Newlogforshell18_browsingExe[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Newlogforshell18_browsingExe.exe
Size

701KB
MD5

26cff833eed7465c4c74580031baf735
SHA1

ae62ddb1deeeda07535e10d90f9d87307b0e11ff
SHA256

ef25f37fb988e1e041e5dbbd6f30aac3918e540fc253964b054fc1ec6e45b6a2
SHA512

8b8f740a945f9728cd077a24a4054d86224ea4c034c80a3377743eaedaa42ce68c8ec690b0be2d58731e729836105858d715897e1e63b509c94157a03a712b73
SSDEEP

12288:/5KggX3QpKzfFmOMExypt/BlM/947f07hfd2wNUO28ux5b:BKHX3eKHc/O4707hfd9NUO2rxp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Newlogforshell18_browsingExe.exe

Files

Newlogforshell18_browsingExe.exe
.exe windows x64

4f2b9ad89041fedc43298c09c8e7b948

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaEnumerateLogonSessions

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

FileTimeToSystemTime
LoadLibraryW
GetSystemDirectoryW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetFileType
GetModuleFileNameW
LocalAlloc
LocalFree
GetStdHandle
FileTimeToLocalFileTime
LCMapStringW
GetStringTypeW
WriteConsoleW
DeviceIoControl
OpenProcess
CreateFileW
FindResourceW
GetModuleHandleW
SizeofResource
CloseHandle
SetLastError
LoadResource
GetLastError
GetCurrentProcess
GetProcAddress
LockResource
OutputDebugStringW
ReadConsoleW
HeapSize
SetEndOfFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCommandLineW
HeapAlloc
GetSystemTimeAsFileTime
SetFilePointerEx
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryExW
HeapFree
TlsFree
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
RtlLookupFunctionEntry
RtlUnwindEx
SetStdHandle
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
IsDebuggerPresent
IsProcessorFeaturePresent
WriteFile
GetConsoleCP
RtlPcToFileHeader
RaiseException
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThreadId
GetProcessHeap
DeleteCriticalSection
GetStartupInfoW
FlushFileBuffers
ReadFile
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue

user32

SetCursor
SetWindowTextW
GetSysColorBrush
EndDialog
DialogBoxIndirectParamW
SendMessageW
InflateRect
LoadCursorW
GetDlgItem

gdi32

StartPage
EndDoc
StartDocW
SetMapMode
GetDeviceCaps
EndPage

comdlg32

PrintDlgW

advapi32

RegOpenKeyExW
RegOpenKeyW
ConvertSidToStringSidW
GetTokenInformation
RegSetValueExW
RegDeleteKeyW
RegCreateKeyW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegQueryValueExW

oleaut32

VariantChangeType
VariantClear
VariantInit
SystemTimeToVariantTime
SysAllocStringByteLen
SysStringLen
SysAllocString
SysFreeString

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 535KB - Virtual size: 535KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f2b9ad89041fedc43298c09c8e7b948

Headers

DLL Characteristics

File Characteristics

Imports

secur32

version

kernel32

user32

gdi32

comdlg32

advapi32

oleaut32

Sections

.text Size: 87KB - Virtual size: 86KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 535KB - Virtual size: 535KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 87KB - Virtual size: 86KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 535KB - Virtual size: 535KB

.reloc
Size: 2KB - Virtual size: 1KB