75216960408add421ac158de6f619dbb5bbb55d91346b87b569fc9e197ee6ba9[.]exe

Resubmissions

13/05/2023, 11:10

230513-m9s8naad3t 3

13/05/2023, 11:09

230513-m9k72sga87 3

Sharing

Copy URL Twitter E-mail

General

Target

75216960408add421ac158de6f619dbb5bbb55d91346b87b569fc9e197ee6ba9.exe
Size

110KB
MD5

fb680a8c9c2dc964366494c25131e445
SHA1

13275e5bedf23f9284753662e7cee371ad3ca090
SHA256

75216960408add421ac158de6f619dbb5bbb55d91346b87b569fc9e197ee6ba9
SHA512

4e0032e08d01d5424e8dab2887612ad26c6bf17ac559bdfd5f405418abdbda0983aef18e0a74f32b287b805499e65c30d5cd8818f9fb3f5cc6b107d8fdccd3c2
SSDEEP

1536:aV4aLxvCy9nFI8EuD6O9+CIWFyKy/awv2I8zEc+n1g5sWjcdnKbltdY/S7HVH:5y3bJ+Crn48cpnKRtdY65H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
75216960408add421ac158de6f619dbb5bbb55d91346b87b569fc9e197ee6ba9.exe

Files

75216960408add421ac158de6f619dbb5bbb55d91346b87b569fc9e197ee6ba9.exe
.exe windows

Password: infected

b62822ee3c186ba00a459602c16cff0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
SetFilePointerEx
HeapFree
GetProcessHeap
WriteFile
WideCharToMultiByte
ReadFile
CreateFileW
GetFileSizeEx
GetLastError
ExitProcess
GetEnvironmentVariableW
GetTempFileNameW
FindFirstFileW
SetFilePointer
FreeResource
lstrcpynA
FindResourceW
LoadResource
CreateProcessW
MoveFileExW
GetLogicalDrives
lstrcpyA
GetDriveTypeA
CopyFileW
SizeofResource
HeapDestroy
GetFileAttributesW
GetModuleFileNameW
MultiByteToWideChar
GetStdHandle
lstrcmpiA
FindClose
LocalAlloc
LockResource
lstrcmpiW
lstrcatW
FindNextFileW
CompareStringA
LocalFree
SetFileAttributesW
lstrcpyW
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
lstrlenW
lstrcatA
CreateProcessA
HeapCreate
SetThreadExecutionState
HeapAlloc
FlushFileBuffers
LCMapStringW
GetCommandLineA
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
DecodePointer
SetLastError
GetCurrentThreadId
GetModuleHandleExW
GetProcAddress
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LoadLibraryExW
RtlUnwind
OutputDebugStringW
SetStdHandle
WriteConsoleW
GetStringTypeW
HeapReAlloc
HeapSize

user32

wsprintfA

advapi32

RegCloseKey
GetCurrentHwProfileW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegSetValueExW

ole32

StringFromGUID2
CoCreateGuid

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
StrStrA

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

b62822ee3c186ba00a459602c16cff0e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shlwapi

Sections

.text Size: 72KB - Virtual size: 72KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 6KB - Virtual size: 42KB

.rsrc Size: 7KB - Virtual size: 7KB

.text
Size: 72KB - Virtual size: 72KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 6KB - Virtual size: 42KB

.rsrc
Size: 7KB - Virtual size: 7KB