ed81b612f675d6769568be99b4f69e28843956a325a66699c5a2b590f87a1410N

Sharing

Copy URL

Twitter E-mail

General

Target

ed81b612f675d6769568be99b4f69e28843956a325a66699c5a2b590f87a1410N
Size

9.1MB
MD5

30843986f32b299cf18a78177db6ec40
SHA1

acd31a212ee3b68cbadd89fc9d7860bd5bb2a751
SHA256

ed81b612f675d6769568be99b4f69e28843956a325a66699c5a2b590f87a1410
SHA512

dcc5d43ca4ca19cecd48bc19b2e7f4e98c91544fa1801833a5a5fa465b50b5cb7d3aa2e1e035874c2669ded0b23e599beec2508693d0de11fa80179b502a1e22
SSDEEP

196608:gZGusfpGjLkT0y1C11ip2wqQXm+ckwgHmdY594L8a:RewO5wqkmNdzA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed81b612f675d6769568be99b4f69e28843956a325a66699c5a2b590f87a1410N

Files

ed81b612f675d6769568be99b4f69e28843956a325a66699c5a2b590f87a1410N
.exe windows:10 windows x64 arch:x64

f24f80895f262d02c3ef9a90c4c21528

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

notepad.pdb

Imports

kernel32

GetProcAddress
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

gdi32

CreateDCW

user32

PostMessageW

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_c_exit

api-ms-win-crt-private-l1-1-0

_o__callnewh

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsFileSpecW

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString

api-ms-win-core-synch-l1-1-0

SetEvent

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-winrt-l1-1-0

RoInitialize

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-eventing-provider-l1-1-0

EventProviderEnabled

api-ms-win-core-synch-l1-2-0

Sleep

comctl32

CreateStatusWindowW

Sections

.text
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.:%a
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.PY>
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

..N#
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f24f80895f262d02c3ef9a90c4c21528

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

user32

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-shcore-path-l1-1-0

api-ms-win-shcore-scaling-l1-1-1

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-2-0

comctl32

Sections

.text Size: 146KB - Virtual size: 145KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 3KB - Virtual size: 9KB

.pdata Size: 4KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 376B

.:%a Size: 4.4MB - Virtual size: 4.4MB

.PY> Size: 3KB - Virtual size: 3KB

..N# Size: 4.5MB - Virtual size: 4.5MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 146KB - Virtual size: 145KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 3KB - Virtual size: 9KB

.pdata
Size: 4KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 376B

.:%a
Size: 4.4MB - Virtual size: 4.4MB

.PY>
Size: 3KB - Virtual size: 3KB

..N#
Size: 4.5MB - Virtual size: 4.5MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 2KB