tbsyz69j[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

tbsyz69j.exe
Size

298.8MB
MD5

45129296da4a2de1312c63672fbf3ebc
SHA1

7755eb004eb8e467ab81b3291dac56207e751091
SHA256

fddcffb7e41104664decce741bc1aa54b33dfe1f5dbfdb1627f24564bf38c928
SHA512

0ed225e87b4d94a71808f283035a889f1eb982e1b150f33207d3e9b31c28efc32af3074de5a36fdf84907d96d624ae3f21d4854df8d743f5c8a747c529871c69
SSDEEP

6291456:yMmflNuCaMBJV67Z4Mr2e96piS0QQKpvl2cwkRaHn/Hq2q0cpp1Zyrx6z9zjxHPX:XmflNlveIIS0SlHwHhSpp1Ze6zrHJUu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
tbsyz69j.exe

Files

tbsyz69j.exe
.exe windows:5 windows x86 arch:x86

Password: thanks

5938595bb66985e0cf2a424ed703fa0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cureit_starter.pdb

Imports

kernel32

CreateFileW
CloseHandle
DeviceIoControl
QueryPerformanceCounter
GetProcAddress
GetModuleHandleW
UnmapViewOfFile
RemoveDirectoryW
GetTickCount
GetUserDefaultLangID
CreateProcessW
LoadLibraryW
GetExitCodeProcess
WaitForSingleObject
MapViewOfFile
CreateFileMappingW
GetFileSizeEx
GetPrivateProfileStringW
GetLastError
TerminateProcess
Sleep
GetCurrentProcess
GetFileType
SetFilePointer
ReadFile
SystemTimeToFileTime
GetCurrentDirectoryA
DosDateTimeToFileTime
WriteFile
HeapAlloc
GetProcessHeap
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetWindowsDirectoryW
GetTempPathW
GetModuleFileNameW
FindFirstFileW
FindClose
FindNextFileW
GetFileAttributesW
CreateDirectoryW
FlushFileBuffers
SetFilePointerEx
SetFileAttributesW
DeleteFileW
MoveFileExW
GetVersionExW
GetNativeSystemInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
CreateEventW
LoadLibraryExA
VirtualQuery
VirtualProtect
SetLastError
CreateFileMappingA
GetFileSize
InterlockedCompareExchange
RtlUnwind
RaiseException
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetACP
GetStringTypeW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
HeapSize
HeapReAlloc
GetConsoleCP
GetConsoleMode
DecodePointer
WriteConsoleW
GetSystemInfo

ntdll

RtlDowncaseUnicodeString
NtLoadDriver
RtlAdjustPrivilege
RtlInitUnicodeString
NtQuerySystemInformation

Sections

.text
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 291KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: thanks

5938595bb66985e0cf2a424ed703fa0b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ntdll

Sections

.text Size: 251KB - Virtual size: 250KB

.rdata Size: 50KB - Virtual size: 50KB

.data Size: 17KB - Virtual size: 20KB

.rsrc Size: 291KB - Virtual size: 290KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 251KB - Virtual size: 250KB

.rdata
Size: 50KB - Virtual size: 50KB

.data
Size: 17KB - Virtual size: 20KB

.rsrc
Size: 291KB - Virtual size: 290KB

.reloc
Size: 9KB - Virtual size: 9KB