emtBeLXGm7F6[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

emtBeLXGm7F6.exe
Size

15.7MB
MD5

adc42766e0887b008e0c8a6dbf040130
SHA1

cc03e1bfd8925ce8d47d508e0f2cc554434a0cbc
SHA256

cdc1893e4ed6b0a91594a3db7a3f03695f23b062cc89b9ef0f2be91fd49f625e
SHA512

8fe20dd4476082a229ce91d2f0fab2d0af97cb2dabda597e605bfa42dfe4b27dfedf1d928898f86da2a6e43d034bbefb1b06e8577da5683632be61efa7af6621
SSDEEP

393216:9ZKRwtar+2sALvyxSJsMRMEeUhd1KnwitxCV:XP8J7RMqhqwitQV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
emtBeLXGm7F6.exe

Files

emtBeLXGm7F6.exe
.exe windows:6 windows x64 arch:x64

e048a0077c68841c14dff6ecb5007484

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetPriorityClass

user32

CreateWindowExW

shell32

SHChangeNotify

ole32

CoCreateInstance

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx

ws2_32

send

crypt32

CertCloseStore

imm32

ImmReleaseContext

gdi32

GetDeviceCaps

advapi32

ReportEventW

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 857KB - Virtual size: 857KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.9MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.g49
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.$iv
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

./_a
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e048a0077c68841c14dff6ecb5007484

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

d3d9

d3dx9_43

ws2_32

crypt32

imm32

gdi32

advapi32

bcrypt

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 857KB - Virtual size: 857KB

.data Size: 1.9MB - Virtual size: 2.0MB

.pdata Size: 118KB - Virtual size: 117KB

_RDATA Size: 9KB - Virtual size: 8KB

.g49 Size: 4.8MB - Virtual size: 4.8MB

.$iv Size: 512B - Virtual size: 240B

./_a Size: 5.3MB - Virtual size: 5.3MB

.rsrc Size: 103KB - Virtual size: 102KB

.reloc Size: 30KB - Virtual size: 29KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 857KB - Virtual size: 857KB

.data
Size: 1.9MB - Virtual size: 2.0MB

.pdata
Size: 118KB - Virtual size: 117KB

_RDATA
Size: 9KB - Virtual size: 8KB

.g49
Size: 4.8MB - Virtual size: 4.8MB

.$iv
Size: 512B - Virtual size: 240B

./_a
Size: 5.3MB - Virtual size: 5.3MB

.rsrc
Size: 103KB - Virtual size: 102KB

.reloc
Size: 30KB - Virtual size: 29KB