ea8a0a8a7487db56b60106b6e31fa55ca9a110b3631082a5a6cc28cfe756e4d1N

Sharing

Copy URL Twitter E-mail

General

Target

ea8a0a8a7487db56b60106b6e31fa55ca9a110b3631082a5a6cc28cfe756e4d1N
Size

3.4MB
MD5

2ed75ec84f81015cc6f295923358d8d0
SHA1

d1e47c722073c7cd551687b3eb9907180da25c3e
SHA256

ea8a0a8a7487db56b60106b6e31fa55ca9a110b3631082a5a6cc28cfe756e4d1
SHA512

c178613f1fdd0601c653de792f9c9b0f6d4d735444329dd850475b3d815d04219c4aef419100736655995de95c771fe9617463b2e9c230fa67b52236b875caa4
SSDEEP

24576:l2+11UXekrQNDSDLSmFnWZNP5NgdogZNPrVcTi90o/RXU3I1mcqueGqNOkyadNXa:l2+1bM6DS/BnWjR6doae/yge

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea8a0a8a7487db56b60106b6e31fa55ca9a110b3631082a5a6cc28cfe756e4d1N

Files

ea8a0a8a7487db56b60106b6e31fa55ca9a110b3631082a5a6cc28cfe756e4d1N
.exe windows:6 windows x86 arch:x86

ee2ef42d332fc376f1d3e0ebdf8162bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsGetValue
ConvertFiberToThread
LocalFlags
DeleteVolumeMountPointW
ReleaseSemaphoreWhenCallbackReturns
GetProcessPriorityBoost
IsValidLocaleName
CreateMailslotW
AllocConsole
FlushFileBuffers
CreateFileW
CloseHandle
GetConsoleMode
GetConsoleOutputCP
HeapSize
SetFilePointerEx
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetACP
GetModuleHandleW
FindNextFileW
FindFirstFileExW
FindClose
GetFileType
HeapReAlloc
GetNumaAvailableMemoryNode
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
HeapFree
HeapAlloc
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
SetFileApisToOEM
GetTimeFormatW
FlushConsoleInputBuffer
GetConsoleOriginalTitleW
HeapSetInformation
QueryProcessCycleTime
GetThreadPriority
lstrcatW
GetNumaNodeProcessorMask
GlobalSize
TzSpecificLocalTimeToSystemTime
MoveFileWithProgressW
SetConsoleScreenBufferInfoEx
Sleep
IsValidCodePage
Wow64EnableWow64FsRedirection
TlsSetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
GetLastError
WriteConsoleW
RaiseException
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
PurgeComm
HeapLock
VirtualAlloc
GetCurrentProcess
GetSystemDefaultLCID
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
EraseTape
CreateTimerQueueTimer
IsBadWritePtr
StartThreadpoolIo
CloseThreadpool
GetOEMCP
EnumSystemLocalesW
ReadFile
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent

user32

EnableWindow
BeginPaint
SetForegroundWindow
UpdateWindow
FindWindowA
DdeFreeStringHandle
SetDlgItemInt
CharLowerBuffW
MenuItemFromPoint
EndDeferWindowPos
SetCapture
SendNotifyMessageW
DrawAnimatedRects
EnumDesktopsW
ModifyMenuW
LoadMenuW
LogicalToPhysicalPoint
DdeAccessData
GetMenu
GetDC
SetWindowPos
EqualRect
GetMenuItemCount
GetSystemMetrics
ArrangeIconicWindows
PrivateExtractIconsW
IsWindow
OffsetRect
RedrawWindow
DdeConnect
SetCaretBlinkTime
CharPrevW
GetLayeredWindowAttributes
GetWindowTextA
CreateCaret
GetWindowLongA
CountClipboardFormats
InternalGetWindowText
FrameRect
DdeDisconnectList
wvsprintfA
CreateIcon
DestroyMenu

gdi32

GdiSetBatchLimit
Pie
GetWindowExtEx
GetBkMode
CreateCompatibleDC
GetTextCharacterExtra
CreateDIBitmap
EnumFontsW
CreateHatchBrush
CopyEnhMetaFileW
SetEnhMetaFileBits
SetPolyFillMode
GetBrushOrgEx
ExtSelectClipRgn
GetOutlineTextMetricsW

winspool.drv

GetPrinterDriverDirectoryW
ord204
ConfigurePortW
ReadPrinter
GetPrinterDriverW
DeletePrintProvidorW
AddPrintProvidorW
AddJobW
EnumFormsW
FlushPrinter
SetPrinterW
AddPrinterW

advapi32

InitiateSystemShutdownExW
RegDeleteKeyW
DeregisterEventSource
QueryRecoveryAgentsOnEncryptedFile

shell32

SHQueryRecycleBinW
SHGetStockIconInfo

comctl32

InitCommonControlsEx
ImageList_Create
ImageList_Destroy
CreateToolbarEx
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_Remove

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee2ef42d332fc376f1d3e0ebdf8162bd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 72KB - Virtual size: 75KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 179KB - Virtual size: 178KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 72KB - Virtual size: 75KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 179KB - Virtual size: 178KB