d165f663ee8d31884a830c1e3146a53a8e9506f7b58e519d8c07faeebbdb88d8

Sharing

Copy URL

Twitter E-mail

General

Target

d165f663ee8d31884a830c1e3146a53a8e9506f7b58e519d8c07faeebbdb88d8
Size

137KB
MD5

1d1f0c8ef27c19cde0e45d00755c6495
SHA1

c9fcfbadcf5b9a6d99773b73a9706c9820284244
SHA256

d165f663ee8d31884a830c1e3146a53a8e9506f7b58e519d8c07faeebbdb88d8
SHA512

6db105db0f0ecf03218992ab1157f33623b169e48236f6513b3aec4f7a179629c5edabb90c9049df370fcc56c6522499c0b1e68ae681c4dad8f9c8c1c37a208c
SSDEEP

3072:xL7CUF3lUeqFN96E+j40zFdS0MSku/WPIqPQ4VaDSR8I+XQGmcRwQ36Wukya:xXC0lREd0zfS0Cu/UoDSR9h83us

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/18b17b46296ef972416a56e2155784e72846331523c812036f12d24d3a046bed.exe

Files

d165f663ee8d31884a830c1e3146a53a8e9506f7b58e519d8c07faeebbdb88d8
.zip

Password: infected
18b17b46296ef972416a56e2155784e72846331523c812036f12d24d3a046bed.exe
.exe windows:5 windows x86 arch:x86

3f93d4b66fe1e5d50a0e9327e285a2a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\kakivape\yirifuducena\jemab.pdb

Imports

kernel32

GetConsoleAliasA
GetModuleHandleA
CreateDirectoryExW
ReadConsoleInputA
GetTempPathW
GetSystemDirectoryW
RemoveDirectoryA
OutputDebugStringA
GetProcAddress
LocalAlloc
ExitThread
GetCurrentProcess
RtlCaptureContext
InterlockedCompareExchange
GetFileTime
lstrcatA
GetBinaryTypeA
SearchPathW
AddConsoleAliasW
SetProcessPriorityBoost
EndUpdateResourceA
FindNextFileA
FindFirstVolumeA
LocalShrink
GlobalFlags
_llseek
UpdateResourceA
CreateActCtxW
CopyFileW
FindFirstFileW
FreeEnvironmentStringsW
SetErrorMode
InterlockedIncrement
MoveFileWithProgressA
GetTickCount
SetLastError
GetPrivateProfileStructA
VerifyVersionInfoW
LoadLibraryA
GetLastError
HeapReAlloc
HeapAlloc
DeleteFileA
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapCreate
VirtualFree
VirtualAlloc
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RaiseException
InitializeCriticalSectionAndSpinCount
RtlUnwind
WideCharToMultiByte
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
HeapSize
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA

gdi32

SetBrushOrgEx

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

3f93d4b66fe1e5d50a0e9327e285a2a8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

Sections

.text Size: 82KB - Virtual size: 81KB

.data Size: 70KB - Virtual size: 179KB

.rsrc Size: 57KB - Virtual size: 57KB

.text
Size: 82KB - Virtual size: 81KB

.data
Size: 70KB - Virtual size: 179KB

.rsrc
Size: 57KB - Virtual size: 57KB