2e0b14e7d782dc4b1068cfb1d9f5ebe7ec12a487d3fc6b10fd8f9647e6616f81

Sharing

Copy URL

Twitter E-mail

General

Target

2e0b14e7d782dc4b1068cfb1d9f5ebe7ec12a487d3fc6b10fd8f9647e6616f81
Size

740KB
MD5

34f14ee61c3b816daab138204f797e99
SHA1

2dc2e6d6fb1cad634fbb70dcbf4971349f834534
SHA256

2e0b14e7d782dc4b1068cfb1d9f5ebe7ec12a487d3fc6b10fd8f9647e6616f81
SHA512

1daa767f6b4688d04a8fbd7e9114eed41b41f83139fa354b155316475f4c14d5a67571fe54cb85db883fcb57a150f78cd1de9a45b017cef50c2aa4586e7c5a21
SSDEEP

12288:EyTgm9gsU47TjPM7c9ULrxwS7yoG1XZWOqOBrjdl1zXuG/BCIC9YDV:EUgm9f73M7+ULrm6ydJDqOBrjdl1CG/W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e0b14e7d782dc4b1068cfb1d9f5ebe7ec12a487d3fc6b10fd8f9647e6616f81

Files

2e0b14e7d782dc4b1068cfb1d9f5ebe7ec12a487d3fc6b10fd8f9647e6616f81
.exe windows:6 windows x64 arch:x64

c5a4d9c4e82742490728206996e149c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\user.MAIZE\Desktop\mimikatz-master\mimikatz-master\x64\banana.pdb

Imports

advapi32

CryptReleaseContext
CryptDestroyKey
LsaClose
LsaOpenPolicy
LsaQueryInformationPolicy
ConvertSidToStringSidW
SystemFunction033
LookupAccountNameW
GetLengthSid
SystemFunction027
IsValidSid
GetSidSubAuthority
GetSidSubAuthorityCount
LsaFreeMemory

cryptdll

CDLocateCheckSum
MD5Init
MD5Update
MD5Final

netapi32

NetApiBufferFree
DsGetDcNameW

ole32

CoInitializeEx
CoUninitialize

secur32

FreeContextBuffer
QueryContextAttributesW

rpcrt4

RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
RpcBindingSetOption
RpcBindingFromStringBindingW
MesHandleFree
MesDecodeIncrementalHandleCreate
RpcBindingFree
NdrMesTypeFree2
RpcStringFreeW
I_RpcGetCurrentCallHandle
NdrServerCall2
NdrClientCall2
I_RpcBindingInqSecurityContext

msasn1

ASN1_CreateEncoder
ASN1BERDotVal2Eoid
ASN1_FreeEncoded
ASN1_CloseModule
ASN1_CreateModule
ASN1_CloseDecoder
ASN1_CreateDecoder
ASN1_CloseEncoder

ntdll

RtlStringFromGUID
RtlGetNtVersionNumbers
RtlGUIDFromString
RtlInitUnicodeString
RtlFreeUnicodeString

kernel32

GetFileSizeEx
FreeEnvironmentStringsW
SetFilePointerEx
WriteConsoleW
SetEnvironmentVariableW
GetStringTypeW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetStdHandle
GetConsoleMode
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFileType
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
RtlPcToFileHeader
RaiseException
EncodePointer
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RtlUnwindEx
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetEvent
ExitProcess
ExitThread
SetConsoleCtrlHandler
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
FormatMessageA
GetSystemTime
FreeLibrary
GetProcessHeap
GetCurrentProcessId
GetFileSize
LockFileEx
GetProcAddress
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
WaitForSingleObject
LocalAlloc
GetLastError
LocalFree
FindNextFileW
FindClose
CreateFileW
GetFileAttributesW
CloseHandle
ReadFile
SetLastError
WriteFile
SetFilePointer
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetConsoleOutputCP
SetConsoleOutputCP
GetCurrentProcess
lstrlenW
SystemTimeToFileTime
WideCharToMultiByte
GetSystemTimeAsFileTime
AreFileApisANSI
HeapCreate
HeapFree
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW

Sections

.text
Size: 550KB - Virtual size: 549KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5a4d9c4e82742490728206996e149c5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

cryptdll

netapi32

ole32

secur32

rpcrt4

msasn1

ntdll

kernel32

Sections

.text Size: 550KB - Virtual size: 549KB

.rdata Size: 129KB - Virtual size: 128KB

.data Size: 12KB - Virtual size: 17KB

.pdata Size: 19KB - Virtual size: 19KB

_RDATA Size: 512B - Virtual size: 384B

.rsrc Size: 22KB - Virtual size: 22KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 550KB - Virtual size: 549KB

.rdata
Size: 129KB - Virtual size: 128KB

.data
Size: 12KB - Virtual size: 17KB

.pdata
Size: 19KB - Virtual size: 19KB

_RDATA
Size: 512B - Virtual size: 384B

.rsrc
Size: 22KB - Virtual size: 22KB

.reloc
Size: 5KB - Virtual size: 4KB