Malicious_f66a30f2040a84311c48a2784dcea2ac02b17ae6f4ac7c847cf8c06d2f36a957[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Malicious_f66a30f2040a84311c48a2784dcea2ac02b17ae6f4ac7c847cf8c06d2f36a957.exe
Size

109KB
MD5

d362c311772d500c5bbb0d74d69a1d96
SHA1

707bace8976da663faef606fb919982d745a1fc1
SHA256

f66a30f2040a84311c48a2784dcea2ac02b17ae6f4ac7c847cf8c06d2f36a957
SHA512

3db0158c28323652cfda0aa61fb62aabebbac57ab9439f661289bcd75a012c0273d0e85d5ff410b6e2eef90c8b01a69373defefc48b30c280ff1fa9bfc44f1bb
SSDEEP

1536:7dNOeK6ymFB71+kcakSCkQtAHUmJHUJhO1JyT0QdYO+oZvqvWfKqugA0GQOpQREs:zv4OsakSJQtAHbHUJhoydhqOe7puEs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Malicious_f66a30f2040a84311c48a2784dcea2ac02b17ae6f4ac7c847cf8c06d2f36a957.exe

Files

Malicious_f66a30f2040a84311c48a2784dcea2ac02b17ae6f4ac7c847cf8c06d2f36a957.exe
.exe windows x64

9264c5225a55a573d0b129a22c6b1700

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

cygmandb-2-7-6-1

compare_ids
database
dbdelete
dblookup_all
dblookup_pattern
dbprintf
dbver_rd
free_mandata_struct
man_gdbm_close
man_gdbm_open_wrapper

cygwin1

__assert_func
__cxa_atexit
__errno
__getreent
__locale_ctype_ptr
__main
_dll_crt0
_impure_ptr
abort
access
atoi
bsearch
calloc
canonicalize_file_name
chdir
chmod
close
closedir
cygwin_detach_dll
cygwin_internal
dll_dllcrt0
dup
error
exit
fclose
fcntl
fflush
fopen
fprintf
fputs
free
fwrite
getc
getenv
getline
isatty
localtime
lstat
malloc
memcpy
mkstemp
open
opendir
posix_memalign
printf
putchar
puts
qsort
readdir
realloc
rename
setenv
sscanf
stat
stpcpy
strcasecmp
strcasestr
strchr
strcmp
strcpy
strcspn
strlen
strncasecmp
strncat
strncmp
strncpy
strrchr
strsep
strstr
strtok
tcgetattr
tcsetattr
time
umask
unlink

cygiconv-2

libiconv
libiconv_close
libiconv_open

cygintl-8

_nl_msg_cat_cntr
libintl_gettext
libintl_setlocale

cygpipeline-1

pipecmd_arg
pipecmd_argf
pipecmd_args
pipecmd_argstr
pipecmd_argv
pipecmd_chdir
pipecmd_discard_err
pipecmd_fchdir
pipecmd_free
pipecmd_new
pipecmd_new_args
pipecmd_new_argstr
pipecmd_new_function
pipecmd_new_passthrough
pipecmd_new_sequence
pipecmd_nice
pipecmd_sequence_command
pipecmd_setenv
pipeline_command
pipeline_command_args
pipeline_command_argstr
pipeline_connect
pipeline_dump
pipeline_free
pipeline_get_command
pipeline_get_ncommands
pipeline_ignore_signals
pipeline_install_post_fork
pipeline_new
pipeline_new_command_args
pipeline_new_commands
pipeline_peek
pipeline_peek_skip
pipeline_peekline
pipeline_pump
pipeline_read
pipeline_readline
pipeline_run
pipeline_set_command
pipeline_start
pipeline_tostring
pipeline_wait
pipeline_want_out

kernel32

GetModuleHandleA
GetModuleHandleW
GetProcAddress

cygman-2-7-6-1

appendstr
argp_error
argp_parse
argp_state_help
base_name
check_preprocessor_encoding
comp_list
create_tempdir
debug
debug_error
debug_level
decompress_fdopen
decompress_open
dir_name
directory_on_path
do_system_drop_privs
drop_effective_privs
escape_shell
find_charset_locale
free_cwd
get_canonical_charset_name
get_default_device
get_groff_preconv
get_jless_charset
get_less_charset
get_line_length
get_locale_charset
get_output_encoding
get_page_encoding
get_roff_encoding
get_source_encoding
gnu_fnmatch
hashtable_create
hashtable_free
hashtable_install
hashtable_lookup
hashtable_remove
init_debug
init_locale
is_changed
is_directory
is_roff_device
lang_dir
order_files
pop_all_cleanups
pop_cleanup
push_cleanup
regain_effective_privs
remove_directory
restore_cwd
rpl_glob
rpl_globfree
rpl_regexec
rpl_regfree
save_cwd
utimens
xalloc_die
xasprintf
xgetcwd
xmalloc
xrealloc
xregcomp
xstrdup
xstrndup
xzalloc

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9264c5225a55a573d0b129a22c6b1700

Headers

DLL Characteristics

File Characteristics

Imports

cygmandb-2-7-6-1

cygwin1

cygiconv-2

cygintl-8

cygpipeline-1

kernel32

cygman-2-7-6-1

Sections

.text Size: 57KB - Virtual size: 56KB

.data Size: 3KB - Virtual size: 2KB

.rdata Size: 15KB - Virtual size: 14KB

.buildid Size: 512B - Virtual size: 53B

.pdata Size: 2KB - Virtual size: 1KB

.xdata Size: 2KB - Virtual size: 1KB

.bss Size: - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

/4 Size: 512B - Virtual size: 16B

.text
Size: 57KB - Virtual size: 56KB

.data
Size: 3KB - Virtual size: 2KB

.rdata
Size: 15KB - Virtual size: 14KB

.buildid
Size: 512B - Virtual size: 53B

.pdata
Size: 2KB - Virtual size: 1KB

.xdata
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

/4
Size: 512B - Virtual size: 16B