UwCblnRJV63h0Kp[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

UwCblnRJV63h0Kp.exe
Size

14.9MB
MD5

ce71928db61d491ac5fe0154edd18b8f
SHA1

3e863e58a2716cec1ffcbdb1712a69fb1fefcee9
SHA256

e8b5428822fb9273c8e0958dec2b17b1118c375866fe0a95fab672a3802757b3
SHA512

3125fbbd9e47ef821584651c7d903c66c7d8af9dcf4494ecfa943aad5800e926a12c9137658ed489d0cd43b79a7a5f5eedb672ed2542f2b8f29cf2b44418fa86
SSDEEP

196608:SL66ktDc0fkBVQmBhQF9ox9Ga8kiIEcuHwvSvQehi84ogIa/73bCp8kMdqrPP0hX:J9YBB5CF9c9dREwvSvT/4oRU7HdakB0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
UwCblnRJV63h0Kp.exe

Files

UwCblnRJV63h0Kp.exe
.exe windows:6 windows x64 arch:x64

8c09abbd2a436f4bfa5fbae0e14b9a98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

select

wldap32

ord60

crypt32

CryptQueryObject

advapi32

CryptEnumProvidersW

kernel32

FreeLibraryAndExitThread
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

FindWindowA

shell32

ShellExecuteA

userenv

UnloadUserProfile

rpcrt4

RpcStringFreeA

bcrypt

BCryptGenRandom

Sections

.text
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 784KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.6,f
Size: - Virtual size: 8.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.XSQ
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lq]
Size: 14.9MB - Virtual size: 14.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c09abbd2a436f4bfa5fbae0e14b9a98

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

crypt32

advapi32

kernel32

user32

shell32

userenv

rpcrt4

bcrypt

Sections

.text Size: - Virtual size: 2.4MB

.rdata Size: - Virtual size: 784KB

.data Size: - Virtual size: 64KB

.pdata Size: - Virtual size: 99KB

_RDATA Size: - Virtual size: 500B

.6,f Size: - Virtual size: 8.1MB

.XSQ Size: 4KB - Virtual size: 3KB

.lq] Size: 14.9MB - Virtual size: 14.9MB

.reloc Size: 512B - Virtual size: 272B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 2.4MB

.rdata
Size: - Virtual size: 784KB

.data
Size: - Virtual size: 64KB

.pdata
Size: - Virtual size: 99KB

_RDATA
Size: - Virtual size: 500B

.6,f
Size: - Virtual size: 8.1MB

.XSQ
Size: 4KB - Virtual size: 3KB

.lq]
Size: 14.9MB - Virtual size: 14.9MB

.reloc
Size: 512B - Virtual size: 272B

.rsrc
Size: 512B - Virtual size: 480B