1623650a9c842eb4d7172218d746a51bd04e9d9c47eef1ee70129dd010584c00

Sharing

Copy URL

Twitter E-mail

General

Target

1623650a9c842eb4d7172218d746a51bd04e9d9c47eef1ee70129dd010584c00
Size

288KB
MD5

a13012f26216459efd22cbd93dfbb382
SHA1

36fb42c5148aacc3916106c8edb57a9621edff72
SHA256

1623650a9c842eb4d7172218d746a51bd04e9d9c47eef1ee70129dd010584c00
SHA512

d9255227c75500955aa9f633845612b828cd2d84c8797837ae3b548158e077402cc9b2f80cfca6b1090deb5781640ad765a214b07c7c18d40775ac39a5edcfbf
SSDEEP

3072:gYp/nBIvjB5B88gUPatXtwACz085VUaML+/48:gY/yF5G6AwAqb8K4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1623650a9c842eb4d7172218d746a51bd04e9d9c47eef1ee70129dd010584c00

Files

1623650a9c842eb4d7172218d746a51bd04e9d9c47eef1ee70129dd010584c00
.exe windows:5 windows x86 arch:x86

5c66f0a6e9e3a0b9049570e54febc5f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SearchPathW
SetThreadContext
DeleteTimerQueueEx
DebugActiveProcessStop
CreateProcessW
SetWaitableTimer
InterlockedDecrement
SetDefaultCommConfigW
GetEnvironmentStringsW
SetComputerNameW
GetTimeFormatA
GetProcessPriorityBoost
GetModuleHandleW
GetCurrentThread
GetVersionExW
GetConsoleAliasW
GetVolumePathNameA
GetStartupInfoW
GetStartupInfoA
SetLastError
GetProcAddress
GetLongPathNameA
GetAtomNameA
LoadLibraryA
UnhandledExceptionFilter
InterlockedExchangeAdd
LocalAlloc
MoveFileA
AddAtomA
FoldStringA
OpenFileMappingW
GetFileTime
FindAtomW
FindFirstVolumeW
GetModuleHandleA
GetCommandLineA
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetLastError
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
Sleep
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
SetStdHandle
InitializeCriticalSectionAndSpinCount
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA
CloseHandle
HeapSize
RaiseException

user32

GetProcessDefaultLayout

Sections

.text
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cozo
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jeseco
Size: 512B - Virtual size: 346B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c66f0a6e9e3a0b9049570e54febc5f4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 140KB - Virtual size: 140KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 6KB - Virtual size: 415KB

.cozo Size: 18KB - Virtual size: 20KB

.jeseco Size: 512B - Virtual size: 346B

.rsrc Size: 113KB - Virtual size: 112KB

.text
Size: 140KB - Virtual size: 140KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 6KB - Virtual size: 415KB

.cozo
Size: 18KB - Virtual size: 20KB

.jeseco
Size: 512B - Virtual size: 346B

.rsrc
Size: 113KB - Virtual size: 112KB