fd6f2122563b4c87e8998cd167bdd4da7b32e58158ff5178b399bfe77885b997

Sharing

Copy URL

Twitter E-mail

General

Target

fd6f2122563b4c87e8998cd167bdd4da7b32e58158ff5178b399bfe77885b997
Size

165KB
MD5

2ba020c89f9104e77bc22393d8982407
SHA1

18e2a1d17628bbe93dfe6480bc2eefd69d62b422
SHA256

fd6f2122563b4c87e8998cd167bdd4da7b32e58158ff5178b399bfe77885b997
SHA512

1a38197edf095eaf4d0181420ef8d07a0cfd33b56d7001c8b5a162806a3b822a40d9fab159e5af3c6a57730a56be9e5b083ba7cf4be5b9181cd059e575daa8c5
SSDEEP

3072:BXCWvUNDbS/1+9FR4x4oWjL0HKGhlaEjhF2wTt7cX1genye8n:mns1+9FR4MQH2yY1Zy/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/387cf390c3c472cd5eefe6ce3fb01b188f67533f5540e421e0f02fb845fc526e

Files

fd6f2122563b4c87e8998cd167bdd4da7b32e58158ff5178b399bfe77885b997
.zip

Password: infected
387cf390c3c472cd5eefe6ce3fb01b188f67533f5540e421e0f02fb845fc526e
.exe windows:5 windows x86 arch:x86

0ca9b05a489def699a29df5061ef8fa2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\gigi\xadaxokixokiz-ximukeyo.pdb

Imports

kernel32

WriteProfileSectionA
GetNumaHighestNodeNumber
FindFirstVolumeA
FlushConsoleInputBuffer
HeapWalk
FindFirstChangeNotificationA
PulseEvent
GetNamedPipeHandleStateW
CompareFileTime
EnumResourceTypesA
EnumResourceNamesA
FillConsoleOutputCharacterW
GetTimeZoneInformation
TerminateThread
SignalObjectAndWait
GetVersionExW
VerifyVersionInfoA
SetEvent
FindNextFileA
CopyFileExW
BuildCommDCBAndTimeoutsA
GetConsoleOutputCP
GetCompressedFileSizeA
ReadConsoleOutputCharacterA
SetDefaultCommConfigW
VerLanguageNameA
_hread
GetCommConfig
WritePrivateProfileStructA
FreeEnvironmentStringsA
CreateTimerQueue
FindNextVolumeMountPointA
ResetWriteWatch
WriteConsoleInputA
SetComputerNameExW
FindAtomA
LoadResource
GetThreadPriority
CallNamedPipeW
BuildCommDCBAndTimeoutsW
VirtualProtect
GetModuleHandleA
LocalAlloc
GlobalUnfix
GetProfileSectionW
GetCommandLineA
InterlockedExchange
FindFirstChangeNotificationW
GetCalendarInfoA
ReleaseActCtx
OutputDebugStringW
FormatMessageA
SetDllDirectoryW
SetPriorityClass
WritePrivateProfileStringA
GetUserDefaultLangID
GlobalFix
GetVersionExA
HeapValidate
InterlockedCompareExchange
CopyFileA
GetLastError
SetCalendarInfoW
DebugBreak
SetConsoleTextAttribute
SetLastError
GetSystemWow64DirectoryW
GetStartupInfoW
DisconnectNamedPipe
GetComputerNameExW
GetPrivateProfileSectionNamesA
ContinueDebugEvent
InterlockedExchangeAdd
GetSystemWindowsDirectoryW
CopyFileW
GetOEMCP
GetPrivateProfileStringA
CreateActCtxA
GetConsoleAliasW
lstrlenA
ReadConsoleA
WriteConsoleA
GetPrivateProfileSectionNamesW
GlobalWire
FormatMessageW
GetSystemTimeAsFileTime
EnumCalendarInfoA
SetThreadIdealProcessor
EnumDateFormatsExW
VerSetConditionMask
CreateConsoleScreenBuffer
GetSystemWindowsDirectoryA
GetProfileStringW
CreateIoCompletionPort
AllocConsole
GlobalGetAtomNameW
GetNumaNodeProcessorMask
GetConsoleAliasExesLengthW
WriteConsoleInputW
CreateMailslotW
EnumDateFormatsA
GetCommState
SetThreadContext
GetSystemTimeAdjustment
_lwrite
_lopen
EnumSystemLocalesW
GetConsoleAliasExesLengthA
MoveFileA
GetWriteWatch
OpenSemaphoreW
GetPrivateProfileStringW
DeleteAtom
LoadLibraryW
WriteConsoleOutputCharacterA
TlsFree
GetProfileSectionA
CreateActCtxW
CreateJobSet
CancelDeviceWakeupRequest
AreFileApisANSI
OpenWaitableTimerA
OpenFileMappingA
SetProcessAffinityMask
GetConsoleAliasesLengthW
SetProcessShutdownParameters
PeekNamedPipe
FillConsoleOutputCharacterA
FindNextVolumeMountPointW
SetThreadPriority
InitAtomTable
AddAtomA
WriteConsoleOutputCharacterW
GetNumberFormatW
GetConsoleAliasExesA
GetBinaryTypeA
EnterCriticalSection
InitializeCriticalSection
GetCPInfoExW
LoadLibraryA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DeleteFileA
RaiseException
GetStartupInfoA
IsBadReadPtr
DeleteCriticalSection
LeaveCriticalSection
GetModuleFileNameW
GetProcAddress
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleHandleW
Sleep
InterlockedIncrement
InterlockedDecrement
ExitProcess
GetModuleFileNameA
WriteFile
GetStdHandle
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
TlsGetValue
TlsAlloc
TlsSetValue
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetACP
GetCPInfo
IsValidCodePage
RtlUnwind
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
WriteConsoleW
SetFilePointer
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
FlushFileBuffers
SetStdHandle
CloseHandle
CreateFileA

gdi32

GetBitmapBits

Sections

.text
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 42.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

0ca9b05a489def699a29df5061ef8fa2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

Sections

.text Size: 182KB - Virtual size: 181KB

.data Size: 71KB - Virtual size: 42.3MB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 85KB - Virtual size: 84KB

.text
Size: 182KB - Virtual size: 181KB

.data
Size: 71KB - Virtual size: 42.3MB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 85KB - Virtual size: 84KB