1023fd71dd03144d53a2f27ed8042a11e846a6cfeded2cd418290b91631ed7f2

Sharing

Copy URL

Twitter E-mail

General

Target

1023fd71dd03144d53a2f27ed8042a11e846a6cfeded2cd418290b91631ed7f2
Size

221KB
MD5

20c9dd06975042983be9eefa9bcb0e9f
SHA1

415e4240596d0093bdc9cdfcdefaf2ab3afa494d
SHA256

1023fd71dd03144d53a2f27ed8042a11e846a6cfeded2cd418290b91631ed7f2
SHA512

7d16b759fb203ea29a02f82f8016925cdc08c9888a5ab54cec648a5dff3fa8f82e9cbf0b3f61c29592353ca738b27657166a317abfbd32d35323d20d6866fabd
SSDEEP

3072:5FsvbkUZrLnLT1jLf6XbevvUNtZXRPqUIHr2IVddboOnEu89Tu+hG:SnrTLTJGrOvUNnl3IHr2I7Jqu895E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/42f569feb9d6fc7561953999288ab6241dd8825c1a9ba2e7f268d5f47c612da8.exe

Files

1023fd71dd03144d53a2f27ed8042a11e846a6cfeded2cd418290b91631ed7f2
.zip

Password: infected
42f569feb9d6fc7561953999288ab6241dd8825c1a9ba2e7f268d5f47c612da8.exe
.exe windows:5 windows x86 arch:x86

6ce2e56297aa247080650722507bc95b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
GetConsoleAliasesLengthW
MoveFileExA
BuildCommDCBAndTimeoutsA
DeleteVolumeMountPointA
InterlockedIncrement
GetConsoleAliasA
SetDefaultCommConfigW
GetProfileStringW
SetComputerNameW
GetComputerNameW
FlushConsoleInputBuffer
OpenSemaphoreA
BackupSeek
FreeEnvironmentStringsA
_lclose
_lcreat
GetModuleHandleW
CreateNamedPipeW
GetWindowsDirectoryA
EnumTimeFormatsW
GetUserDefaultLangID
GetDriveTypeA
OpenProcess
GlobalAlloc
GetPrivateProfileIntA
SetFileShortNameW
LoadLibraryW
GetPrivateProfileStructW
GetConsoleAliasExesLengthW
TransactNamedPipe
GetTimeFormatW
TerminateProcess
GetOverlappedResult
GetShortPathNameA
GetNamedPipeHandleStateW
GetStartupInfoA
GetLastError
SetLastError
GetProcAddress
HeapSize
_hwrite
OpenWaitableTimerA
MoveFileA
SetConsoleCtrlHandler
FindNextFileA
GetModuleHandleA
UpdateResourceW
FreeEnvironmentStringsW
CreateMailslotA
GetStringTypeW
GetCurrentDirectoryA
FatalAppExitA
GetShortPathNameW
FindFirstVolumeA
ReadConsoleInputW
DeleteFileW
CloseHandle
ReadFile
WriteConsoleW
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
HeapAlloc
HeapReAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapFree
RtlUnwind
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcess
ExitProcess
WriteFile
GetModuleFileNameW
HeapCreate
SetFilePointer
RaiseException
GetModuleFileNameA
WideCharToMultiByte
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
LCMapStringW
CreateFileW

user32

CharUpperA
CharUpperBuffW

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 166KB - Virtual size: 32.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

6ce2e56297aa247080650722507bc95b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 162KB - Virtual size: 161KB

.data Size: 166KB - Virtual size: 32.3MB

.rsrc Size: 18KB - Virtual size: 18KB

.text
Size: 162KB - Virtual size: 161KB

.data
Size: 166KB - Virtual size: 32.3MB

.rsrc
Size: 18KB - Virtual size: 18KB