6bef0e292558bea1ab8846299c6af9bde762e43573a54ac8fb91811c3c4f8a33[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

6bef0e292558bea1ab8846299c6af9bde762e43573a54ac8fb91811c3c4f8a33.exe
Size

1.3MB
MD5

d856b1a367b6ae1ae9dc7d8644169fbf
SHA1

a305926ab738d134b630a867fabcaf27811aa95f
SHA256

6bef0e292558bea1ab8846299c6af9bde762e43573a54ac8fb91811c3c4f8a33
SHA512

19ac2d413b823a60f60982ef225f278822383f5411d04fbf823c5f68dc55df5fc9ea7090c846a07b76c6a1e836f5ad68413b4fbe6534ad0b4652bb674617bed6
SSDEEP

24576:sB86xEAn7XfnRu2kZAhJXfeWCTLpXph+eDBkTll:sB80n7X1wwuL1u

Score

10^/10

Malware Config

Signatures

Detects executables Discord URL observed in first stage droppers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_DiscordURL

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6bef0e292558bea1ab8846299c6af9bde762e43573a54ac8fb91811c3c4f8a33.exe

Files

6bef0e292558bea1ab8846299c6af9bde762e43573a54ac8fb91811c3c4f8a33.exe
.exe windows:6 windows x64 arch:x64

1ebc56366951f0b8d889ba1f414e11a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\AE-Fivem\AE-Fivem\x64\Build\OBS-Studio-30.0-Full-Installer-x64.pdb

Imports

kernel32

Process32FirstW
CloseHandle
Beep
GetConsoleWindow
GetCurrentConsoleFont
WriteProcessMemory
SetLastError
OpenProcess
GetLastError
Module32FirstW
Module32NextW
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
Process32NextW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
Sleep
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetModuleHandleW
CreateToolhelp32Snapshot
GetStdHandle
SetConsoleScreenBufferSize
SetConsoleTitleA
GetConsoleScreenBufferInfo
ReadProcessMemory
SetUnhandledExceptionFilter
GetTickCount64

user32

GetDesktopWindow
SetWindowLongW
LoadIconW
TranslateMessage
SetLayeredWindowAttributes
CreateWindowExA
DefWindowProcA
MoveWindow
PeekMessageW
DispatchMessageW
DestroyWindow
GetWindow
GetWindowLongW
GetAsyncKeyState
mouse_event
GetKeyState
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetSystemMetrics
GetClipboardData
FindWindowA
SetClipboardData
GetClientRect
GetWindowThreadProcessId
EnumWindows
ShowWindow
SetWindowLongA
GetWindowRect
SetWindowPos
RegisterClassExA

msvcp140

??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??Bid@locale@std@@QEAA_KXZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?id@?$ctype@_W@std@@2V0locale@2@A
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??Bios_base@std@@QEBA_NXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?uncaught_exceptions@std@@YAHXZ

d3d9

Direct3DCreate9Ex

d3dx9_43

D3DXVec3Transform
D3DXMatrixTranspose

dwmapi

DwmExtendFrameIntoClientArea

wininet

InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle

imm32

ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy
memcmp
__C_specific_handler
memchr
__std_exception_copy
memmove
strstr
__current_exception
__std_terminate
__current_exception_context
_CxxThrowException
memset
memcpy

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
_set_new_mode
free

api-ms-win-crt-convert-l1-1-0

atof
strtoul

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_register_onexit_function
_beginthreadex
_crt_atexit
exit
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_invalid_parameter_noinfo_noreturn
_cexit
system
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
terminate
_seh_filter_exe

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
fflush
fclose
__stdio_common_vsscanf
_wfopen
fwrite
__stdio_common_vfprintf
fseek
__acrt_iob_func
ftell
__stdio_common_vsprintf
fread

api-ms-win-crt-math-l1-1-0

__setusermatherr
sinf
powf
pow
acosf
fmodf
cosf
ceilf
atan2f
sqrtf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-string-l1-1-0

strncmp
strcmp
strncpy
_wcsicmp

Sections

.text
Size: 341KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 935KB - Virtual size: 937KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ebc56366951f0b8d889ba1f414e11a8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcp140

d3d9

d3dx9_43

dwmapi

wininet

imm32

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

Sections

.text Size: 341KB - Virtual size: 340KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 935KB - Virtual size: 937KB

.pdata Size: 13KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1024B - Virtual size: 656B

.text
Size: 341KB - Virtual size: 340KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 935KB - Virtual size: 937KB

.pdata
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1024B - Virtual size: 656B