0e4613e0a83c6333c44f0ce68a693e3efd0d7764951135e3603aa2f97eb82018

Sharing

Copy URL

Twitter E-mail

General

Target

0e4613e0a83c6333c44f0ce68a693e3efd0d7764951135e3603aa2f97eb82018
Size

416KB
MD5

bcb294deec71d70c20d8c83af2cd8ef1
SHA1

5be5be492059a177dd32c861bd7e09410546c017
SHA256

0e4613e0a83c6333c44f0ce68a693e3efd0d7764951135e3603aa2f97eb82018
SHA512

99311e145476578af22e86f0f323b9f5e48bc8a3f95628522bf2756cafbebf9234e69bd2552aa0854b5c57191cdbcb966656297057df599655c3c859084e4f46
SSDEEP

6144:Fn7vye1hX9DYGBjgQhR7cG+sgkokddTZ1aHbP1/k4Wy/adMgDRy+DoK:F7hTXFPBjgQhUsNPdv1KVPR/anNf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e4613e0a83c6333c44f0ce68a693e3efd0d7764951135e3603aa2f97eb82018

Files

0e4613e0a83c6333c44f0ce68a693e3efd0d7764951135e3603aa2f97eb82018
.exe windows:5 windows x86 arch:x86

79308deed746567d711b667ee2d6efa1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\fiwoyo\wukus89-kef51 baked83-vumili\dexu.pdb

Imports

kernel32

WriteProfileSectionA
SetLocaleInfoA
FindFirstVolumeA
FlushConsoleInputBuffer
HeapWalk
FindFirstChangeNotificationA
PulseEvent
GetNamedPipeHandleStateW
CompareFileTime
EnumResourceTypesA
EnumResourceNamesA
FillConsoleOutputCharacterW
GetTimeZoneInformation
TerminateThread
SignalObjectAndWait
GetVersionExW
VerifyVersionInfoA
QueryDepthSList
SetEvent
FindNextFileA
BuildCommDCBAndTimeoutsA
GetCompressedFileSizeA
CopyFileExW
ReadConsoleOutputCharacterA
SetDefaultCommConfigW
VerLanguageNameA
EscapeCommFunction
WritePrivateProfileStructA
FreeEnvironmentStringsA
CreateTimerQueue
FindNextVolumeMountPointA
ResetWriteWatch
WriteConsoleInputA
SetComputerNameExA
FindAtomA
LoadResource
GetThreadPriority
CallNamedPipeW
BuildCommDCBAndTimeoutsW
VirtualProtect
GetModuleHandleA
LocalAlloc
GlobalUnfix
GetProfileSectionW
GetCommandLineA
InterlockedExchange
FindFirstChangeNotificationW
GetCalendarInfoA
ReleaseActCtx
OutputDebugStringW
FormatMessageA
SetDllDirectoryW
WritePrivateProfileStringA
GetUserDefaultLangID
GlobalFix
GetVersionExA
HeapValidate
InterlockedCompareExchange
CopyFileA
GetLastError
SetCalendarInfoW
DebugBreak
SetConsoleTextAttribute
SetLastError
GetSystemWow64DirectoryW
GetStartupInfoW
DisconnectNamedPipe
GetComputerNameExW
GetPrivateProfileSectionNamesA
ContinueDebugEvent
InterlockedExchangeAdd
GetSystemWindowsDirectoryW
CopyFileW
GetACP
GetPrivateProfileStringA
CreateActCtxA
GetConsoleAliasW
OutputDebugStringA
lstrlenA
WriteConsoleA
GetPrivateProfileSectionNamesW
GlobalWire
FormatMessageW
GetSystemTimeAsFileTime
EnumCalendarInfoA
SetThreadAffinityMask
VerSetConditionMask
CreateConsoleScreenBuffer
GetSystemWindowsDirectoryA
GetProfileStringW
CreateIoCompletionPort
AllocConsole
GlobalGetAtomNameW
SetComputerNameW
GetConsoleAliasExesLengthW
WriteConsoleInputW
CreateMailslotW
GetCommState
SetThreadContext
GetSystemTimeAdjustment
_lwrite
_lopen
EnumSystemLocalesW
GetConsoleAliasExesLengthA
MoveFileA
GetWriteWatch
OpenSemaphoreW
GetPrivateProfileStringW
DeleteAtom
EnumDateFormatsA
LoadLibraryW
WriteConsoleOutputCharacterA
TlsFree
GetProfileSectionA
CreateActCtxW
CreateJobSet
CancelDeviceWakeupRequest
AreFileApisANSI
OpenWaitableTimerA
OpenFileMappingA
SetProcessAffinityMask
GetConsoleAliasesLengthW
SetProcessShutdownParameters
FillConsoleOutputCharacterA
FindNextVolumeMountPointW
SetThreadPriority
ReadConsoleA
AddAtomA
WriteConsoleOutputCharacterW
GetNumberFormatW
GetConsoleAliasExesA
GetBinaryTypeA
EnterCriticalSection
InitializeCriticalSection
GetCPInfoExW
LoadLibraryA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DeleteFileA
RaiseException
GetStartupInfoA
IsBadReadPtr
DeleteCriticalSection
LeaveCriticalSection
GetModuleFileNameW
GetProcAddress
SetStdHandle
GetFileType
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetModuleHandleW
Sleep
InterlockedIncrement
InterlockedDecrement
ExitProcess
GetModuleFileNameA
GetStdHandle
SetHandleCount
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsGetValue
TlsAlloc
TlsSetValue
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetOEMCP
GetCPInfo
IsValidCodePage
RtlUnwind
InitializeCriticalSectionAndSpinCount
WriteConsoleW
GetConsoleOutputCP
MultiByteToWideChar
SetFilePointer
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA
CloseHandle
FlushFileBuffers

gdi32

GetBitmapBits

Sections

.text
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 182KB - Virtual size: 736KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79308deed746567d711b667ee2d6efa1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

Sections

.text Size: 192KB - Virtual size: 192KB

.data Size: 182KB - Virtual size: 736KB

.rsrc Size: 23KB - Virtual size: 22KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 192KB - Virtual size: 192KB

.data
Size: 182KB - Virtual size: 736KB

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 17KB - Virtual size: 16KB