e2f1b2ca651c59bd48dd8c169fc105c4c14b6d17969b15cf673a0e25197ab61c

Sharing

Copy URL

Twitter E-mail

General

Target

e2f1b2ca651c59bd48dd8c169fc105c4c14b6d17969b15cf673a0e25197ab61c
Size

610KB
MD5

bda48bb6042dd7189d8b5dae919fc944
SHA1

1a0678ca6c5693248525fdb035139e436c62a260
SHA256

e2f1b2ca651c59bd48dd8c169fc105c4c14b6d17969b15cf673a0e25197ab61c
SHA512

73e1ed76d4ee95225bb8aedcd7f4fb1f26fc28a32f842d2e89fda9ba8c9ececdd58f6b29d85594e891cc685da8512a6f32bc9dc04b058387e2903824337a590a
SSDEEP

12288:JUTR2X4HpZYlZo4bTArjLfFwkYSy/cu3/uvTeOTH86R8/oPTncLgRs2AV:In7Yro4bOjLfSfSy/v3/ITeOY68/Mcgk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e2f1b2ca651c59bd48dd8c169fc105c4c14b6d17969b15cf673a0e25197ab61c

Files

e2f1b2ca651c59bd48dd8c169fc105c4c14b6d17969b15cf673a0e25197ab61c
.exe windows:6 windows x86 arch:x86

3747ebdaa2d6aee8eba20289f8ab6879

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\user.MAIZE\Desktop\mimikatz-master\mimikatz-master\Win32\banana.pdb

Imports

advapi32

CryptReleaseContext
CryptDestroyKey
LsaClose
LsaOpenPolicy
LsaQueryInformationPolicy
ConvertSidToStringSidW
SystemFunction033
LookupAccountNameW
GetLengthSid
SystemFunction027
IsValidSid
GetSidSubAuthority
GetSidSubAuthorityCount
LsaFreeMemory

cryptdll

CDLocateCheckSum
MD5Init
MD5Update
MD5Final

netapi32

DsGetDcNameW
NetApiBufferFree

ole32

CoInitializeEx
CoUninitialize

secur32

FreeContextBuffer
QueryContextAttributesW

rpcrt4

RpcBindingSetOption
RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
RpcStringFreeW
MesHandleFree
MesDecodeIncrementalHandleCreate
RpcBindingFree
RpcBindingFromStringBindingW
NdrMesTypeFree2
I_RpcGetCurrentCallHandle
NdrClientCall2
NdrServerCall2
I_RpcBindingInqSecurityContext

msasn1

ASN1_CreateEncoder
ASN1BERDotVal2Eoid
ASN1_FreeEncoded
ASN1_CloseModule
ASN1_CreateModule
ASN1_CloseDecoder
ASN1_CreateDecoder
ASN1_CloseEncoder

ntdll

RtlStringFromGUID
RtlGetNtVersionNumbers
RtlGUIDFromString
RtlInitUnicodeString
RtlFreeUnicodeString

kernel32

GetFileSizeEx
FreeEnvironmentStringsW
SetFilePointerEx
WriteConsoleW
SetEnvironmentVariableW
GetStringTypeW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetStdHandle
GetConsoleMode
LCMapStringW
CompareStringW
GetFileType
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
RaiseException
EncodePointer
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetEvent
ExitProcess
ExitThread
SetConsoleCtrlHandler
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
FormatMessageA
GetSystemTime
FreeLibrary
GetProcessHeap
GetCurrentProcessId
GetFileSize
LockFileEx
GetProcAddress
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
LocalAlloc
GetLastError
LocalFree
FindNextFileW
FindClose
CreateFileW
GetFileAttributesW
CloseHandle
ReadFile
SetLastError
WriteFile
SetFilePointer
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetConsoleOutputCP
SetConsoleOutputCP
GetCurrentProcess
lstrlenW
SystemTimeToFileTime
WideCharToMultiByte
GetSystemTimeAsFileTime
AreFileApisANSI
HeapCreate
HeapFree
GetFullPathNameW
DecodePointer

Sections

.text
Size: 467KB - Virtual size: 467KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3747ebdaa2d6aee8eba20289f8ab6879

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

cryptdll

netapi32

ole32

secur32

rpcrt4

msasn1

ntdll

kernel32

Sections

.text Size: 467KB - Virtual size: 467KB

.rdata Size: 97KB - Virtual size: 96KB

.data Size: 7KB - Virtual size: 11KB

.rsrc Size: 22KB - Virtual size: 22KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 467KB - Virtual size: 467KB

.rdata
Size: 97KB - Virtual size: 96KB

.data
Size: 7KB - Virtual size: 11KB

.rsrc
Size: 22KB - Virtual size: 22KB

.reloc
Size: 14KB - Virtual size: 14KB