653eff5e9cd0da495b965c815565fa04eb509a221388c5fb73a297ea9c07f2d2[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

653eff5e9cd0da495b965c815565fa04eb509a221388c5fb73a297ea9c07f2d2.exe
Size

90KB
MD5

331d05adfcec9ac63b22f95c53b88000
SHA1

50a9c54ca0fc9b854ae3d5a59d1596bc671bc4ba
SHA256

653eff5e9cd0da495b965c815565fa04eb509a221388c5fb73a297ea9c07f2d2
SHA512

90896ce42eb5b361dec210bd89fe622ba8aaed109a6998ab6fedbb5c22d74e6baaaa98cafdcb99fecede7fc420266ce3ebfb08f140a9d1c676b0070c51cd209d
SSDEEP

1536:1i7Tj7N01wgPBxLcsywUBvs8P/1UBPGxU5cvTa:1i/fNaFDmwUBvTP/1UBPGxU5cG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
653eff5e9cd0da495b965c815565fa04eb509a221388c5fb73a297ea9c07f2d2.exe

Files

653eff5e9cd0da495b965c815565fa04eb509a221388c5fb73a297ea9c07f2d2.exe
.dll regsvr32 windows:5 windows x64 arch:x64

5a1f45e0c21df66513f9734d77a31eca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
HeapSize
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
WriteFile
HeapReAlloc
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetCurrentThreadId
FlsSetValue
GetCommandLineA
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
GetLastError
FlsAlloc
HeapFree
Sleep
GetModuleHandleW
GetProcAddress
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
RtlUnwindEx
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent

rpcrt4

NdrClientCall2
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrStubForwardingFunction
NdrStubCall2
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
CStdStubBuffer_Disconnect

oleaut32

BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a1f45e0c21df66513f9734d77a31eca

Headers

File Characteristics

Imports

kernel32

rpcrt4

oleaut32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.orpc Size: 512B - Virtual size: 283B

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 10KB - Virtual size: 14KB

.pdata Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 40KB - Virtual size: 39KB

.orpc
Size: 512B - Virtual size: 283B

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 10KB - Virtual size: 14KB

.pdata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB