56be81e4170f3c4077c11fc094e593737690110a9bafa16b623e680ff4c0b387

Sharing

Copy URL

Twitter E-mail

General

Target

56be81e4170f3c4077c11fc094e593737690110a9bafa16b623e680ff4c0b387
Size

242KB
MD5

46d335c5ac5b074bd1e1a96a10706a70
SHA1

67126a2262b8bae92a1542f0c79ef4220f8a4c99
SHA256

56be81e4170f3c4077c11fc094e593737690110a9bafa16b623e680ff4c0b387
SHA512

78df3b00d0e51c65949c890b2e9eb3859914bae2375fb63005b081d21e0f28e38b90d0be6fcaf382123e09abf9b15e3ea09799b658add51e75057b17ec36e2b9
SSDEEP

6144:cYUOLxSH61sv7t86m49F/4jXGpZ13H1TugPAPO4syfI:C+1u/F2IZtdug43siI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d.exe

Files

56be81e4170f3c4077c11fc094e593737690110a9bafa16b623e680ff4c0b387
.zip

Password: infected
d.exe
.exe windows:1 windows x86 arch:x86

5a16c1f9db70dc8ab1a256f04fb32314

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetACP
GetOEMCP
GetCPInfo
WriteConsoleA
FindFirstFileA
FileTimeToDosDateTime
FindNextFileA
GetStringTypeA
GlobalAlloc
GlobalFree
GetFileType
CreateFileA
GetTickCount
GetProcessHeap
UnhandledExceptionFilter
ExitProcess
GetModuleFileNameA
SetConsoleCtrlHandler
CreateThread
ExitThread
LCMapStringA
FreeEnvironmentStringsA
GetVersion
GetEnvironmentStrings
SetHandleCount
SetFilePointer
DeleteFileA
HeapAlloc
HeapReAlloc
HeapFree
GetCommandLineA
VerifyVersionInfoW
VerSetConditionMask
FreeLibraryAndExitThread
GetThreadContext
SuspendThread
GetModuleHandleExW
TerminateThread
OpenThread
CreateEventW
GlobalMemoryStatus
SetEvent
CreateSemaphoreA
ReleaseSemaphore
FindFirstFileW
FindNextFileW
FindClose
Sleep
GetEnvironmentVariableA
RtlCaptureContext
VirtualAlloc
ExpandEnvironmentStringsW
lstrlenW
GetModuleHandleA
TryEnterCriticalSection
LoadLibraryA
SwitchToThread
WaitForSingleObject
GetExitCodeThread
ResumeThread
VirtualFree
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
GetTimeZoneInformation
DuplicateHandle
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
FormatMessageW
WriteFile
GetConsoleOutputCP
FreeLibrary
GetConsoleScreenBufferInfo
MultiByteToWideChar
SetLastError
GetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEnvironmentVariableW
QueryPerformanceFrequency
QueryPerformanceCounter
RtlUnwind
CreateProcessW
GetStdHandle
GetHandleInformation
SetHandleInformation
RaiseException
IsDebuggerPresent
GetSystemInfo
ReadFile
GetFileSize
CloseHandle
CreateFileW
GetCurrentDirectoryW
LocalFree
WideCharToMultiByte
GetCommandLineW
GetFileAttributesW
GetLastError
LoadLibraryW
GetProcAddress

shell32

CommandLineToArgvW

user32

MessageBoxA

advapi32

RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegFlushKey
RegQueryInfoKeyW
RegDeleteKeyW
RegQueryValueExW
RegSetValueExW
RegOpenKeyW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

Sections

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

TPB
Size: 414KB - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT$XIA
Size: 114KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 28B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

5a16c1f9db70dc8ab1a256f04fb32314

Headers

File Characteristics

Imports

kernel32

shell32

user32

advapi32

Sections

.idata Size: 3KB - Virtual size: 3KB

TPB Size: 414KB - Virtual size: 414KB

.tls Size: 512B - Virtual size: 512B

.CRT$XIA Size: 114KB - Virtual size: 124KB

.reloc Size: 22KB - Virtual size: 22KB

.debug Size: 28B - Virtual size: 512B

.idata
Size: 3KB - Virtual size: 3KB

TPB
Size: 414KB - Virtual size: 414KB

.tls
Size: 512B - Virtual size: 512B

.CRT$XIA
Size: 114KB - Virtual size: 124KB

.reloc
Size: 22KB - Virtual size: 22KB

.debug
Size: 28B - Virtual size: 512B