567fb69d76ea237159c02b5a4e4ebe4be9571d506cc8cf38637f055800055608N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

567fb69d76ea237159c02b5a4e4ebe4be9571d506cc8cf38637f055800055608N.exe
Size

140KB
MD5

cd75e2ac31727e8476ea3d45cc4b4f70
SHA1

2a9481617dd6ec0b1b61a047dfc5bc72cb1111e6
SHA256

567fb69d76ea237159c02b5a4e4ebe4be9571d506cc8cf38637f055800055608
SHA512

a2e11f6a5449dc9ce00e048c7fa2f8ce03d65d569404c9c888c03dd011d2e6cca4521348105e497aaed391cb124a247657a08d4c0e8671619974205cf779a591
SSDEEP

1536:rBC8cGhP4h1QlBR5szrAMty3KntgmaGSR1EbsQI1mhiMBUroMhF:rBC81V4Iz0r7ty3KlaPEbsQIxrDf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
567fb69d76ea237159c02b5a4e4ebe4be9571d506cc8cf38637f055800055608N.exe

Files

567fb69d76ea237159c02b5a4e4ebe4be9571d506cc8cf38637f055800055608N.exe
.dll windows:4 windows x86 arch:x86

1dd8cd43b684daaa7a1f5222e01e66d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

d3d9

Direct3DCreate9

kernel32

LoadLibraryW
FreeLibrary
VerifyVersionInfoW
VerSetConditionMask
Sleep
GetModuleHandleW
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetProcAddress
GetStdHandle
HeapAlloc
GetLastError
HeapFree
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetModuleHandleA
ExitProcess
WriteFile
GetModuleFileNameA
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
RtlUnwind
LoadLibraryA
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
GetLocaleInfoA

user32

DestroyWindow
RegisterClassExW
CreateWindowExW
UnregisterClassW
ReleaseDC
GetClientRect
GetDC
DefWindowProcW
ShowWindow

gdi32

GetStockObject
DeleteDC
CreateCompatibleDC

Exports

Exports

ULPSCheck
ULPSClose
ULPSCloseD3D
ULPSOpen
ULPSWait

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1dd8cd43b684daaa7a1f5222e01e66d5

Headers

File Characteristics

Imports

d3d9

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 40KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 8KB - Virtual size: 5KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 8KB - Virtual size: 5KB

.rmnet
Size: 60KB - Virtual size: 60KB