b6cd9094503f184c05afb851644c079dc177001fa2b2286cdb5861338cdb655a[.]exe

General

Target

b6cd9094503f184c05afb851644c079dc177001fa2b2286cdb5861338cdb655a.exe
Size

17KB
MD5

76a3ee4f0447ad47767d2b6f808b7fc6
SHA1

af40ff8d076fa667d4a2bac519b895d3ca02ac01
SHA256

b6cd9094503f184c05afb851644c079dc177001fa2b2286cdb5861338cdb655a
SHA512

bc332c13052005e8d04272c68630f0dd8f04ac0eb2b52d375bf1ae35f1f9f7bcdb2875eacdcaa12abf1f9832c42ddb5cacff40b4bbd10de5c1600e7b50dda03b
SSDEEP

384:aiCtBFHIZAI+Bev1OY3gJaJiDXxrSH28JRKojN:SHIebgitS/JRHN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6cd9094503f184c05afb851644c079dc177001fa2b2286cdb5861338cdb655a.exe

Files

b6cd9094503f184c05afb851644c079dc177001fa2b2286cdb5861338cdb655a.exe
.exe windows:6 windows x64 arch:x64

216b600a2e18579f66b0c1200525f959

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

bcrypt

BCryptGenRandom
BCryptEncrypt
BCryptImportKeyPair
BCryptSetProperty
BCryptGenerateSymmetricKey
BCryptOpenAlgorithmProvider
BCryptDestroyKey

rstrtmgr

RmEndSession
RmStartSession
RmGetList
RmRegisterResources

kernel32

CreateMutexW
GlobalMemoryStatusEx
SystemTimeToFileTime
ExitProcess
GetDriveTypeW
GetProcessTimes
GetSystemTime
GetModuleHandleW
SetFilePointerEx
CloseHandle
FileTimeToSystemTime
ReadFile
GetLogicalDrives
FindFirstFileW
GetFileSizeEx
GetCommandLineW
GetFullPathNameW
FindNextFileW
WriteFile
VirtualAlloc
TerminateProcess
GetModuleFileNameW
WaitForMultipleObjects
GetEnvironmentVariableW
GetLastError
FindClose
CreateFileW
GetFileAttributesW
OpenProcess
SetFileAttributesW
CreateProcessW

user32

CharUpperW
CharUpperBuffW

shell32

CommandLineToArgvW
ShellExecuteW

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

216b600a2e18579f66b0c1200525f959

Headers

DLL Characteristics

File Characteristics

Imports

bcrypt

rstrtmgr

kernel32

user32

shell32

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 13KB

.pdata Size: 512B - Virtual size: 420B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 13KB

.pdata
Size: 512B - Virtual size: 420B