d5acb2ef686a1777115b331df661aaf9cbf999f3dd13b7bd0f4d8c65098d0a07

Sharing

Copy URL

Twitter E-mail

General

Target

d5acb2ef686a1777115b331df661aaf9cbf999f3dd13b7bd0f4d8c65098d0a07
Size

319KB
MD5

fb573bdb3905fb64d15d99cb3af6986a
SHA1

ef295102756aadf6ec0a10a4c1d7ad386e55e9fa
SHA256

d5acb2ef686a1777115b331df661aaf9cbf999f3dd13b7bd0f4d8c65098d0a07
SHA512

5fefe413672dc337d53d471687629156472d8e47c966e08cee085f50d6c73bb64a634643a26ea8f87b8dee949b406dd066aae073d54e4bb1b84506db13fcf1f4
SSDEEP

6144:KwvLTg1U3vdznN2ZEpeipw6xcU9peX2ZgAPPsyX8cXB:K8AwvdNUUxxemZPPs25B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5acb2ef686a1777115b331df661aaf9cbf999f3dd13b7bd0f4d8c65098d0a07

Files

d5acb2ef686a1777115b331df661aaf9cbf999f3dd13b7bd0f4d8c65098d0a07
.exe windows:5 windows x86 arch:x86

8a40b8109280cbdf5d118986dd06a109

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\puzobekoriwu-yoxicuxovomo\bolim.pdb

Imports

kernel32

GetModuleHandleExA
DeleteVolumeMountPointA
MoveFileExW
OpenJobObjectA
CreateJobObjectW
GetProcessPriorityBoost
GetModuleHandleW
FindNextVolumeMountPointA
GetConsoleAliasesA
EscapeCommFunction
GetWindowsDirectoryA
SetFileShortNameW
LoadLibraryW
Sleep
GetConsoleAliasExesLengthW
GetFileAttributesA
GlobalFlags
GetBinaryTypeW
GetStringTypeExA
GetLastError
GetProcAddress
VirtualAlloc
EnterCriticalSection
CreateSemaphoreW
WriteConsoleA
InterlockedExchangeAdd
LocalAlloc
GetProfileStringA
QueryDosDeviceW
WriteProfileSectionW
GetOEMCP
EnumDateFormatsA
GetModuleHandleA
GetStringTypeW
EndUpdateResourceA
GetVersionExA
FindAtomW
GetWindowsDirectoryW
CreateFileA
CloseHandle
GetStringTypeA
HeapFree
ExitProcess
GetStartupInfoW
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
HeapAlloc
HeapReAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetFilePointer
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WriteFile
GetModuleFileNameA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
IsValidCodePage
SetStdHandle
FlushFileBuffers
HeapSize
GetLocaleInfoA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW

user32

GetCaretBlinkTime
LoadIconA
CharLowerBuffW
CopyAcceleratorTableA
LoadMenuW
GetSysColorBrush
GetMenuInfo
SetCaretPos

winhttp

WinHttpSetOption

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 189KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ruzi
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rew
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tujinil
Size: 1024B - Virtual size: 723B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vugey
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a40b8109280cbdf5d118986dd06a109

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

winhttp

Sections

.text Size: 72KB - Virtual size: 72KB

.data Size: 189KB - Virtual size: 1.4MB

.ruzi Size: 1024B - Virtual size: 1024B

.rew Size: 6KB - Virtual size: 6KB

.tujinil Size: 1024B - Virtual size: 723B

.vugey Size: 1024B - Virtual size: 1024B

.rsrc Size: 38KB - Virtual size: 38KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 72KB - Virtual size: 72KB

.data
Size: 189KB - Virtual size: 1.4MB

.ruzi
Size: 1024B - Virtual size: 1024B

.rew
Size: 6KB - Virtual size: 6KB

.tujinil
Size: 1024B - Virtual size: 723B

.vugey
Size: 1024B - Virtual size: 1024B

.rsrc
Size: 38KB - Virtual size: 38KB

.reloc
Size: 8KB - Virtual size: 8KB