k5541387[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

k5541387.exe
Size

29KB
MD5

b9bd68b43bcaa0fac39ff1e086b6fd69
SHA1

fee18b0bd5c9451ab708a5847cc56d7fd1100386
SHA256

0720d3d030690256ec53f8f94de3d6bf8f793b75bef7aee02976d49117b3268d
SHA512

342812187d61e36d40668ae9dbd5540464aec753531fa6229df1c7f62ecc4049b15a723d5974c42f33e86c628c206884c0404b0f1ffabe21ece7a9949203fbb4
SSDEEP

384:eCli1f2vdVdViTxC06n9RllSNnNgwFI7JWWarW:eCi1+vTdIc0YPeNnNgQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
k5541387.exe

Files

k5541387.exe
.exe windows x64

207f3d1f113deb58d9e4c6aca8e0fa3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

kernel32

Sleep
HeapSetInformation
LocalFree
GetFileType
WideCharToMultiByte
GetLastError
FormatMessageW
SetThreadUILanguage
GetEnvironmentVariableW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalAlloc
GetConsoleMode

msvcrt

_fileno
_write
_setmode
vswprintf_s
_wcsicmp
memset
_get_osfhandle
__iob_func
fgetpos
wcschr
fwprintf
fflush
memmove
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
iswprint
_wtoi
_vsnwprintf
exit
_vscwprintf

ntdll

RtlVirtualUnwind
RtlCaptureContext
NtWaitForSingleObject
NtCreateFile
RtlUpcaseUnicodeStringToOemString
RtlIpv4StringToAddressW
RtlLookupFunctionEntry
NtDeviceIoControlFile
RtlInitUnicodeString
RtlIpv4AddressToStringW
RtlGUIDFromString
NtClose

ws2_32

ntohl

user32

OemToCharBuffW

mswsock

GetSocketErrorMessageW

iphlpapi

NhGetInterfaceNameFromDeviceGuid

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

207f3d1f113deb58d9e4c6aca8e0fa3f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

ws2_32

user32

mswsock

iphlpapi

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 86KB

.pdata Size: 512B - Virtual size: 492B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 32B

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 86KB

.pdata
Size: 512B - Virtual size: 492B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 32B