a620f7eb04ed1c6a4cdb0a9156d4e91bede3e404a9c97cb7825eab90311c2179

Sharing

Copy URL

Twitter E-mail

General

Target

a620f7eb04ed1c6a4cdb0a9156d4e91bede3e404a9c97cb7825eab90311c2179
Size

1.1MB
MD5

6135580e167df7532b64f85ad09a9a9f
SHA1

c42e062a40a89d41081428af6c50119286996351
SHA256

a620f7eb04ed1c6a4cdb0a9156d4e91bede3e404a9c97cb7825eab90311c2179
SHA512

0a0932a6607f8cc2b368ad2a18d473186a33a9192de535bb4e1743462b1681960f9785634142ad0cb673b1750191e8b4e0797a77f5e169a992227d2149ed07df
SSDEEP

24576:CWBMLsofhfaUjLsEjc1mJGITY/49JGdHtQ9gETEDSGz9BZRN9s:hBXWfawjemJGuY/4Cy9jIWGLZRU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a460f28077b388b7191a1fabbc759d4c242c46336a3cd94d62d9d6a12a5d791f.exe

Files

a620f7eb04ed1c6a4cdb0a9156d4e91bede3e404a9c97cb7825eab90311c2179
.zip

Password: infected
a460f28077b388b7191a1fabbc759d4c242c46336a3cd94d62d9d6a12a5d791f.exe
.exe windows:5 windows x86 arch:x86

8b512f0a0b2cd54ff600ee8ace8b2bd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\zen\nuheweca.pdb

Imports

kernel32

SetDefaultCommConfigW
CreateHardLinkA
GetConsoleAliasesA
LoadLibraryW
_hread
IsBadCodePtr
CreateEventA
FormatMessageW
GetStringTypeExW
GetExitCodeProcess
GetFileAttributesW
WriteConsoleW
WritePrivateProfileSectionW
GetLogicalDriveStringsA
ChangeTimerQueueTimer
SetLastError
GetProcAddress
GlobalAddAtomA
EnumSystemCodePagesW
LocalAlloc
FoldStringA
FreeEnvironmentStringsW
VirtualProtect
GetWindowsDirectoryW
GetFileInformationByHandle
GlobalReAlloc
InterlockedPushEntrySList
LCMapStringW
CloseHandle
CreateFileA
HeapSize
lstrcpynA
CallNamedPipeA
VirtualAlloc
GetVolumeNameForVolumeMountPointA
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetLastError
HeapFree
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetModuleFileNameA
GetModuleFileNameW
GetEnvironmentStringsW
GetCommandLineW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
MultiByteToWideChar
LoadLibraryA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
FlushFileBuffers
RaiseException

user32

ClientToScreen
LoadMenuA
InvalidateRgn
GetMenuInfo
MessageBoxIndirectW
CountClipboardFormats
SetScrollInfo

gdi32

GetGlyphIndicesW

advapi32

RegOpenKeyA

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 38.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

8b512f0a0b2cd54ff600ee8ace8b2bd0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.data Size: 9KB - Virtual size: 38.7MB

.rsrc Size: 106KB - Virtual size: 105KB

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 9KB - Virtual size: 38.7MB

.rsrc
Size: 106KB - Virtual size: 105KB

.reloc
Size: 32KB - Virtual size: 32KB