6387f766da88fb850502a9b5436d2610N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

6387f766da88fb850502a9b5436d2610N.exe
Size

1.0MB
MD5

6387f766da88fb850502a9b5436d2610
SHA1

00ff0f1d77503b816c88ce9dc0bc8e5e36ed8af1
SHA256

dcf0c05088518822bc30633857f8b1388fbfee00d67c54da894127c3bba23845
SHA512

5d3998db81f97895ba80d9595426fa53712f45fa7283b93d97ab2d20ee2e8e0a24766213f23046c87239a333281aa1ca5d817d656eb541a86e9c1e84fb54184d
SSDEEP

24576:kvETMwioSqtWMCUXC/lw60yMWsBhmSE1nBt++cJG0l:k8TtioSUWMg/QZWwmz1Bfop

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6387f766da88fb850502a9b5436d2610N.exe

Files

6387f766da88fb850502a9b5436d2610N.exe
.dll windows:5 windows x86 arch:x86

28ac278a7fa13751ea6f6e11af5724c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
ReadFile
CreateFileW
lstrlenW
CloseHandle
lstrcpyA
SetFilePointer
VirtualFree
MultiByteToWideChar
SetLastError
VirtualAlloc
VirtualProtect
lstrcpynA
GetCurrentProcess
QueryPerformanceCounter
SetEnvironmentVariableA
GetModuleHandleA
QueryPerformanceFrequency
GetCurrentProcessId
CreateEventA
GetProcAddress
LoadLibraryA
ExitProcess
lstrcmpiA
lstrcmpiW
GetThreadContext
lstrcmpA
SetThreadContext
TerminateProcess
GetLastError
VirtualAllocEx
ResumeThread
FreeLibrary
HeapAlloc
HeapCreate
lstrcatA
CreateDirectoryA
lstrlenA
GetTempPathA
GetFileSize
SetEndOfFile
CompareFileTime
UnlockFile
SetEvent
LockFile
GetTickCount
WriteFile
GetProcessTimes
VirtualFreeEx
ReadProcessMemory
GetFileAttributesA
GetFileAttributesW
ExitThread
FlushFileBuffers
OpenEventA
WaitForMultipleObjects
GetFileTime
GetCurrentThreadId
WriteProcessMemory
CreateThread
SetStdHandle
HeapFree
AddVectoredExceptionHandler
GetModuleFileNameA
CreateFileA

user32

GetMessageA
RegisterClassExA
PostQuitMessage
CharLowerA
wsprintfA
KillTimer
SendMessageA
SetWindowLongA
UnregisterClassA
GetWindowLongA
CreateWindowExA
DefWindowProcA
IsWindow
DispatchMessageA
MessageBoxA
SetTimer

advapi32

OpenProcessToken

userenv

GetUserProfileDirectoryA

Exports

Exports

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RLD0
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.RLD1
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 671KB - Virtual size: 672KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

28ac278a7fa13751ea6f6e11af5724c8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

userenv

Exports

Exports

Sections

.text Size: 51KB - Virtual size: 50KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 2KB - Virtual size: 1KB

.RLD0 Size: 2KB - Virtual size: 1KB

.RLD1 Size: 293KB - Virtual size: 292KB

.reloc Size: 2KB - Virtual size: 1KB

.text Size: 671KB - Virtual size: 672KB

.text
Size: 51KB - Virtual size: 50KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 2KB - Virtual size: 1KB

.RLD0
Size: 2KB - Virtual size: 1KB

.RLD1
Size: 293KB - Virtual size: 292KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 671KB - Virtual size: 672KB