7qsVS6rLNe[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

7qsVS6rLNe.exe
Size

69KB
MD5

ce01a5cf8bfd40a722438b45ab3d489f
SHA1

792e3780b5c2aa06ad22e3368129cf03272660b6
SHA256

5d0d77ecfb0995e3dd951df43a729d0f5067273d886520b71dc8882ccbb5f5f5
SHA512

19d38b176e54caedd6a92a16693dc67535b92426ba61e57d6c80cf1a71af6a183853cf3b1bff5857090be4768b4a6b5cd7426549fe2e8b3a04ec3a6737a4569f
SSDEEP

1536:R55XZx9Baf7xs3wEj7QiScgBqApOquKfB:RjpnBaf1s3xwiScPCOquKfB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7qsVS6rLNe.exe

Files

7qsVS6rLNe.exe
.exe windows:5 windows x86

0d29589947d9f384fafa431c209b880a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDiskFreeSpaceExA
lstrcpynA
GetWindowsDirectoryA
GetVersionExA
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CompareStringW
HeapSize
CreateFileW
GetStringTypeW
LCMapStringW
CreateProcessA
CloseHandle
WaitForSingleObject
GetExitCodeProcess
LoadLibraryW
HeapReAlloc
RtlUnwind
SetStdHandle
MultiByteToWideChar
GetLastError
HeapFree
EnterCriticalSection
LeaveCriticalSection
HeapSetInformation
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
HeapCreate
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetCurrentThreadId
InterlockedDecrement
IsProcessorFeaturePresent
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
Sleep
ExitProcess
GetFileAttributesA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WriteConsoleW
SetEnvironmentVariableA

ws2_32

ioctlsocket
socket
connect
closesocket
select
__WSAFDIsSet
WSACleanup
ntohs
getservbyport
gethostbyaddr
gethostbyname
WSAGetLastError
inet_addr
htons
getservbyname
htonl
inet_ntoa
WSASetLastError
WSAStartup
WSAStringToAddressA

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d29589947d9f384fafa431c209b880a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

Sections

.text Size: 49KB - Virtual size: 48KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 3KB - Virtual size: 11KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 49KB - Virtual size: 48KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 11KB

.reloc
Size: 4KB - Virtual size: 3KB