6e3c57221f0f5cc8a466eb211d9c4cae84353fa8d2a175a59820ae2f319b039e

Sharing

Copy URL

Twitter E-mail

General

Target

6e3c57221f0f5cc8a466eb211d9c4cae84353fa8d2a175a59820ae2f319b039e
Size

132KB
MD5

30249dc05a93cba261c26d65f26fbcbe
SHA1

aa0b568840aac117e20c4b2f768e83184e0a896f
SHA256

6e3c57221f0f5cc8a466eb211d9c4cae84353fa8d2a175a59820ae2f319b039e
SHA512

db928b675a2bea08a2f0363f31787621e151560f3042e244fffd84b3f16a109713ec3aafefedb997a7f8c100342ecbc5536dbe07398ae66156d0b4030f8066fc
SSDEEP

3072:VrI1HHh+T0iwvfC8on4umJIvRWHsBB9mDj56u7h:VrQB+T0dvaT4pIvkH7N6u1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/tmp.exe

resource
unpack001/tmp.exe

Files

6e3c57221f0f5cc8a466eb211d9c4cae84353fa8d2a175a59820ae2f319b039e
.zip
shellcode.bin
tmp.exe
.exe windows:6 windows x64 arch:x64

9ad73d11a3062aa6ed33b7af1faf8889

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ReadFile
VirtualAlloc
CreateFileW
CloseHandle
GetFileSize
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW

vcruntime140

__current_exception_context
memset
__current_exception
__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
terminate
_cexit
_register_onexit_function
_exit
_c_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_initialize_onexit_table
_set_app_type
_seh_filter_exe
exit
__p___argv
__p___argc
_register_thread_local_exe_atexit_callback

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ad73d11a3062aa6ed33b7af1faf8889

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 384B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 44B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 384B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 44B