e6d90fe0502b181ce4bc9454592569dd809bb61119b7dd718f18018db3444376

Sharing

Copy URL

Twitter E-mail

General

Target

e6d90fe0502b181ce4bc9454592569dd809bb61119b7dd718f18018db3444376
Size

214KB
MD5

05e554119acb1947833d288d2984c5be
SHA1

f4330f12a27a309f9546afc3ce823b492d50ba11
SHA256

e6d90fe0502b181ce4bc9454592569dd809bb61119b7dd718f18018db3444376
SHA512

2003dd9ee9bde51478bc8a53d6c0fb7cf62db058d22e6ec2bbeec6ec11066a6596bee0c5e95925a528d7fd78cdc929c8feabc5da3b925520f5d34222e6bfdba2
SSDEEP

3072:CrybLZMemmOgdmCBj6SJfD8ayFz5aUMFW91:N65mTYejHaaU1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e6d90fe0502b181ce4bc9454592569dd809bb61119b7dd718f18018db3444376

Files

e6d90fe0502b181ce4bc9454592569dd809bb61119b7dd718f18018db3444376
.exe windows:5 windows x86 arch:x86

b471f66f529ea60c2175c0f1ceeacebb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DebugActiveProcess
SetProcessAffinityMask
SetVolumeLabelA
SetDefaultCommConfigA
GetNumaProcessorNode
GetConsoleAliasExesLengthA
CallNamedPipeA
InterlockedIncrement
MoveFileExW
GetConsoleAliasA
GlobalSize
GetEnvironmentStringsW
GlobalLock
GetModuleHandleW
GetTickCount
FormatMessageA
GetConsoleMode
GetLocaleInfoW
GetSystemWow64DirectoryW
GetStringTypeExW
HeapDestroy
GetFileAttributesA
GetTimeFormatW
SetConsoleCursorPosition
GetModuleFileNameW
GetACP
GetStartupInfoW
GetStdHandle
GetLogicalDriveStringsA
ReadConsoleOutputCharacterA
GetProcAddress
MoveFileW
VirtualAllocEx
BuildCommDCBW
LoadLibraryA
InterlockedExchangeAdd
OpenWaitableTimerW
LocalAlloc
SetCommMask
FindAtomA
SetNamedPipeHandleState
OpenFileMappingW
FreeEnvironmentStringsW
PurgeComm
GetVersionExA
LocalFileTimeToFileTime
CreateFileA
CloseHandle
WriteConsoleW
GetConsoleOutputCP
MultiByteToWideChar
HeapAlloc
GetLastError
HeapReAlloc
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedDecrement
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapFree
VirtualFree
VirtualAlloc
HeapCreate
Sleep
ExitProcess
WriteFile
GetModuleFileNameA
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
WideCharToMultiByte
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetFilePointer
GetConsoleCP
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetModuleHandleA

ole32

CoTaskMemAlloc

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 39.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b471f66f529ea60c2175c0f1ceeacebb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

Sections

.text Size: 122KB - Virtual size: 121KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 19KB - Virtual size: 39.0MB

.rsrc Size: 63KB - Virtual size: 63KB

.text
Size: 122KB - Virtual size: 121KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 19KB - Virtual size: 39.0MB

.rsrc
Size: 63KB - Virtual size: 63KB