dfb357dbf654ddbfba371764c3f366f8a8c26f8f53fd93bf1bb71d06391d437d

Sharing

Copy URL

Twitter E-mail

General

Target

dfb357dbf654ddbfba371764c3f366f8a8c26f8f53fd93bf1bb71d06391d437d
Size

643KB
MD5

4e836f5f7fcd41893dc32a1b99f41838
SHA1

64da6e2f95dffdaf7d147409033db90ccc5a17e0
SHA256

dfb357dbf654ddbfba371764c3f366f8a8c26f8f53fd93bf1bb71d06391d437d
SHA512

65a4b53f3ed6bfc03d6f9943f50a600fd91ac22fb99562d04fdf190aa7f48f3072f3b9ed7579d084b35c8c6a254e62f72056f35344bb6ad08dea54763fdb747d
SSDEEP

12288:kE26B9+Ws/1K5mM1TceerFVNaI75gZInQi8r/pf:kE26YZAAM5C1guQi8r/F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfb357dbf654ddbfba371764c3f366f8a8c26f8f53fd93bf1bb71d06391d437d

Files

dfb357dbf654ddbfba371764c3f366f8a8c26f8f53fd93bf1bb71d06391d437d
.exe windows:5 windows x86 arch:x86

c89fa0fbb6dd19b6f87e76ed81a7fac4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\gorelinosupo_xozonekike difagiwako-cipecugi-xevokilenifejubojoye.pdb

Imports

kernel32

CreateJobObjectA
SetProcessPriorityBoost
WriteConsoleW
GetVolumeInformationA
GetSystemPowerStatus
DeleteVolumeMountPointW
Sleep
GetDefaultCommConfigW
CreateMutexW
GetStdHandle
InterlockedDecrement
GetSystemTimeAdjustment
FileTimeToSystemTime
GetNamedPipeHandleStateA
CallNamedPipeW
EnumResourceNamesW
BuildCommDCBAndTimeoutsA
EnterCriticalSection
DebugSetProcessKillOnExit
EnumTimeFormatsW
TlsSetValue
GetACP
WriteFile
GetCurrentActCtx
ReleaseActCtx
AddRefActCtx
GetHandleInformation
VerifyVersionInfoA
GetVersionExA
FreeLibrary
LoadLibraryExW
GetComputerNameW
CommConfigDialogA
BuildCommDCBAndTimeoutsW
VirtualProtect
lstrcatA
LoadLibraryA
LocalAlloc
SetEndOfFile
CancelWaitableTimer
GetCurrentDirectoryW
GetCommMask
HeapSize
RaiseException
GetBinaryTypeA
GlobalSize
SetConsoleMode
GetLargestConsoleWindowSize
MoveFileW
SetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
WriteConsoleInputW
OpenMutexW
GetThreadContext
AddAtomA
FindVolumeMountPointClose
SetSystemTime
GetCommandLineW
SetLocalTime
GetLastError
GetSystemTimeAsFileTime
DisconnectNamedPipe
SetConsoleCursorInfo
TerminateProcess
GetFileAttributesW
SetLastError
lstrlenA
CompareStringW
CompareStringA
DeleteFileA
RtlUnwind
GetCommandLineA
GetStartupInfoA
HeapFree
HeapAlloc
LeaveCriticalSection
SetHandleCount
GetFileType
DeleteCriticalSection
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsFree
InterlockedIncrement
GetCurrentThreadId
GetCurrentThread
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
FatalAppExitA
VirtualAlloc
HeapReAlloc
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetOEMCP
IsValidCodePage
MultiByteToWideChar
SetConsoleCtrlHandler
InterlockedExchange
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
ReadFile
SetFilePointer
GetLocaleInfoW
CloseHandle
WriteConsoleA
GetConsoleOutputCP
SetStdHandle
GetTimeZoneInformation
CreateFileA
SetEnvironmentVariableA

user32

GetComboBoxInfo

Exports

Exports

_lifan@8

Sections

.text
Size: 434KB - Virtual size: 434KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jeweg
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 193B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nusejuv
Size: 1024B - Virtual size: 741B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tohe
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c89fa0fbb6dd19b6f87e76ed81a7fac4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 434KB - Virtual size: 434KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 11KB - Virtual size: 4.0MB

.jeweg Size: 512B - Virtual size: 1B

.tls Size: 512B - Virtual size: 193B

.nusejuv Size: 1024B - Virtual size: 741B

.tohe Size: 512B - Virtual size: 1B

.rsrc Size: 19KB - Virtual size: 19KB

.text
Size: 434KB - Virtual size: 434KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 11KB - Virtual size: 4.0MB

.jeweg
Size: 512B - Virtual size: 1B

.tls
Size: 512B - Virtual size: 193B

.nusejuv
Size: 1024B - Virtual size: 741B

.tohe
Size: 512B - Virtual size: 1B

.rsrc
Size: 19KB - Virtual size: 19KB