3da207e9b649dce2596dcb3bf7c1572e1eeb205179b3a12f61e67932063359da

Sharing

Copy URL

Twitter E-mail

General

Target

3da207e9b649dce2596dcb3bf7c1572e1eeb205179b3a12f61e67932063359da
Size

120KB
MD5

8408e26da1eea274bc89ac9bae697653
SHA1

61ee9c27333bbceb5336e1a2c1bfeaacad01c740
SHA256

3da207e9b649dce2596dcb3bf7c1572e1eeb205179b3a12f61e67932063359da
SHA512

12ce16aca4d4b595c8c8c93bf8538732fff655087617d536ce92f5f27c4cdc918f6ca16dc3771b6a808e227a3feef940bf9202da8a0cbd220553fea95e27c242
SSDEEP

3072:Z9JgZ46AuFQP+IXzzcJvDRIN+oqwyu/5thnzSMxNeo:LufzWsJvDRINtqwyu/ZnHp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/521e6ab3da29cda2fc6399ac88289ed9762577ff4e9742a56ec89bf4521be6c1

Files

3da207e9b649dce2596dcb3bf7c1572e1eeb205179b3a12f61e67932063359da
.zip

Password: infected
521e6ab3da29cda2fc6399ac88289ed9762577ff4e9742a56ec89bf4521be6c1
.exe windows:5 windows x86 arch:x86

58cd8752d44bf0fb2f916edbc9f4624f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DosDateTimeToFileTime
CreateMutexW
SetFilePointer
WritePrivateProfileStructA
CopyFileExW
_llseek
SetUnhandledExceptionFilter
CreateJobObjectW
OpenSemaphoreA
SetTapeParameters
LocalFlags
FindNextVolumeMountPointA
WriteFile
SetProcessPriorityBoost
GetPriorityClass
ActivateActCtx
AddRefActCtx
LoadLibraryW
CopyFileW
GetPrivateProfileStructW
SetSystemTimeAdjustment
GetConsoleWindow
GetVersionExW
GetBinaryTypeA
TerminateProcess
IsDBCSLeadByte
lstrlenW
SetThreadPriority
GetNamedPipeHandleStateW
InterlockedExchange
SetCurrentDirectoryA
GetCurrentDirectoryW
SetLastError
GetProcAddress
GetConsoleDisplayMode
SetComputerNameA
EnterCriticalSection
LoadLibraryA
OpenThread
WriteConsoleA
LocalAlloc
BuildCommDCBAndTimeoutsW
SetConsoleDisplayMode
AddAtomW
BeginUpdateResourceA
PostQueuedCompletionStatus
GetTapeParameters
SetNamedPipeHandleState
WaitForMultipleObjects
SetEnvironmentVariableA
GetOEMCP
EnumDateFormatsA
FreeEnvironmentStringsW
EnumResourceNamesA
PurgeComm
_lopen
AreFileApisANSI
lstrcpyA
CloseHandle
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
GetLastError
MoveFileA
HeapFree
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapAlloc
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
ExitProcess
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetACP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetModuleHandleA
GetLocaleInfoW
SetStdHandle
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateFileA

winhttp

WinHttpConnect

Exports

Exports

_enough@4
_hellgate@4
_hiduk@8
_husaberg@4
_ssangyong@8
_yongfeng@4

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 39.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tufa
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rekozub
Size: 1024B - Virtual size: 741B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rupe
Size: 512B - Virtual size: 74B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

58cd8752d44bf0fb2f916edbc9f4624f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winhttp

Exports

Exports

Sections

.text Size: 134KB - Virtual size: 134KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 8KB - Virtual size: 39.4MB

.tufa Size: 1024B - Virtual size: 4KB

.rekozub Size: 1024B - Virtual size: 741B

.rupe Size: 512B - Virtual size: 74B

.rsrc Size: 21KB - Virtual size: 20KB

.text
Size: 134KB - Virtual size: 134KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 8KB - Virtual size: 39.4MB

.tufa
Size: 1024B - Virtual size: 4KB

.rekozub
Size: 1024B - Virtual size: 741B

.rupe
Size: 512B - Virtual size: 74B

.rsrc
Size: 21KB - Virtual size: 20KB