eb09ac77a9893536ef26a72d625c5e9daec450776e63359c99b64dae68bef0fa

Sharing

Copy URL Twitter E-mail

General

Target

eb09ac77a9893536ef26a72d625c5e9daec450776e63359c99b64dae68bef0fa
Size

268KB
MD5

086471be4b6a542ca85d0a9175c5bcd4
SHA1

f2040e3018e7cc7389549d5c368b317d0ccb5ca8
SHA256

eb09ac77a9893536ef26a72d625c5e9daec450776e63359c99b64dae68bef0fa
SHA512

018fe16fba0d950fc7d252e129acd3e06928a61eedb1593ec20b57f1b57d6878a5d9d28557db0fdd681be8ccb49c643c259af8d84cfe652f4156cc5cac7edc6b
SSDEEP

3072://Bs4+4RjFezlbYbbwxNs93/7QizVYLWZzDPxHG84/FtmQ0pjx+UUJPUKR9qK+Vr://Bs68lTxWdQifF1msd8JPZvqPcO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb09ac77a9893536ef26a72d625c5e9daec450776e63359c99b64dae68bef0fa

Files

eb09ac77a9893536ef26a72d625c5e9daec450776e63359c99b64dae68bef0fa
.exe windows:5 windows x86 arch:x86

2e597c3cad65c640f86e9fb302891f6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\code\svn\trunk\build\Release\scan.pdb

Imports

rxmss

RFileEnumFirstA
MssLoadLibFile2
EncodePointer
DecodePointer
RFileEnumNext
RFileEnumClose
RApiInit
MssLoadLibFile2W

rxruntim

ValueClear
ValueInit
ValueSetType2
RoCreateInstance
ValueSet
ValueCheckType

rxffr

fmtid2name

kernel32

SetLastError
RaiseException
ReadConsoleW
ReadFile
SetEndOfFile
CreateFileW
LCMapStringW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
WriteConsoleW
SetFilePointerEx
SetStdHandle
SetConsoleTextAttribute
GetStdHandle
GetFileAttributesA
GetModuleFileNameA
GetModuleHandleA
MultiByteToWideChar
GetLastError
LoadLibraryA
CreateMutexA
CreateEventA
WaitForSingleObject
ReleaseMutex
SetEvent
CloseHandle
GetACP
GetModuleFileNameW
GetModuleHandleW
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateDirectoryA
MoveFileExA
DeleteFileA
InterlockedIncrement
InterlockedDecrement
CreateFileMappingA
HeapReAlloc
LoadLibraryW
HeapFree
HeapAlloc
SetConsoleCtrlHandler
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetOEMCP
GetCPInfo
GetCurrentThreadId
GetProcessHeap
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
WriteFile
HeapSize
Sleep
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetFileType
GetStartupInfoW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStringTypeW
LoadLibraryExW
OutputDebugStringW

Sections

.text
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e597c3cad65c640f86e9fb302891f6b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rxmss

rxruntim

rxffr

kernel32

Sections

.text Size: 171KB - Virtual size: 170KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 11KB - Virtual size: 19KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 39KB - Virtual size: 39KB

.text
Size: 171KB - Virtual size: 170KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 11KB - Virtual size: 19KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 39KB - Virtual size: 39KB