11f6a0abb4c7f875a3439bae8bb39e18[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

11f6a0abb4c7f875a3439bae8bb39e18.exe
Size

367KB
MD5

11f6a0abb4c7f875a3439bae8bb39e18
SHA1

6537bb2ffd744e2df4dd039f1eede158a07bb0a6
SHA256

bf966d13284110cce7566e9f85da40a376fc599abc0047f9ef3b34639b89513b
SHA512

5e84043796335211ffb59b74f5c58513d4e74208c0ae993ec468894ffa6447244a401e0d2030879ebe58c801a41c1c197cc36389054f9ce0b756048c2e05c03f
SSDEEP

6144:oXyTPC32u9ZDcFB4FJ88unK8KftjqM6raQ:kyTPCr9aT4FJYnkf5maQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
11f6a0abb4c7f875a3439bae8bb39e18.exe

Files

11f6a0abb4c7f875a3439bae8bb39e18.exe
.exe windows:5 windows x86 arch:x86

66524c7904499d9e38ce9716de34e804

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
HeapFree
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
HeapSize
EnterCriticalSection
HeapAlloc
HeapReAlloc
LCMapStringW
MultiByteToWideChar
GetStringTypeW
LeaveCriticalSection
LoadLibraryW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
InterlockedDecrement
GetLastError
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetModuleFileNameW
GetStdHandle
WriteFile
DecodePointer
ExitProcess
GetModuleHandleW
GetProcAddress
SetUnhandledExceptionFilter
HeapSetInformation
GetCommandLineA
IsProcessorFeaturePresent

pdh

PdhUpdateLogW
PdhOpenQueryA
PdhOpenLogA
PdhGetDllVersion
PdhLookupPerfNameByIndexA
PdhSelectDataSourceW
PdhParseInstanceNameW
PdhValidatePathA
PdhGetCounterInfoW
PdhSelectDataSourceA
PdhGetDefaultPerfObjectW
PdhEnumObjectsA
PdhGetRawCounterValue
PdhUpdateLogA
PdhEnumObjectsW
PdhParseInstanceNameA

avifil32

EditStreamSetInfoW
AVIFileInit
AVIStreamGetFrame
AVISaveW
AVIStreamInfoA
AVIBuildFilter
EditStreamSetName
AVIFileRelease
AVIStreamInfo
AVIFileGetStream
AVISaveV
AVIMakeStreamFromClipboard

msvfw32

ICCompressorFree
DrawDibGetBuffer
ICDrawBegin
ICDecompress
ICSendMessage
DrawDibChangePalette

avicap32

capCreateCaptureWindowA
videoThunk32
capGetDriverDescriptionA

mapi32

ord171
ord146
ord36
ord155
ord131
ord20
ord61
ord122
ord181
ord179
ord158
ord65
ord195
ord123
ord165
ord130
ord66
ord23
ord164
ord173

mscms

SetStandardColorSpaceProfileW
CheckBitmapBits
TranslateBitmapBits
UninstallColorProfileA
UnregisterCMMA
GetCMMInfo
DeleteColorTransform
UninstallColorProfileW
IsColorProfileValid
CreateColorTransformW
SetColorProfileElement
CreateProfileFromLogColorSpaceA
InstallColorProfileA
SelectCMM
CreateProfileFromLogColorSpaceW
DisassociateColorProfileFromDeviceW
GetPS2ColorSpaceArray
GetColorDirectoryW
GetStandardColorSpaceProfileA

rasapi32

RasGetAutodialAddressA
RasSetAutodialParamW
RasSetOldPassword
RasGetAutodialParamW
RasConnectionNotificationW
RasAutodialAddressToNetwork
RasRenameEntryA
RasGetEntryDialParamsA
RasGetErrorStringA
RasGetConnectStatusW
RasGetSubEntryPropertiesA
RasGetConnectStatusA
RasDialA
RasHangUpW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 297KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66524c7904499d9e38ce9716de34e804

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

pdh

avifil32

msvfw32

avicap32

mapi32

mscms

rasapi32

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 29KB - Virtual size: 32KB

.rsrc Size: 297KB - Virtual size: 296KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 29KB - Virtual size: 32KB

.rsrc
Size: 297KB - Virtual size: 296KB

.reloc
Size: 4KB - Virtual size: 3KB