c987fb55599273ea6a9a1c213d9bcb431f32f4b645bdcc3c079f6f35005d00fa

Sharing

Copy URL

Twitter E-mail

General

Target

c987fb55599273ea6a9a1c213d9bcb431f32f4b645bdcc3c079f6f35005d00fa
Size

9.2MB
MD5

d5c582bc6b5df6a26042b51e4a1a49b4
SHA1

df14de77934e91fe8b2d88366eb9cffa92e16f63
SHA256

c987fb55599273ea6a9a1c213d9bcb431f32f4b645bdcc3c079f6f35005d00fa
SHA512

3b8027314d0b4bfdae8313101caeaf54d53b8ecf255e9cacdb5a48c31b7e9a71831dc547dac8b0772c05bb4902df2116a7fa1283d08c4c61daac05e46e246916
SSDEEP

196608:qQkV+lOBzFnXiMDa1x36Ir7yhs2VFMbEXE6psFkVX0+2qTV2tLUkran:q/+E3SMDWx36gV2VOEXEbFkG+2yV2W2E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c987fb55599273ea6a9a1c213d9bcb431f32f4b645bdcc3c079f6f35005d00fa

Files

c987fb55599273ea6a9a1c213d9bcb431f32f4b645bdcc3c079f6f35005d00fa
.exe windows:6 windows x64 arch:x64

db6c5f3ac547225c8f78e40b0581a073

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\win10\AppData\Local\Temp\Y\B3\debug\x64\debuger\B3.pdb

Imports

kernel32

GetVersionExW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

SetTimer

gdi32

GetObjectW

advapi32

RegOpenKeyExW

shell32

ShellExecuteW

ole32

CreateStreamOnHGlobal

oleaut32

SafeArrayGetUBound

comctl32

ImageList_AddMasked

ws2_32

WSACleanup

gdiplus

GdipCreateBitmapFromFile

Exports

Exports

?get_active_implementation@simdutf@@YAAEAV?$atomic_ptr@$$CBVimplementation@simdutf@@@internal@1@XZ
?get_available_implementations@simdutf@@YAAEBVavailable_implementation_list@internal@1@XZ

Sections

.text
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 800KB - Virtual size: 800KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ly2zwt0
Size: - Virtual size: 9.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ly2zwt1
Size: 8.4MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db6c5f3ac547225c8f78e40b0581a073

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

gdiplus

Exports

Exports

Sections

.text Size: - Virtual size: 1.6MB

.rdata Size: 800KB - Virtual size: 800KB

.data Size: - Virtual size: 29KB

.pdata Size: - Virtual size: 90KB

.ly2zwt0 Size: - Virtual size: 9.3MB

.ly2zwt1 Size: 8.4MB - Virtual size: 8.4MB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: - Virtual size: 1.6MB

.rdata
Size: 800KB - Virtual size: 800KB

.data
Size: - Virtual size: 29KB

.pdata
Size: - Virtual size: 90KB

.ly2zwt0
Size: - Virtual size: 9.3MB

.ly2zwt1
Size: 8.4MB - Virtual size: 8.4MB

.rsrc
Size: 4KB - Virtual size: 4KB