d887994378a4b8725b228a15b57fa8eace51fa60419f23852685ee7dfab5948a

Sharing

Copy URL

Twitter E-mail

General

Target

d887994378a4b8725b228a15b57fa8eace51fa60419f23852685ee7dfab5948a
Size

115KB
MD5

e089630e4b0ccdd3f8a68b8468774e2e
SHA1

1c26009ffb2ec5b949b5480265d67c18fd505ef8
SHA256

d887994378a4b8725b228a15b57fa8eace51fa60419f23852685ee7dfab5948a
SHA512

c3d06c62976ca9f6c6dabc89d753c6cbddaf61d879ed56ae0b930c4d16b38bb9c87bdf84fad14150d0cd6f9992c7321764dcd8b87332605b6407d7e511c8966c
SSDEEP

3072:cpCyitQSJTkqryzluhOIEudNJjD6JI6bgy0fI:mtLpukQn6UyL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/16185d5dba15b2f274dda94372c6b15d986117429b8b4c831f7b81220a7de695.exe

Files

d887994378a4b8725b228a15b57fa8eace51fa60419f23852685ee7dfab5948a
.zip

Password: infected
16185d5dba15b2f274dda94372c6b15d986117429b8b4c831f7b81220a7de695.exe
.exe windows:5 windows x86 arch:x86

2342193280c3712766dd79403d9dec39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\siso7\jopac\bularovex\yiwe73\jac87 mexayey-cidu\tomon.pdb

Imports

kernel32

LoadLibraryW
GetVolumeInformationA
EnumSystemCodePagesA
LocalFree
FindNextFileW
TlsGetValue
CopyFileExA
MoveFileWithProgressW
SetVolumeLabelA
GetFirmwareEnvironmentVariableA
VerifyVersionInfoW
QueryDosDeviceW
EnumCalendarInfoExW
LocalFlags
VirtualProtect
TlsSetValue
CreateFileA
MapViewOfFile
GetWindowsDirectoryW
GetModuleHandleA
VirtualAlloc
IsBadReadPtr
CreateMemoryResourceNotification
WriteConsoleInputW
FindNextVolumeMountPointW
OpenWaitableTimerW
LocalReAlloc
FindResourceA
SearchPathA
RequestWakeupLatency
CallNamedPipeA
GetProcAddress
LoadLibraryA
GlobalAlloc
SetFileTime
GetVolumeNameForVolumeMountPointA
SetCalendarInfoA
GetModuleHandleW
TerminateThread
GetSystemWindowsDirectoryW
MoveFileA
ResetWriteWatch
GetMailslotInfo
SetThreadUILanguage
GetDiskFreeSpaceExA
SetVolumeMountPointA
GetOEMCP
SetProcessAffinityMask
GlobalFindAtomW
InterlockedIncrement
InterlockedExchangeAdd
CancelTimerQueueTimer
ZombifyActCtx
InitializeCriticalSection
FindNextVolumeW
LeaveCriticalSection
HeapQueryInformation
InterlockedExchange
SetConsoleTitleA
GetPrivateProfileStructW
InterlockedCompareExchange
GetConsoleAliasExesLengthA
EnumCalendarInfoW
InterlockedDecrement
GetEnvironmentStringsW
GetTickCount
SetLastError
AddAtomA
Sleep
DeleteCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetLastError
DeleteFileA
GetStartupInfoW
HeapFree
HeapAlloc
TlsAlloc
TlsFree
GetCurrentThreadId
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
HeapReAlloc
GetCPInfo
GetACP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FlushFileBuffers
ReadFile
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CloseHandle

user32

GetAltTabInfoA

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

2342193280c3712766dd79403d9dec39

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 80KB - Virtual size: 80KB

.data Size: 70KB - Virtual size: 1.5MB

.rsrc Size: 22KB - Virtual size: 21KB

.text
Size: 80KB - Virtual size: 80KB

.data
Size: 70KB - Virtual size: 1.5MB

.rsrc
Size: 22KB - Virtual size: 21KB