37e264fbceba6a5fa4033ad989181860N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

37e264fbceba6a5fa4033ad989181860N.exe
Size

7.8MB
MD5

37e264fbceba6a5fa4033ad989181860
SHA1

1aa758b8ce563b64339f0f11b273556a61be8349
SHA256

0a9c89ed9a8bae35d9f52e724f104666e2907248a3f26c978b739c932bf79ed5
SHA512

48a0089039958e592f59ca80ba2e20990be9000941965d01e4d5ab9d693e06664a51a9564e71ede0f360177a39ddf82df6d877c5107f2cc044e9ef229ccce13b
SSDEEP

98304:AFR7wZkuLcrf+Gpqr4pwUC310haZKyj3g:WR7wBcrf+G8r4pMW0ZKyj3g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37e264fbceba6a5fa4033ad989181860N.exe

Files

37e264fbceba6a5fa4033ad989181860N.exe
.exe windows:6 windows x64 arch:x64

8d1f662b4e494e57d813af25477b95a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetLastError
MultiByteToWideChar
WriteConsoleOutputCharacterW
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
ScrollConsoleScreenBufferA
SetConsoleTextAttribute
GetConsoleOutputCP
SetConsoleOutputCP
CreateFileA
CloseHandle
WaitForSingleObject
SetWaitableTimer
Sleep
GetSystemInfo
CreateWaitableTimerA
DeleteFileA
WriteFile
GetModuleFileNameA
GetTempPathA
GetTempFileNameA
MoveFileExA
GetSystemTimeAsFileTime
CreatePipe
GetProcessTimes
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
CreateProcessA
OpenProcess
K32GetProcessMemoryInfo
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GlobalMemoryStatusEx
FormatMessageA
InitializeSRWLock
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
ReleaseMutex
CreateMutexA
CreateThread
GetCurrentThreadId
CreateFileW
ReadFile
SetFilePointer
GetProcAddress
LoadLibraryA
GetThreadContext
OpenThread
SuspendThread
ResumeThread
TlsGetValue
MapViewOfFile
UnmapViewOfFile
GetCurrentThread
VirtualFree
TlsSetValue
WideCharToMultiByte
LoadLibraryW
GetTimeZoneInformation
VirtualAlloc
GetFileType
CreateFileMappingW
VirtualProtect
OutputDebugStringA
TlsAlloc
GetThreadTimes
TlsFree
QueryPerformanceCounter
QueryPerformanceFrequency
CreateSemaphoreA
ReleaseSemaphore
GetNativeSystemInfo
GetDateFormatW
SystemTimeToTzSpecificLocalTime
GetTimeFormatW
FileTimeToSystemTime
GetLocaleInfoA
GetCurrencyFormatW
GetLocaleInfoW
GetNumberFormatW
FreeLibrary
GetACP
GetThreadLocale
GetUserGeoID
GetGeoInfoA
PeekConsoleInputW
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
ScrollConsoleScreenBufferW
GetConsoleMode
ReadConsoleInputW
SetConsoleMode
SetLastError
GetModuleHandleW
GetVersion
FindNextFileW
FindClose
RtlVirtualUnwind
GetTickCount
GlobalMemoryStatus
GetVersionExW
FlushConsoleInputBuffer
EncodePointer
DecodePointer
GetStringTypeW
HeapFree
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
ReadConsoleW
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapAlloc
GetCommandLineA
HeapReAlloc
GetConsoleCP
SetEndOfFile
GetProcessHeap
SetStdHandle
IsDebuggerPresent
IsProcessorFeaturePresent
FlushFileBuffers
GetDriveTypeW
GetFullPathNameA
SetEnvironmentVariableA
LoadLibraryExW
SetConsoleCtrlHandler
ExitThread
ReadConsoleInputA
GetCPInfo
RtlCaptureContext
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapSize
SetFilePointerEx
IsValidCodePage
GetOEMCP
GetModuleFileNameW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
SetEnvironmentVariableW
DeleteFileW
FindFirstFileExW
CreateDirectoryW
RemoveDirectoryW
GetCurrentDirectoryW
OutputDebugStringW
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
GetFullPathNameW
GetStdHandle

winmm

timeGetTime

ws2_32

freeaddrinfo
getaddrinfo
socket
listen
connect
bind
shutdown
getnameinfo
ioctlsocket
closesocket
setsockopt
WSACleanup
WSAStartup
send
select
getsockopt
recv
WSASetLastError
WSAGetLastError

user32

GetProcessWindowStation
GetDesktopWindow
MessageBoxW
GetUserObjectInformationW

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
DeregisterEventSource
ReportEventW
RegisterEventSourceW

Sections

.text
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 300KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d1f662b4e494e57d813af25477b95a2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winmm

ws2_32

user32

advapi32

Sections

.text Size: 5.4MB - Virtual size: 5.4MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 300KB - Virtual size: 1.5MB

.pdata Size: 284KB - Virtual size: 284KB

.tls Size: 512B - Virtual size: 17B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 68KB - Virtual size: 67KB

.text
Size: 5.4MB - Virtual size: 5.4MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 300KB - Virtual size: 1.5MB

.pdata
Size: 284KB - Virtual size: 284KB

.tls
Size: 512B - Virtual size: 17B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 68KB - Virtual size: 67KB