8ec9f0807433b5a88c5640d10f20877763ef87045f1956e381df4ae48c9b174e

Sharing

Copy URL

Twitter E-mail

General

Target

8ec9f0807433b5a88c5640d10f20877763ef87045f1956e381df4ae48c9b174e
Size

180KB
MD5

c23678c96e31607b4bdd59c215cfd803
SHA1

209bc1ad5cd890bb18f0ba1f9b3f4213e75fbffe
SHA256

8ec9f0807433b5a88c5640d10f20877763ef87045f1956e381df4ae48c9b174e
SHA512

0c66640adbe3275c73a584b0867bf7b3ebbc9dcf52a8a9a5a6ea62c58913186ebb45d05f08f7a52f0ee86a5504752cb454c8a46faa119d3250b29d378cb3560b
SSDEEP

3072:6MXKDfAxQy/khwyXHHWagWAuODRuBNgc6jp9mdOvWrxpzbgqru:lXKkxQPhjHHMWA9DsYjp9mdOvuzbgwu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ec9f0807433b5a88c5640d10f20877763ef87045f1956e381df4ae48c9b174e

Files

8ec9f0807433b5a88c5640d10f20877763ef87045f1956e381df4ae48c9b174e
.exe windows:5 windows x86 arch:x86

a7f0007c8ce9f2d8fa1deb194b6a334d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\takuhemed\hufa81\domocimo60\lebi\jaj_doba.pdb

Imports

kernel32

HeapAlloc
LoadLibraryExW
EndUpdateResourceW
HeapFree
GetEnvironmentStringsW
SetConsoleScreenBufferSize
SetEvent
OpenSemaphoreA
GetTickCount
SetCommTimeouts
CreateActCtxW
Sleep
GetVersionExW
GetAtomNameW
GetMailslotInfo
GetModuleFileNameW
GetCPInfoExW
GetProcAddress
VirtualAlloc
LoadLibraryA
WriteConsoleA
LocalAlloc
BeginUpdateResourceA
SetEnvironmentVariableA
SetConsoleTitleW
EraseTape
GetProcessAffinityMask
Module32Next
DeleteAtom
FindActCtxSectionStringW
FindNextVolumeA
LCMapStringW
lstrcpyA
EncodePointer
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
GetLastError
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetCurrentThreadId
InterlockedDecrement
WideCharToMultiByte
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReadFile
RtlUnwind
SetFilePointer
CloseHandle
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
CreateFileA
SetStdHandle
FlushFileBuffers
HeapSize
LoadLibraryW
WriteConsoleW
GetStringTypeW
HeapReAlloc
SetEndOfFile
GetProcessHeap
CreateFileW

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fenuziv
Size: 1024B - Virtual size: 626B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7f0007c8ce9f2d8fa1deb194b6a334d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 6KB - Virtual size: 36KB

.fenuziv Size: 1024B - Virtual size: 626B

.rsrc Size: 51KB - Virtual size: 51KB

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 6KB - Virtual size: 36KB

.fenuziv
Size: 1024B - Virtual size: 626B

.rsrc
Size: 51KB - Virtual size: 51KB