e11547db899baadb5a40d9e624779d42a76ae3a7f3fcfe69c94e9e0d4783c32e[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

e11547db899baadb5a40d9e624779d42a76ae3a7f3fcfe69c94e9e0d4783c32e.exe
Size

1.3MB
MD5

18daabe5d418c11ea9f4dbcfe0f0ff68
SHA1

ea9469bcc21a1d90cc6282740634221c3cc4dd2a
SHA256

e11547db899baadb5a40d9e624779d42a76ae3a7f3fcfe69c94e9e0d4783c32e
SHA512

e9d8ac0524df841e2b3517c8d431c5ea261f8dfbf56d3f4965a0bfdbc9637be67e586437bfbf8487d070ee1c38daddfce300f13e8ef8e4484a6fa6219492a7f0
SSDEEP

24576:3GVHktlw0r6ZbU+7qe2EjSIgVVdHMuK1PrVhNRW/urkDmWcq8bwERy:uHGw9d37qcjSIkHe1zVhDWq+fcqSwEk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
e11547db899baadb5a40d9e624779d42a76ae3a7f3fcfe69c94e9e0d4783c32e.exe

Files

e11547db899baadb5a40d9e624779d42a76ae3a7f3fcfe69c94e9e0d4783c32e.exe
.dll windows:6 windows x86 arch:x86

79b69b9f07c88ba59b2b543cb6c8b4ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\565\and\subject\door-Ease\cross\direct.pdb

Imports

kernel32

HeapReAlloc
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
CreateFileW
WriteConsoleW
HeapSize
SetEndOfFile
GlobalUnlock
IsBadReadPtr
TlsGetValue
RemoveDirectoryA
GetWindowsDirectoryA
GlobalFree
GlobalAlloc
TlsAlloc
GetSystemDirectoryA
GetCurrentDirectoryA
GetEnvironmentVariableA
SetErrorMode
VirtualProtect
GetLastError
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
InterlockedFlushSList
FreeLibrary
LoadLibraryExW
ReadFile
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetStdHandle
GetFileType
HeapAlloc
HeapFree
CloseHandle
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
WriteFile
GetConsoleCP

user32

ValidateRect
BeginPaint
ReleaseDC
PostMessageA
CallNextHookEx
InvalidateRect
GetClassInfoExA
MapWindowPoints
GetWindowLongA
GetSystemMetrics
EnumWindows
DefWindowProcW
DestroyMenu

ole32

OleUninitialize
OleSetContainedObject
OleInitialize

secur32

AcquireCredentialsHandleA
AcceptSecurityContext
FreeContextBuffer
InitializeSecurityContextA
FreeCredentialsHandle

clusapi

GetClusterResourceTypeKey
SetClusterGroupNodeList
GetClusterResourceState
GetClusterNetInterfaceKey
GetClusterFromNode
GetClusterGroupKey
SetClusterNetworkPriorityOrder
GetClusterNetworkKey
OpenClusterGroup
SetClusterNetworkName
GetClusterResourceNetworkName
SetClusterQuorumResource
OpenCluster
GetClusterInformation
GetClusterNotify
GetClusterQuorumResource
GetClusterNodeKey
GetClusterKey
MoveClusterGroup
SetClusterName
OpenClusterNetwork
RemoveClusterResourceDependency
GetClusterFromResource
GetClusterNodeState
RemoveClusterResourceNode
SetClusterGroupName
OpenClusterNetInterface
SetClusterResourceName
GetClusterNetInterface
GetNodeClusterState
GetClusterNetInterfaceState
GetClusterFromNetwork
GetClusterNodeId
OnlineClusterGroup
OpenClusterResource
OfflineClusterGroup
GetClusterGroupState
OnlineClusterResource
OfflineClusterResource
ResumeClusterNode
GetClusterResourceKey
SetClusterServiceAccountPassword
OpenClusterNode
RegisterClusterNotify
RestoreClusterDatabase
PauseClusterNode
GetClusterNetworkId
GetClusterNetworkState

Exports

Exports

Exceptthin
Firefour
Full

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 621KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 898B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79b69b9f07c88ba59b2b543cb6c8b4ec

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

secur32

clusapi

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 183KB - Virtual size: 182KB

.data Size: 4KB - Virtual size: 621KB

.rsrc Size: 1024B - Virtual size: 898B

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 183KB - Virtual size: 182KB

.data
Size: 4KB - Virtual size: 621KB

.rsrc
Size: 1024B - Virtual size: 898B

.reloc
Size: 10KB - Virtual size: 9KB