6a30d662ba7bb1d9c3c2c3af4e51d830N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6a30d662ba7bb1d9c3c2c3af4e51d830N.exe
Size

24KB
MD5

6a30d662ba7bb1d9c3c2c3af4e51d830
SHA1

b08a133df0b7e0d79f7f6e1c8ba542879279592f
SHA256

cf8a893e2d728cf412160b8fc45cf9b7f11c1a5a94e18b0c28bede25257095c6
SHA512

3d38bc6e95c0973f96190b7d0c7857274fe2230a8f1c7cae8a50b77d4642c0e35c479238018d7e6b043d54023eb80154281e8efe7764f96747113f9ab9448e3d
SSDEEP

384:q7IWJ3GuXCVgteKFe3qdZbKMJHPCzgA9sYe4Afqi55fQUf3wAc7CfE:o/3GuXKPa8MBPCtS7rd3RPwAc7CfE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a30d662ba7bb1d9c3c2c3af4e51d830N.exe

Files

6a30d662ba7bb1d9c3c2c3af4e51d830N.exe
.exe windows:4 windows x86 arch:x86

fd1aeed84148df2edebbd95095beb4c9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
CloseHandle
WriteFile
ExitProcess
HeapFree
lstrcpynA
HeapReAlloc
lstrcmpiA
Process32Next
Process32First
CreateToolhelp32Snapshot
MultiByteToWideChar
GetFileSize
GetFileAttributesA
SetFilePointer
CopyFileA
MoveFileA
GetSystemDirectoryA
lstrcmpA
ExpandEnvironmentStringsA
GetCommandLineA
lstrcatA
GetModuleFileNameA
GetModuleHandleA
ReadFile
FindFirstFileA
GetSystemTime
WaitForSingleObject
CreateMutexA
HeapDestroy
HeapCreate
GetProcessHeap
InterlockedIncrement
InterlockedExchange
InterlockedExchangeAdd
ReleaseMutex
ResumeThread
SetThreadContext
GetThreadContext
WriteProcessMemory
VirtualAllocEx
CreateProcessA
GetProcAddress
GetComputerNameA
GetSystemInfo
GetVolumeInformationA
GetVersionExA
DeleteFileA
FindNextFileA
FindClose
GetTickCount
GetTempPathA
CreateFileA
Sleep
LocalFree
GetLastError
lstrcpyA
SystemTimeToFileTime
HeapAlloc

user32

SetWindowTextA
SetActiveWindow
RegisterClassA
CreateWindowExA
GetActiveWindow
ShowWindow
GetWindowTextA
DefWindowProcA
PostQuitMessage
wsprintfA
EnumWindows

advapi32

RegCloseKey
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
RegEnumValueA

shell32

StrChrA
SHGetSpecialFolderPathA
StrRChrA
StrStrA
ShellExecuteExA
ShellExecuteA
StrStrIA

ole32

CoInitialize
CoCreateInstance

oleaut32

SysStringLen
VariantClear
SysFreeString
SysAllocStringLen
SysAllocString
VariantChangeType

wininet

InternetGetConnectedState

msvcrt

_CxxThrowException
??3@YAXPAX@Z
__dllonexit
_onexit
??1type_info@@UAE@XZ
__CxxFrameHandler
memcmp
rand
memcpy
memset

ws2_32

inet_addr

shlwapi

StrDupA

dnsapi

DnsQuery_A
DnsRecordListFree

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fd1aeed84148df2edebbd95095beb4c9

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

wininet

msvcrt

ws2_32

shlwapi

dnsapi

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 5KB

.CRT Size: 512B - Virtual size: 4B

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 4B