
CreateFileW
WriteConsoleW
CloseHandle
FlushFileBuffers
GetConsoleMode
HeapAlloc
GetCommandLineW
HeapSetInformation
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
ExitProcess
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
HeapFree
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
ReadFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
Sleep
MultiByteToWideChar
SetFilePointer
RtlUnwind
GetCPInfo
GetACP
IsValidCodePage
WideCharToMultiByte
HeapSize
HeapReAlloc
SetStdHandle
LCMapStringW
GetStringTypeW
GetConsoleCP
RaiseException

user32

GetKeyboardLayout
CharUpperBuffA
SetCursorPos
LoadMenuW
GetSysColorBrush
GetSystemMetrics
SetCaretPos
GetMessageTime

Sections

.text
Size: 637KB - Virtual size: 636KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 147KB - Virtual size: 28.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yug
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ruwuvoh
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

694d481161f15a3a50297f304cce5a11

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 637KB - Virtual size: 636KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 147KB - Virtual size: 28.4MB

.yug Size: 1024B - Virtual size: 1024B

.ruwuvoh Size: 6KB - Virtual size: 6KB

.rsrc Size: 32KB - Virtual size: 32KB

.text
Size: 637KB - Virtual size: 636KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 147KB - Virtual size: 28.4MB

.yug
Size: 1024B - Virtual size: 1024B

.ruwuvoh
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 32KB - Virtual size: 32KB