2e4a2d6c627c752ab8abf20dba2d47b0_console[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2e4a2d6c627c752ab8abf20dba2d47b0_console.exe
Size

986KB
MD5

2e4a2d6c627c752ab8abf20dba2d47b0
SHA1

3e548241a35f05536df08be4878797a0d7b055e4
SHA256

7dede5912ab59b4c01d94b8a01ee7d375d0231354b31117ee71ae46abd7cb20b
SHA512

229444ef8a47862cc19da95801607cb1bd863909f240e716393dd199b01ad652d209f6a036437556173ce8d9c7a6f71a9157bea56d7b6d5b4ebf1dbec3679174
SSDEEP

12288:pleYjD29ET8vau2OVpmhxV9VV/K1GDD+vo0YET:veYjD2le59xKo0YET

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e4a2d6c627c752ab8abf20dba2d47b0_console.exe

Files

2e4a2d6c627c752ab8abf20dba2d47b0_console.exe
.exe windows:4 windows x64

e0aeb2b36c89ab7ffd6f666450f8996c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptDestroyKey
CryptExportKey
CryptGenKey
CryptGetKeyParam
CryptHashData
CryptImportKey
CryptReleaseContext
CryptSignHashA
RegCloseKey
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyA
RegDeleteKeyW
RegOpenKeyA
RegOpenKeyW
RegQueryValueExA
RegQueryValueExW
RegSetValueExA

crypt32

CertAddCRLContextToStore
CertAddCertificateContextToStore
CertAddCertificateLinkToStore
CertAddEncodedCRLToStore
CertAddEncodedCTLToStore
CertAddEncodedCertificateToStore
CertAddEnhancedKeyUsageIdentifier
CertAddSerializedElementToStore
CertAlgIdToOID
CertCloseStore
CertCompareCertificate
CertCompareCertificateName
CertCompareIntegerBlob
CertComparePublicKeyInfo
CertCreateCRLContext
CertCreateCTLContext
CertCreateCertificateContext
CertDeleteCertificateFromStore
CertDuplicateCRLContext
CertDuplicateCTLContext
CertDuplicateCertificateContext
CertDuplicateStore
CertEnumCRLContextProperties
CertEnumCTLContextProperties
CertEnumCTLsInStore
CertEnumCertificateContextProperties
CertEnumCertificatesInStore
CertFindAttribute
CertFindCertificateInStore
CertFindExtension
CertFindRDNAttr
CertFreeCRLContext
CertFreeCTLContext
CertFreeCertificateContext
CertGetCRLContextProperty
CertGetCRLFromStore
CertGetCTLContextProperty
CertGetCertificateChain
CertGetCertificateContextProperty
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertGetIssuerCertificateFromStore
CertGetPublicKeyLength
CertGetSubjectCertificateFromStore
CertIsRDNAttrsInCertificateName
CertNameToStrA
CertOIDToAlgId
CertOpenStore
CertOpenSystemStoreA
CertOpenSystemStoreW
CertRemoveEnhancedKeyUsageIdentifier
CertSaveStore
CertSerializeCertificateStoreElement
CertSetCRLContextProperty
CertSetCertificateContextProperty
CertSetEnhancedKeyUsage
CertVerifyCRLRevocation
CertVerifyRevocation
CertVerifySubjectCertificateContext
CertVerifyTimeValidity
CryptEncryptMessage
CryptExportPublicKeyInfoEx
CryptFindOIDInfo
CryptFreeOIDFunctionAddress
CryptGetDefaultOIDDllList
CryptGetDefaultOIDFunctionAddress
CryptGetMessageSignerCount
CryptGetOIDFunctionAddress
CryptHashCertificate
CryptHashMessage
CryptHashPublicKeyInfo
CryptHashToBeSigned
CryptImportPublicKeyInfo
CryptImportPublicKeyInfoEx
CryptInitOIDFunctionSet
CryptInstallOIDFunctionAddress
CryptMemAlloc
CryptMemFree
CryptMemRealloc
CryptMsgClose
CryptMsgControl
CryptMsgGetAndVerifySigner
CryptMsgGetParam
CryptMsgOpenToDecode
CryptMsgOpenToEncode
CryptMsgUpdate
CryptRegisterDefaultOIDFunction
CryptRegisterOIDFunction
CryptSIPAddProvider
CryptSIPLoad
CryptSIPRemoveProvider
CryptSIPRetrieveSubjectGuid
CryptSignAndEncodeCertificate
CryptSignCertificate
CryptSignMessage
CryptUnregisterDefaultOIDFunction
CryptUnregisterOIDFunction
CryptVerifyCertificateSignature
CryptVerifyDetachedMessageHash
CryptVerifyDetachedMessageSignature
CryptVerifyMessageHash
CryptVerifyMessageSignature

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
ExitProcess
FileTimeToSystemTime
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetExitCodeProcess
GetFileSize
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetSystemTime
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempFileNameW
GetTempPathA
GetTickCount
HeapAlloc
HeapFree
LoadLibraryA
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetErrorMode
SetLastError
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WaitForSingleObject
WriteFile
lstrcmpA
lstrcmpW
lstrcmpiA
lstrcmpiW

msvcrt

_strdup
__dllonexit
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_lock
_onexit
_unlock
abort
atoi
exit
fflush
fprintf
free
fwrite
malloc
memcmp
memcpy
rand
setvbuf
signal
sprintf
strcat
strcmp
strcpy
strlen
strncmp
strrchr
vfprintf

Sections

.text
Size: 334KB - Virtual size: 333KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_DISCARDABLE

/19
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_MEM_DISCARDABLE

/35
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_MEM_DISCARDABLE

/47
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_MEM_DISCARDABLE

/61
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_MEM_DISCARDABLE

/73
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_MEM_DISCARDABLE

/84
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_MEM_DISCARDABLE

/95
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_MEM_DISCARDABLE

Sharing

General

Malware Config

Signatures

Files

e0aeb2b36c89ab7ffd6f666450f8996c

Headers

File Characteristics

Imports

advapi32

crypt32

kernel32

msvcrt

Sections

.text Size: 334KB - Virtual size: 333KB

.data Size: 29KB - Virtual size: 28KB

.rdata Size: 149KB - Virtual size: 148KB

.bss Size: - Virtual size: 4KB

.idata Size: 9KB - Virtual size: 8KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 8B

/4 Size: 1KB - Virtual size: 1KB

/19 Size: 3KB - Virtual size: 2KB

/35 Size: 169KB - Virtual size: 169KB

/47 Size: 14KB - Virtual size: 13KB

/61 Size: 42KB - Virtual size: 42KB

/73 Size: 3KB - Virtual size: 2KB

/84 Size: 109KB - Virtual size: 109KB

/95 Size: 13KB - Virtual size: 13KB

.text
Size: 334KB - Virtual size: 333KB

.data
Size: 29KB - Virtual size: 28KB

.rdata
Size: 149KB - Virtual size: 148KB

.bss
Size: - Virtual size: 4KB

.idata
Size: 9KB - Virtual size: 8KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 8B

/4
Size: 1KB - Virtual size: 1KB

/19
Size: 3KB - Virtual size: 2KB

/35
Size: 169KB - Virtual size: 169KB

/47
Size: 14KB - Virtual size: 13KB

/61
Size: 42KB - Virtual size: 42KB

/73
Size: 3KB - Virtual size: 2KB

/84
Size: 109KB - Virtual size: 109KB

/95
Size: 13KB - Virtual size: 13KB