e9f9520730b84d5cc98515f1703365ef4ac0f92d10daa0b2cd8d443445571538

Sharing

Copy URL Twitter E-mail

General

Target

e9f9520730b84d5cc98515f1703365ef4ac0f92d10daa0b2cd8d443445571538
Size

1.2MB
MD5

4c3fdeac5c4b8418ea81e04652285ff5
SHA1

7666a7e58b0a2b6c6225be3c766e0ce61ebddeb2
SHA256

e9f9520730b84d5cc98515f1703365ef4ac0f92d10daa0b2cd8d443445571538
SHA512

57a0acb20f2e10d73ccef169d038c3d4a0b18223916ae7b52dd237c8d078fd7184fa5838338523703f04b5dcae03360e8f0408072f4345d28336b6c54c9d0616
SSDEEP

12288:NWPDwLDAptNyvUgXZ32dT4ePc7N29Cxs5+j2QNbxf53nHVoTOyEx:NAPNyBo4kx929bL3Hnx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e9f9520730b84d5cc98515f1703365ef4ac0f92d10daa0b2cd8d443445571538

Files

e9f9520730b84d5cc98515f1703365ef4ac0f92d10daa0b2cd8d443445571538
.exe windows:6 windows x64 arch:x64

d97db58fc8305414c9a78d599088b6e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libwebpdemux

WebPDemuxGetI
WebPDemuxReleaseChunkIterator
WebPDemuxDelete
WebPDemuxInternal
WebPDemuxGetChunk

libwebp

WebPPictureHasTransparency
WebPConfigInitInternal
WebPConfigLosslessPreset
WebPValidateConfig
WebPMemoryWriterInit
WebPFree
WebPMemoryWriterClear
WebPMalloc
WebPPictureImportBGRA
WebPMemoryWrite
WebPPictureInitInternal
WebPPictureAlloc
WebPPictureFree
WebPPictureCopy
WebPPictureDistortion
WebPPictureView
WebPPictureRescale
WebPPictureYUVAToARGB
WebPGetEncoderVersion
WebPBlendAlpha
WebPEncode
WebPPictureImportRGB
WebPPictureImportRGBA
WebPFreeDecBuffer
WebPPictureImportBGR
WebPDecode
WebPGetFeaturesInternal
WebPInitDecoderConfigInternal

ole32

CoCreateInstance
CoInitialize
CreateStreamOnHGlobal

shlwapi

SHCreateStreamOnFileA

kernel32

IsDebuggerPresent
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalAlloc
GlobalUnlock
GlobalLock
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetModuleHandleW

vcruntime140

__C_specific_handler
memset
memcpy
strchr

api-ms-win-crt-stdio-l1-1-0

feof
__p__commode
_set_fmode
_fileno
_setmode
ftell
__acrt_iob_func
fclose
fopen
fputc
fwrite
__stdio_common_vfprintf
fread
fseek
ferror

api-ms-win-crt-string-l1-1-0

strncmp
strcmp

api-ms-win-crt-heap-l1-1-0

calloc
free
_set_new_mode
malloc
realloc

api-ms-win-crt-convert-l1-1-0

strtoul
strtod

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_initialize_narrow_environment
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_get_initial_narrow_environment
_exit
exit
_initterm_e
_initterm
_seh_filter_exe

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d97db58fc8305414c9a78d599088b6e4

Headers

DLL Characteristics

File Characteristics

Imports

libwebpdemux

libwebp

ole32

shlwapi

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1.2MB - Virtual size: 1.2MB