2d585f1dfae193aa75db1ef0425369d74d99ff3368c251be14b2c7da9ac6c90e

Sharing

Copy URL

Twitter E-mail

General

Target

2d585f1dfae193aa75db1ef0425369d74d99ff3368c251be14b2c7da9ac6c90e
Size

132KB
MD5

56734e24488402970159e1efcf622dd5
SHA1

0362922dd3cb5bc18e8c46a2af12c9a7d3abab1d
SHA256

2d585f1dfae193aa75db1ef0425369d74d99ff3368c251be14b2c7da9ac6c90e
SHA512

bc240ecd8c443699f0f790154e3f771f88d0c9223a5b0fcdf390fa65856819d546ff117f697436581798ec0f8f51904b33608281c95318bda87abe12ccf97bbb
SSDEEP

3072:rzkefle3HGeg+JENu3BJI2r57g/y/PRJQJF4O1VmVwG8xq:/dfle2eg9NubtJ/PRJQuV8xq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a4ecbb73af38b20242d90d0fb6a7dd82371298a6ea938987f1a2b7f429dfb557.exe

Files

2d585f1dfae193aa75db1ef0425369d74d99ff3368c251be14b2c7da9ac6c90e
.zip

Password: infected
a4ecbb73af38b20242d90d0fb6a7dd82371298a6ea938987f1a2b7f429dfb557.exe
.exe windows:5 windows x86 arch:x86

c593c1e9759e1ecc9bbe38d490441787

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\fikadoyitaf35\xidisihixezufo wab9_vububuganisak6\tujugifoji.pdb

Imports

kernel32

CreateFileW
VirtualAlloc
GetConsoleAliasA
SetComputerNameW
GetSystemWindowsDirectoryA
GlobalUnlock
FindFirstVolumeMountPointW
CreateDirectoryExA
DeleteAtom
GetLogicalDriveStringsA
ReadConsoleInputW
GetTempPathA
GetCurrentDirectoryW
DebugBreak
LCMapStringA
GetProcAddress
LocalAlloc
GetBinaryTypeA
SetThreadUILanguage
GetHandleInformation
EndUpdateResourceA
FindNextFileA
FindFirstVolumeA
GetConsoleTitleW
GlobalFlags
GetModuleHandleA
CopyFileA
lstrlenA
UpdateResourceW
CreateActCtxA
DeleteVolumeMountPointA
MoveFileWithProgressA
CreateMailslotW
WriteConsoleInputA
InterlockedExchangeAdd
EnumTimeFormatsA
FindFirstFileW
FreeEnvironmentStringsW
VerifyVersionInfoW
GetTickCount
SetLastError
GetLastError
CopyFileExA
CreateFileA
SetStdHandle
FillConsoleOutputAttribute
GetNumberOfConsoleInputEvents
CompareStringA
LoadLibraryW
LoadLibraryA
WriteConsoleW
GetConsoleOutputCP
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DeleteFileA
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
HeapFree
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
RtlUnwind
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RaiseException
HeapSize
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
CloseHandle
WriteConsoleA

user32

GetCursorInfo
GetMenuInfo

gdi32

GetCharWidth32A
GetCharABCWidthsA
GetColorAdjustment
GetBrushOrgEx

winhttp

WinHttpSetOption

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 39.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

c593c1e9759e1ecc9bbe38d490441787

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winhttp

Sections

.text Size: 85KB - Virtual size: 85KB

.data Size: 69KB - Virtual size: 39.5MB

.rsrc Size: 52KB - Virtual size: 52KB

.text
Size: 85KB - Virtual size: 85KB

.data
Size: 69KB - Virtual size: 39.5MB

.rsrc
Size: 52KB - Virtual size: 52KB