623587ed0d43d6dd6fd9dd93d632722df1f8b217

Sharing

Copy URL

Twitter E-mail

General

Target

623587ed0d43d6dd6fd9dd93d632722df1f8b217
Size

261KB
MD5

71f991391d6e71dbc7aa00ea8460a29d
SHA1

623587ed0d43d6dd6fd9dd93d632722df1f8b217
SHA256

9f2f9e8b9a0f30c47e9f33be828338020ad47af9a8b2b943cf7594a0e63dbcea
SHA512

54a556822ab6be93bb70bca8656ea74c8e378e88a2e1eca8c2ede52f1e03744bb405a1d3dbe0ce0f0599f4909c1c5d82a1c4f3a09917e9acd677121a93d92396
SSDEEP

6144:izvCUwbvILuzv6Lsb1Vizb68aVGDUaZ7H08MnLYy:iWdvIqz6Lsb1MujGwm7U8MnLY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
623587ed0d43d6dd6fd9dd93d632722df1f8b217

Files

623587ed0d43d6dd6fd9dd93d632722df1f8b217
.exe windows:5 windows x86 arch:x86

3b1460c086d18e8083905953059d9e3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\gukametujuxu48-liyecizihap-vepe.pdb

Imports

kernel32

GetNamedPipeHandleStateW
CreateIoCompletionPort
FillConsoleOutputCharacterW
SetThreadAffinityMask
GetExitCodeProcess
GetCurrentProcessId
GetVersionExA
EnumDateFormatsExW
FindNextFileW
CopyFileExW
BuildCommDCBAndTimeoutsA
DebugSetProcessKillOnExit
WriteProfileStringW
WritePrivateProfileStructA
FindFirstChangeNotificationA
MapViewOfFileEx
CreateTimerQueue
FindNextVolumeMountPointA
SetVolumeMountPointA
GetWriteWatch
ReadConsoleInputA
SetComputerNameExW
GetTimeZoneInformation
GetSystemDirectoryA
GetDriveTypeW
LoadLibraryA
GlobalAlloc
VerifyVersionInfoW
GetBinaryTypeA
ReleaseActCtx
InterlockedExchangeAdd
FormatMessageW
SetDllDirectoryA
WritePrivateProfileStringA
GetConsoleAliasesLengthW
GetProcessHeaps
OpenWaitableTimerW
UnlockFile
InterlockedIncrement
GetStartupInfoW
GetSystemWow64DirectoryW
SetLastError
GetConsoleAliasExesW
WaitForDebugEvent
EndUpdateResourceW
GetLastError
GetSystemTime
SetDefaultCommConfigW
VirtualFree
GlobalUnfix
GetSystemWindowsDirectoryW
CopyFileA
TerminateThread
GetACP
FindAtomA
HeapUnlock
GetMailslotInfo
EnterCriticalSection
GetConsoleAliasW
_lwrite
GetOverlappedResult
CreateNamedPipeA
InterlockedDecrement
SetSystemTimeAdjustment
DefineDosDeviceW
GetAtomNameW
SetConsoleScreenBufferSize
EnumResourceTypesA
lstrlenW
LoadLibraryW
WriteConsoleA
VirtualProtect
GetModuleHandleW
ReadConsoleOutputA
GetThreadContext
BuildCommDCBW
AddRefActCtx
GetStringTypeW
WritePrivateProfileStringW
GetFileAttributesW
GetVolumePathNameA
MoveFileA
GetCommMask
CloseHandle
EndUpdateResourceA
GetNamedPipeInfo
AttachConsole
GlobalGetAtomNameW
SetComputerNameA
GetConsoleAliasesA
WriteConsoleInputW
CreateMailslotW
TzSpecificLocalTimeToSystemTime
SetLocalTime
GetStringTypeA
EnumSystemLocalesW
CallNamedPipeA
GetConsoleAliasExesLengthW
CopyFileExA
GetPrivateProfileIntA
GetModuleHandleExW
FindActCtxSectionStringA
GetTickCount
OpenWaitableTimerA
GlobalWire
FillConsoleOutputCharacterA
GetCompressedFileSizeW
SetThreadPriority
FreeUserPhysicalPages
WriteConsoleOutputCharacterW
EnumDateFormatsA
TerminateJobObject
CreateFileW
GetDateFormatA
CreateActCtxA
FindNextVolumeA
Sleep
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwind
WideCharToMultiByte
HeapValidate
IsBadReadPtr
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
GetOEMCP
GetCPInfo
IsValidCodePage
SetStdHandle
GetFileType
WriteFile
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetStartupInfoA
QueryPerformanceCounter
GetSystemTimeAsFileTime
ExitProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
HeapDestroy
HeapCreate
HeapFree
GetModuleFileNameA
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
FlushFileBuffers
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetConsoleOutputCP
SetFilePointer
CreateFileA

advapi32

ImpersonateSelf

Sections

.text
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b1460c086d18e8083905953059d9e3d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Sections

.text Size: 157KB - Virtual size: 156KB

.data Size: 67KB - Virtual size: 318KB

.rsrc Size: 36KB - Virtual size: 35KB

.text
Size: 157KB - Virtual size: 156KB

.data
Size: 67KB - Virtual size: 318KB

.rsrc
Size: 36KB - Virtual size: 35KB