18d98bc4f734829eeb9af0c6c43691e0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

18d98bc4f734829eeb9af0c6c43691e0N.exe
Size

101KB
MD5

18d98bc4f734829eeb9af0c6c43691e0
SHA1

c2422ec3e1bffe994c6e6d23bb23e69da1864c91
SHA256

46b4a8a48c516a4042a9717df9806015ea09aec08fa6fa382c9cfe158c520191
SHA512

c52baa3d39124b4c89c083b97684e1174e8618e60ddce94ff35e4e3e9fe72f62e1ac95bdaeb79cd9c273fbc180e89e72a2e8a54c8ec19ad664bae3e13cfd2449
SSDEEP

1536:6d/Ts8YlA8dtEcgLNQdg2gFmGV/E90Ge/mYDsfocYbCSKGSap6rC/w/6C24f92y:6d/TARiLOdgL5nmuC2yG8vfX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18d98bc4f734829eeb9af0c6c43691e0N.exe

Files

18d98bc4f734829eeb9af0c6c43691e0N.exe
.exe windows:6 windows x64 arch:x64

ff1a66cf307d87c92a7e7517f8a7e19f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AcquireSRWLockExclusive
CloseHandle
CreateFileA
DecodePointer
DeleteCriticalSection
EncodePointer
EnterCriticalSection
ExitProcess
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLocaleInfoEx
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetSystemTimeAsFileTime
InitializeCriticalSectionEx
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
LCIDToLocaleName
LCMapStringEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseSRWLockExclusive
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
TerminateProcess
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WakeAllConditionVariable
WideCharToMultiByte
WriteFile
WriteProcessMemory

user32

LoadStringW

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenW
InternetReadFile

msvcrt

?_set_new_mode@@YAHH@Z
?terminate@@YAXXZ
_CxxThrowException
_XcptFilter
__C_specific_handler
__CxxFrameHandler3
__DestructExceptionObject
___lc_codepage_func
___lc_handle_func
__argc
__argv
__getmainargs
__pctype_func
__set_app_type
__strncnt
__uncaught_exception
_amsg_exit
_callnewh
_commode
_environ
_errno
_fileno
_fseeki64
_fsopen
_initterm
_initterm_e
_iob
_isatty
_local_unwind
_lock
_msize
_set_fmode
_time64
_unlock
_wcsdup
abort
calloc
fclose
fflush
fgetc
fgetpos
fread
free
fseek
fsetpos
islower
isupper
malloc
memcpy
memmove
memset
rand
realloc
setvbuf
srand
strchr
strcpy_s
strlen
ungetc
wcslen
wcsrchr

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 140B

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff1a66cf307d87c92a7e7517f8a7e19f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

wininet

msvcrt

Sections

.text Size: 63KB - Virtual size: 63KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 6KB - Virtual size: 18KB

.pdata Size: 4KB - Virtual size: 4KB

.00cfg Size: 512B - Virtual size: 56B

.retplne Size: 512B - Virtual size: 140B

.tls Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 620B

.text
Size: 63KB - Virtual size: 63KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 6KB - Virtual size: 18KB

.pdata
Size: 4KB - Virtual size: 4KB

.00cfg
Size: 512B - Virtual size: 56B

.retplne
Size: 512B - Virtual size: 140B

.tls
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 620B