5b42bd77d0eca5a5a1a538912155f2d4bb1dd2c75f554e6f00cc97b5c40fc8f0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

5b42bd77d0eca5a5a1a538912155f2d4bb1dd2c75f554e6f00cc97b5c40fc8f0.exe
Size

2.3MB
MD5

a8f528e4c1e5612e1f7479e7f9d41ddd
SHA1

cb79145f907895663b99700b1a82286f4deab611
SHA256

5b42bd77d0eca5a5a1a538912155f2d4bb1dd2c75f554e6f00cc97b5c40fc8f0
SHA512

77d55cc2cf15068d205a0dc0b045514f98b0ba773f798ff7c0956272370be15e16b05b7ece6128cfeb47e861c881022f7e1849063c54b2411df90ba45492d625
SSDEEP

49152:0ok178qhJxEKVnqjYmgn359sqRH9F6ZtL2jRpYh:ixfaogyf6g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b42bd77d0eca5a5a1a538912155f2d4bb1dd2c75f554e6f00cc97b5c40fc8f0.exe

Files

5b42bd77d0eca5a5a1a538912155f2d4bb1dd2c75f554e6f00cc97b5c40fc8f0.exe
.exe windows x64

f0e40a0c664d4bd7ec32db0031a0a05e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

getaddrinfo
freeaddrinfo
htonl
accept
select
__WSAFDIsSet
WSACleanup
recvfrom
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
sendto
ioctlsocket
gethostname
WSAStartup
listen
send

wldap32

ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord217
ord143
ord35
ord301
ord200
ord30
ord79

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

normaliz

IdnToAscii

kernel32

WriteFile
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
LoadLibraryExW
TlsFree
GetCommandLineA
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
GetCommandLineW
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
TlsSetValue
FlushFileBuffers
IsDebuggerPresent
HeapReAlloc
TerminateProcess
CreateDirectoryW
SizeofResource
WriteProcessMemory
GetCurrentProcess
GetModuleFileNameW
OpenProcess
CreateToolhelp32Snapshot
FormatMessageW
GetLastError
Process32NextW
DeleteFileW
Process32FirstW
CloseHandle
GetNativeSystemInfo
LoadResource
FindResourceW
GetProcAddress
VirtualAllocEx
LocalFree
ExitProcess
CreateProcessW
GetModuleHandleW
CreateRemoteThread
FormatMessageA
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
LoadLibraryA
QueryPerformanceCounter
GetTickCount
Sleep
MultiByteToWideChar
WideCharToMultiByte
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
SetUnhandledExceptionFilter
SetStdHandle
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
RtlUnwind
HeapSize
WriteConsoleW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
GetCurrentDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetEndOfFile
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
GetCurrentThreadId
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlCaptureContext

advapi32

CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation

oleaut32

SysAllocString
SysFreeString
VariantClear

Sections

.text
Size: 607KB - Virtual size: 606KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0e40a0c664d4bd7ec32db0031a0a05e

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

crypt32

normaliz

kernel32

advapi32

oleaut32

Sections

.text Size: 607KB - Virtual size: 606KB

.rdata Size: 165KB - Virtual size: 165KB

.data Size: 5KB - Virtual size: 12KB

.pdata Size: 27KB - Virtual size: 27KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 607KB - Virtual size: 606KB

.rdata
Size: 165KB - Virtual size: 165KB

.data
Size: 5KB - Virtual size: 12KB

.pdata
Size: 27KB - Virtual size: 27KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 4KB - Virtual size: 3KB