d5d304f7cc5265ded7d8ca91863dd32ac2f58ba2

Sharing

Copy URL

Twitter E-mail

General

Target

d5d304f7cc5265ded7d8ca91863dd32ac2f58ba2
Size

362KB
MD5

b51e8d9551b5ad2a7399146b23470db6
SHA1

d5d304f7cc5265ded7d8ca91863dd32ac2f58ba2
SHA256

bd58abfe0c844ca630156a8d6fc13931776e1352be365d7840c1358f40800a01
SHA512

18cb3bdfd043dcbbf707046f4deeb40128252c1d12bc8c31154d869cac8c964a6c46b4cfa4bf9060edf0642fca589703822cbd2b7f0716407c70fcc9960cf3a8
SSDEEP

6144:eTMH0FM6Mb008Jsp9z1Mw+/48QKTUZrZPTHsACne/kzwLZ:B0FM6MY08Jsp9zWO8QKurZP38k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5d304f7cc5265ded7d8ca91863dd32ac2f58ba2

Files

d5d304f7cc5265ded7d8ca91863dd32ac2f58ba2
.exe windows:5 windows x86 arch:x86

44e37c3e57142a1bf9ece9dbaaa4cd9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\sagemab\duticaj-zud-himarisas\tulofuvalunux51_zata.pdb

Imports

kernel32

InitializeSListHead
GetModuleHandleW
GetConsoleAliasesA
InitializeCriticalSection
LoadLibraryW
LeaveCriticalSection
lstrcpynW
GetModuleFileNameW
ReleaseActCtx
SetLastError
GetLongPathNameA
SetMailslotInfo
WriteProfileSectionA
SetFileAttributesA
WriteConsoleA
GetProcessWorkingSetSize
LocalAlloc
IsWow64Process
GetFileType
GetModuleFileNameA
EnumDateFormatsA
CreateIoCompletionPort
GetConsoleTitleW
VirtualProtect
GetShortPathNameW
FreeLibrary
MoveFileW
InterlockedIncrement
InterlockedDecrement
Sleep
DeleteCriticalSection
EnterCriticalSection
EncodePointer
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
GetLastError
HeapFree
RtlUnwind
HeapAlloc
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
HeapSize
GetProcAddress
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
RaiseException
WriteFile
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeW
MultiByteToWideChar
GetConsoleCP
GetConsoleMode
HeapReAlloc
SetStdHandle
LCMapStringW
WriteConsoleW
FlushFileBuffers
CreateFileW
CloseHandle

advapi32

ClearEventLogA

Sections

.text
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44e37c3e57142a1bf9ece9dbaaa4cd9a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Sections

.text Size: 300KB - Virtual size: 300KB

.data Size: 26KB - Virtual size: 59KB

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 300KB - Virtual size: 300KB

.data
Size: 26KB - Virtual size: 59KB

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 7KB - Virtual size: 6KB