e7117b9ce842373ee3fdbfe39db5b367e7573d18f3c7d37235a2b6268617acbfN

Sharing

Copy URL Twitter E-mail

General

Target

e7117b9ce842373ee3fdbfe39db5b367e7573d18f3c7d37235a2b6268617acbfN
Size

36KB
MD5

85f7272cee40bf8c16c6174190918690
SHA1

4c0d41109e4df6932baaad2d3a0ec567d3a03ab9
SHA256

e7117b9ce842373ee3fdbfe39db5b367e7573d18f3c7d37235a2b6268617acbf
SHA512

8163d7841fa14a879651172de1592d44a77baa1dedf021d2381aab39787a200ca899e2ff8c555a4274cf0f23ac518915d4cb15e75f6be48c1f6da6d4f7aa399c
SSDEEP

768:W4/TCT7u/9RFc8yTsxMzx0msPisKl4qJnisKl4qJ:RVRKtsSN0msPisKldJnisKldJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e7117b9ce842373ee3fdbfe39db5b367e7573d18f3c7d37235a2b6268617acbfN

Files

e7117b9ce842373ee3fdbfe39db5b367e7573d18f3c7d37235a2b6268617acbfN
.exe windows:6 windows x64 arch:x64

ceedd50f3a7b194927c03e7c4404686f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

quser.pdb

Imports

winsta

WinStationQueryInformationW
WinStationFreeMemory
WinStationEnumerateW
WinStationOpenServerW

utildll

GetUnknownString
StrConnectState

user32

CharToOemW
LoadStringW

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
RtlVirtualUnwind
GetDateFormatW
SetThreadUILanguage
GlobalAlloc
WideCharToMultiByte
GetTimeFormatW
FileTimeToSystemTime
GetConsoleOutputCP
GetLastError
GlobalFree
HeapSetInformation
FileTimeToLocalFileTime
FreeLibrary
GetModuleHandleW
GetSystemTimeAsFileTime
FormatMessageW
WriteConsoleW
MultiByteToWideChar
GetStdHandle
SetLastError
GetFileType
GetACP
LocalAlloc
GetOEMCP
LocalFree
GetCommandLineW
VerSetConditionMask
VerifyVersionInfoW
FindFirstFileW
GetFileAttributesW
FindClose
FindNextFileW
TerminateProcess
__chkstk
RtlCaptureContext
RtlLookupFunctionEntry
GetCurrentProcess
UnhandledExceptionFilter
LoadLibraryW

msvcrt

free
malloc
vswprintf_s
_ultoa
wcscat_s
_wcsnicmp
wcstol
iswdigit
wprintf
printf
memmove
wcstoul
fwprintf
__getmainargs
__C_specific_handler
_XcptFilter
_exit
_cexit
exit
_initterm
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
vfwprintf
wcschr
wcscpy_s
_wsetlocale
setlocale
_iob
fprintf
_wcslwr
swprintf_s
_wcsdup
memset
memcpy

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�.
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ceedd50f3a7b194927c03e7c4404686f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winsta

utildll

user32

kernel32

msvcrt

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 1024B - Virtual size: 7KB

.pdata Size: 1024B - Virtual size: 516B

.rsrc Size: 2KB - Virtual size: 1KB

�. Size: 512B - Virtual size: 124B

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 1024B - Virtual size: 7KB

.pdata
Size: 1024B - Virtual size: 516B

.rsrc
Size: 2KB - Virtual size: 1KB

�.
Size: 512B - Virtual size: 124B