e01009df04878cde68a9ff6f0923e60eef4d0fd3a7bd3fbcad368ea81697af9e

Sharing

Copy URL

Twitter E-mail

General

Target

e01009df04878cde68a9ff6f0923e60eef4d0fd3a7bd3fbcad368ea81697af9e
Size

2.6MB
MD5

39127a5c36fbf6bfc192853b6c51e41d
SHA1

73750052bc14c1f0017e87e06107c519606b6da0
SHA256

e01009df04878cde68a9ff6f0923e60eef4d0fd3a7bd3fbcad368ea81697af9e
SHA512

3e2887d87f271447d0d3705d3138e1ccf639b50ecc1e0bcffdf7d388830284fe23b81893a5c5826bb981003ab09c5d6647a24ab83441c6b48837018682f00ac0
SSDEEP

49152:VELOpKnXu2dN8L+RXvKaTM+MTHUPDJG4CZqDs4hP7CpIC/:VELOpKXu2dZvKaTs2JGBq44u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e01009df04878cde68a9ff6f0923e60eef4d0fd3a7bd3fbcad368ea81697af9e

Files

e01009df04878cde68a9ff6f0923e60eef4d0fd3a7bd3fbcad368ea81697af9e
.exe windows:5 windows x86 arch:x86

e719c2079836400a1cda41563eee04a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

kernel32

CopyFileW
MoveFileExW
GetCurrentProcessId
GetLongPathNameW
GetEnvironmentVariableW
GetDriveTypeW
CreateDirectoryW
CreateFileA
WTSGetActiveConsoleSessionId
GlobalAlloc
GlobalFree
LocalAlloc
LocalFree
OpenProcess
TerminateProcess
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
VirtualAlloc
VirtualFree
GetCurrentThreadId
TerminateThread
Sleep
lstrcmpiW
GetModuleHandleW
ProcessIdToSessionId
GetTickCount
GetSystemInfo
VirtualProtect
SetLastError
GetNativeSystemInfo
LoadLibraryA
IsBadReadPtr
CreateThread
InitializeCriticalSection
FindClose
LeaveCriticalSection
SetEvent
CreateEventW
GetLocalTime
FindNextFileW
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
FindNextFileA
FindFirstFileA
ReadFile
WriteFile
GetFileSize
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
DecodePointer
DeleteFileA
WritePrivateProfileStringW
GetPrivateProfileIntW
GetModuleFileNameW
lstrlenW
GetPrivateProfileStringW
GetVolumeInformationW
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
GetVersionExW
SetPriorityClass
FindResourceW
SizeofResource
LoadResource
LockResource
GetSystemWindowsDirectoryW
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DeleteFileW
FindFirstFileW
GetFileAttributesExW
GetFileAttributesW
GetTempPathW
lstrcpyW
FileTimeToSystemTime
ResetEvent
SystemTimeToFileTime
GetSystemTime
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
GetModuleHandleExW
VerifyVersionInfoA
GetSystemDirectoryA
CreateFileW
OutputDebugStringA
CloseHandle
DeviceIoControl
GetLastError
GetCurrentProcess
EnterCriticalSection
GetModuleHandleA
VerSetConditionMask
ExpandEnvironmentStringsA
PeekNamedPipe
SetEndOfFile
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
FlushFileBuffers
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleCP
GetACP
SetConsoleCtrlHandler
ExitProcess
SetFilePointerEx
SystemTimeToTzSpecificLocalTime
ExitThread
RtlUnwind
WaitForSingleObjectEx
GetCurrentThread
QueryPerformanceCounter
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
FormatMessageA
SleepEx
WaitForMultipleObjects
GetFileType
GetStdHandle

user32

wsprintfW
MessageBoxW
GetUserObjectInformationW
LoadStringW
GetProcessWindowStation

advapi32

CryptAcquireContextW
CryptGenRandom
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
CreateProcessAsUserW
LookupPrivilegeValueW
SetTokenInformation
DuplicateTokenEx
LookupAccountSidW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
OpenProcessToken
ImpersonateLoggedOnUser
RevertToSelf
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
CryptReleaseContext

shell32

SHGetFolderPathW
SHChangeNotify
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

psapi

EnumProcesses
GetProcessImageFileNameW

shlwapi

PathAddBackslashW
StrStrIW
SHGetValueW
PathAppendW
SHGetValueA
SHDeleteKeyW
SHDeleteValueW
PathFileExistsW
SHSetValueW

wldap32

ord50
ord60
ord211
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord46
ord22
ord143
ord41

wtsapi32

WTSQueryUserToken

ws2_32

setsockopt
WSAStartup
WSACleanup
recv
send
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
socket
WSAIoctl
gethostname
ioctlsocket
listen
getaddrinfo
freeaddrinfo
recvfrom
sendto
accept

wininet

InternetReadFile
InternetOpenUrlW
InternetSetOptionW
InternetOpenW
HttpQueryInfoW
InternetQueryOptionW
InternetCloseHandle

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 545KB - Virtual size: 544KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 24KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 148KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e719c2079836400a1cda41563eee04a2

Headers

DLL Characteristics

File Characteristics

Imports

userenv

kernel32

user32

advapi32

shell32

ole32

psapi

shlwapi

wldap32

wtsapi32

ws2_32

wininet

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 545KB - Virtual size: 544KB

.data Size: 24KB - Virtual size: 55KB

.gfids Size: 512B - Virtual size: 492B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 203KB - Virtual size: 202KB

.reloc Size: 148KB - Virtual size: 152KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 545KB - Virtual size: 544KB

.data
Size: 24KB - Virtual size: 55KB

.gfids
Size: 512B - Virtual size: 492B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 203KB - Virtual size: 202KB

.reloc
Size: 148KB - Virtual size: 152KB