e08c2cb74bd4a1896f54752d2d391ce4b46d7b29b32cafaa6345afb6959adb51N

Sharing

Copy URL

Twitter E-mail

General

Target

e08c2cb74bd4a1896f54752d2d391ce4b46d7b29b32cafaa6345afb6959adb51N
Size

92KB
MD5

28b9083c7dcc6df1562df5b8e617f6f0
SHA1

01da8edbac1c0e46d6b44528289f7b47a83a6a51
SHA256

e08c2cb74bd4a1896f54752d2d391ce4b46d7b29b32cafaa6345afb6959adb51
SHA512

2190e995a704aaabe4947fd27dc5d3d37becef633cf71b36becd16aeeb1440f240a899e57b56f08239deaced3f31af59b536cd3ce6605720596448c5816511c9
SSDEEP

1536:/J+K/fyiAdJ2FdKhSxcBSMw5MXkV1kIIs5PfjerVPFmAU0eK+OwcukuONVQCth:wK/f/ATgsSxqwiUjIiXjerVPFmAU0eza

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e08c2cb74bd4a1896f54752d2d391ce4b46d7b29b32cafaa6345afb6959adb51N

Files

e08c2cb74bd4a1896f54752d2d391ce4b46d7b29b32cafaa6345afb6959adb51N
.exe windows:11 windows x86 arch:x86

be1b19a99817bfd36cee97f4b3d13942

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\Master\Slack\reffer.pdb

Imports

shlwapi

ChrCmpIW
StrCatBuffW
UrlIsOpaqueW
ord29
UrlGetPartA
StrCmpLogicalW

user32

DestroyAcceleratorTable
MapDialogRect

kernel32

GetProfileIntW
lstrcpyA

Exports

Exports

?ValidateDialogOriginalPAFPAEPAHMD
?IsRectOriginalPAKPAMPADN
?CopyDeviceExWJGPAMEI
?FreeTextOldMKEMN
?CancelMediaTypeOriginalHMPAE
?InstallTimerWJKJJ
?KillEventNewDEIJ
?PutComponentExAJ_NPADPAD
?InvalidateWindowAHGPAD
?CrtPathOldJMPAEJPAM
?FindPathWXPA_NMM
?KillCommandLineExAPAMMI
?InstallTextOriginalPAMPAEMFK
?ValidateDateExWEEHIPAE
?OnTaskGMPAIPAJ
?CrtTimerHPAEPAN
?InvalidateKeyboardOldXEM
?OnArgumentPAKH
?KillMutexExDPAIH
?CopyDateNewPAXPAJ
?CancelSystemOriginalPAHPADFGI
?KillEventWXPAIK
?IsDirectoryExAEPAHII
?AddModuleOldHJKPAJPAK
?CloseProjectExMIMF
?RemoveFullNameExAPAFHDK
?LoadDataOriginalHGHJPAI
?SemaphoreAPAXJ
?SetCharExAPAJI
?RemoveDateTimeAXPADF
?InvalidateTimerOriginalPAGFDPAD
?HideOptionAPAXPAHJPAN
?FormatTimeAPA_NMJEM
?FindPenExWGPAMGI
?FormatOptionPAXMIPAFK
?InstallArgumentWIFGPAJPAG
?SetDevicePAJI
?CloseWindowExID
?ValidateWindowExWKF
?AddComponentOriginalIPAI
?PutScreenOriginalKK
?ModifyPointJPAHFPAEE
?RemoveMediaTypeExXNPADPAHPA_N
?CloseEventOriginalJIIG
?FreeObjectExAPAGJEF
?FindPointerExAPAIPAF
?SendDateTimeOldPAMEJH
?RemoveExpressionExPAMKDPAMG
?FormatFullNameIPADPAHFPAI
?LoadPenExHMF
?CrtModuleExXE
?FormatDialogExWJJ
?FreePointerExDJJPAJ
?FreeWindowOldGPAKPADMH
?CrtScreenWKEPAE
?InsertDataWFEKE
?IsNotSectionKN
?RemoveOptionExWPAEGN
?ShowFilePathPANJF
?GlobalTextOldFPAEPAE
?IsMonitorNewPAXK
?DeleteClassExEKMFPAI
?CallTimerWXENFPAK
?LoadFullNameHPA_NKPAEG
?AddProjectOriginal_NPAE
?CallExpressionOriginalPAHJPADI
?ModifyHeaderWPAFMKPAMD
?CopyMonitorExAPAXGK
?IsNotValueExWNGPAJ
?OnMessageOriginalPAGNH
?CloseMemoryOriginalGF
?FreeListExAEDHIG
?IncrementStateOriginalPAEKPAIPAKPAE
?CloseAppNameExWPAXGPADHPAK
?RtlOptionAPAFPAHHJ
?LoadWindowInfoExWNPAED
?FormatHeightOldIPAFMG
?GlobalMonitorExADPA_N_NPAN
?InstallEventOldPA_NMMIPAJ
?CancelEventWGPADDEK
?RemovePointExAPA_NPAJ
?IncrementFilePathExWHJI
?ValidateMessageAX_N
?GlobalProjectWXPAE
?CancelArgumentExWPAHPAK
?CrtClassIF
?ValidateEventPAFFEDK
?FreePenW_NPAD
?CopyTimerOldNN
?RtlComponentExXPAEEPAH
?InsertNameGMI
?CrtDataWPAEIK
?IsValidWindowInfoExPAJKF
?ShowDeviceExAM_N
?TestingServ@@YGXUtest@CA7
?ProjectWDPAD
?LoadProjectOldNHJ
?SetProjectOriginalKKGPAG_N
?HidePenOriginalHGE
?AddProcessExAPAMDG
?HideDialogExPAMKPAG
?IncrementDateNewMIPAI
?ModifyPointWMPAD
?FreeAppNameAX_NDJPAE
?RemoveDateExWPAHPAHH
?DeleteScreenExWPAHGD
?FindMonitorExAFNKPAH
?InstallRectNewJPAK
?CrtSizeOriginalJPAMKFJ
?GetSemaphoreNewHPAEDHI
?IsEventAXPAM
?ModifyFullNameExWKEPAGPAF
?GetKeyboardAIKPAJPAJM
?AddHeightOriginalKK
?IsValidSemaphoreEx_NHIPANJ
?InstallListOldKJID
?PutWidthOriginalNDPAF
?FormatListNewED
?InsertTimerExWDPAIPAEM
?CallPointExPAFNKF
?GlobalAppNameWPAHEPAFPAI
?OnScreenExPAKPAGKID
?InstallFolderPathAPAXJ
?InvalidateMessageOldKPAJPAJDH
?GlobalPointerOriginalHPAGPAG
?CrtPenExAXPAGDHF
?IsSemaphoreAPAIPAGDK
?IsValidFileAPAMPAD
?InsertExpressionOldPADPANE
?InsertRectXPAKEJ
?ModifyFileExWPADEDPAJ
?CancelFunctionNewPADKPAM
?IsValidMutexExPAFFK
?PutConfigMPAE
?InsertKeyboardOldPAINF
?OnAppNameExAKPAD
?AddKeyboardWPAGNPAJ
?InstallTaskNewE_N_N_NPAE
?FindDirectoryExGPADHPAIPAD
?CloseProcessNewXPAH
?PutMemoryOriginalG_NMPAMK
?FreeDateTimeOldPADID
?DecrementListItemOriginalDD
?GlobalComponentExXPAMPAD
?CrtMutantExWPAHPAMPAFPAKM
?CallAppNameExPAXPAND
?CopyFunctionKF
?SemaphoreExAXPAKG
?RemoveWidthGE
?PutVersionExAJJPAHF
?IsNotFilePathExWPADPADJK

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jeep
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rase
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cold
Size: 512B - Virtual size: 51B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imode
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mode
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.heso
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.snap
Size: 512B - Virtual size: 471B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bost
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vort
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.defo
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be1b19a99817bfd36cee97f4b3d13942

Headers

File Characteristics

PDB Paths

Imports

shlwapi

user32

kernel32

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 27KB

.data Size: 3KB - Virtual size: 31KB

.jeep Size: 5KB - Virtual size: 4KB

.rase Size: 512B - Virtual size: 128B

.cold Size: 512B - Virtual size: 51B

.imode Size: 512B - Virtual size: 316B

.mode Size: 512B - Virtual size: 64B

.heso Size: 512B - Virtual size: 64B

.snap Size: 512B - Virtual size: 471B

.bost Size: 9KB - Virtual size: 9KB

.vort Size: 9KB - Virtual size: 9KB

.defo Size: 14KB - Virtual size: 14KB

.reloc Size: 11KB - Virtual size: 11KB

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 27KB - Virtual size: 27KB

.data
Size: 3KB - Virtual size: 31KB

.jeep
Size: 5KB - Virtual size: 4KB

.rase
Size: 512B - Virtual size: 128B

.cold
Size: 512B - Virtual size: 51B

.imode
Size: 512B - Virtual size: 316B

.mode
Size: 512B - Virtual size: 64B

.heso
Size: 512B - Virtual size: 64B

.snap
Size: 512B - Virtual size: 471B

.bost
Size: 9KB - Virtual size: 9KB

.vort
Size: 9KB - Virtual size: 9KB

.defo
Size: 14KB - Virtual size: 14KB

.reloc
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 7KB - Virtual size: 6KB