n6sBgO[.]z5H | Triage

Sharing

Copy URL Twitter E-mail

General

Target

n6sBgO.z5H
Size

1.5MB
MD5

8c694ceed0638b9441a735d7acbf3ca6
SHA1

5307cfe84f67ea904577c9c609ec18c6acf6ac5d
SHA256

34aedcaa4d037b17cb31e3d38482ccc1630e846487be0557a9bcceaeabb707b8
SHA512

144d2a409748cbc6ec4348684db4eafffa7d940cdd0b9f4ed2f4903e2d0e8cd3c4cf0c26e1fe8fc76b9fa765c01bf5c3df2f4860197fcb6f383b18b12388eef0
SSDEEP

24576:SE1NibM+GvRUU3f9sV5xF3MHoSOj4QA8A3sEKWSVHje19dYna6fVbuRP:SE1NibMFf9sH8IS+88A8ERSVDe19dYa1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
n6sBgO.z5H

Files

n6sBgO.z5H
.dll windows x86

8ccfba2d9482e98685031f04e6c60218

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

clusapi

ClusterResourceControl

kernel32

GetBinaryTypeA
IsDBCSLeadByte
HeapAlloc
UnregisterWait
GetSystemTimeAsFileTime
PurgeComm
GetUserDefaultLCID
ExpandEnvironmentStringsA
GetModuleHandleA
GetModuleFileNameA
HeapUnlock

ole32

DoDragDrop
CoUnmarshalHresult
HBITMAP_UserFree
OleConvertIStorageToOLESTREAM

advapi32

OpenThreadToken
CryptImportKey
SetSecurityDescriptorOwner
QueryServiceStatus
CryptHashSessionKey
GetOldestEventLogRecord
GetPrivateObjectSecurity

opengl32

glMap2f

shlwapi

StrCatChainW

rpcrt4

RpcRaiseException
I_RpcNsInterfaceUnexported
I_RpcGetExtendedError

gdi32

GetBitmapDimensionEx
GetBkMode
AddFontResourceExA
SelectClipRgn
GetCurrentObject

comdlg32

ReplaceTextA

oleaut32

LHashValOfNameSysA

user32

GetRawInputData
IntersectRect
GetTabbedTextExtentA
MapDialogRect
SetRect

msvcrt

isupper

wintrust

CryptCATClose
CryptCATAdminCalcHashFromFileHandle

crypt32

CryptMsgVerifyCountersignatureEncodedEx

shell32

SHGetUnreadMailCountW
FindExecutableA
SHAddToRecentDocs

Exports

Exports

TponfKheem

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

U
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt0
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DR6lla
Size: 768KB - Virtual size: 765KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 200KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

cfK7iNMI
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ccfba2d9482e98685031f04e6c60218

Headers

File Characteristics

Imports

clusapi

kernel32

ole32

advapi32

opengl32

shlwapi

rpcrt4

gdi32

comdlg32

oleaut32

user32

msvcrt

wintrust

crypt32

shell32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 101KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 96KB - Virtual size: 96KB

CODE Size: 24KB - Virtual size: 23KB

U Size: 32KB - Virtual size: 28KB

.crt0 Size: 56KB - Virtual size: 52KB

DR6lla Size: 768KB - Virtual size: 765KB

.CRT Size: 200KB - Virtual size: 196KB

cfK7iNMI Size: 208KB - Virtual size: 205KB

.rsrc Size: 4KB - Virtual size: 840B

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 104KB - Virtual size: 101KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 96KB - Virtual size: 96KB

CODE
Size: 24KB - Virtual size: 23KB

U
Size: 32KB - Virtual size: 28KB

.crt0
Size: 56KB - Virtual size: 52KB

DR6lla
Size: 768KB - Virtual size: 765KB

.CRT
Size: 200KB - Virtual size: 196KB

cfK7iNMI
Size: 208KB - Virtual size: 205KB

.rsrc
Size: 4KB - Virtual size: 840B

.reloc
Size: 36KB - Virtual size: 35KB