67825ff4d1324587b2da2ee15ef234d04614db834eafe76225fbeba1266898ef

Sharing

Copy URL

Twitter E-mail

General

Target

67825ff4d1324587b2da2ee15ef234d04614db834eafe76225fbeba1266898ef
Size

182KB
MD5

1a0dd17e7931a344d630e2b74017750f
SHA1

cda69db7acd6b18a531a7951795dce98e7d61e27
SHA256

67825ff4d1324587b2da2ee15ef234d04614db834eafe76225fbeba1266898ef
SHA512

b741511f8470dacae52274f5b14ec80ecb87bc0d8b711212f0accd7bb6c2dd95ed59bc31f351ff7873d780d5fb250ff4d297a9e972d9adef0ebbdf40e41354a3
SSDEEP

3072:EYuLsetrKNf6zrM5Lw4hKpMFsEIV4JWrxpzbgqruXhs7sxkgaBChU+k2:EYuLs0sf6z+wiKQuzbgwu6Qigak

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
67825ff4d1324587b2da2ee15ef234d04614db834eafe76225fbeba1266898ef

Files

67825ff4d1324587b2da2ee15ef234d04614db834eafe76225fbeba1266898ef
.exe windows:5 windows x86 arch:x86

d541639438edf94a0fdd982ab363141c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\xahohef60\dotawafopogi\wiyupetutobore\78\citodiva.pdb

Imports

kernel32

PulseEvent
HeapCompact
WriteConsoleInputW
GetLocaleInfoA
LoadResource
GetConsoleAliasA
CompareFileTime
WaitForSingleObject
EnumCalendarInfoExW
GetConsoleAliasesA
ConvertFiberToThread
GetProcessHandleCount
MapUserPhysicalPagesScatter
GetWriteWatch
GetConsoleFontSize
GetHandleInformation
GetProcAddress
VirtualAlloc
DisableThreadLibraryCalls
LoadLibraryA
LocalAlloc
CreateHardLinkW
WaitForMultipleObjects
EndUpdateResourceA
GetVersionExA
MultiByteToWideChar
GetStartupInfoW
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetLastError
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
Sleep
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zaj
Size: 1024B - Virtual size: 626B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.juj
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d541639438edf94a0fdd982ab363141c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 66KB - Virtual size: 65KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 3.9MB

.zaj Size: 1024B - Virtual size: 626B

.juj Size: 1024B - Virtual size: 624B

.rsrc Size: 95KB - Virtual size: 94KB

.text
Size: 66KB - Virtual size: 65KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 3.9MB

.zaj
Size: 1024B - Virtual size: 626B

.juj
Size: 1024B - Virtual size: 624B

.rsrc
Size: 95KB - Virtual size: 94KB