0592e2ac208144462555810dcb5d9e60N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

0592e2ac208144462555810dcb5d9e60N.exe
Size

489KB
MD5

0592e2ac208144462555810dcb5d9e60
SHA1

027cfa7fe10bfe10f6bf374c170b8fe168f7d3e4
SHA256

55b603017dd4cf34d5d3dc71d97c7f2beb0159fd8962240ff1bf880a2fc3ac24
SHA512

2cd9fbe0a1af5b40b190080c897fc6edf421f4426b278417de56deea6771151dc017a40291c7480b0c63ed798c196b8ae430967688ead34493b790dd4cdbb519
SSDEEP

6144:Up4/RqYZi9u1BM7ulztD3wLQhdz/dZy02ZpOi1FmNZnteVDb2O7fcCnDtiORP7Zb:64/RqOi9iztjwWdz1Zy0SWNhyPZ857oT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0592e2ac208144462555810dcb5d9e60N.exe

Files

0592e2ac208144462555810dcb5d9e60N.exe
.exe windows:4 windows x86 arch:x86

dfe7e110956f9ceef386a42aae6cac98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

PDB Paths

Imports

msys-crypto-1.1

ASN1_OCTET_STRING_free
BIO_ctrl
BIO_free
BIO_new
BIO_s_mem
BIO_write
BN_CTX_free
BN_CTX_new
BN_add
BN_add_word
BN_bin2bn
BN_bn2bin
BN_bn2hex
BN_clear_free
BN_cmp
BN_copy
BN_div
BN_dup
BN_free
BN_hex2bn
BN_is_prime_ex
BN_lshift
BN_mod_word
BN_new
BN_num_bits
BN_print_fp
BN_rand
BN_rshift
BN_set_bit
BN_set_flags
BN_set_word
BN_sub
BN_value_one
CRYPTO_get_ex_new_index
DSA_SIG_free
DSA_SIG_get0
DSA_SIG_new
DSA_SIG_set0
DSA_do_sign
DSA_do_verify
DSA_free
DSA_generate_key
DSA_generate_parameters_ex
DSA_get0_key
DSA_get0_pqg
DSA_new
DSA_set0_key
DSA_set0_pqg
ECDSA_SIG_free
ECDSA_SIG_get0
ECDSA_SIG_new
ECDSA_SIG_set0
ECDSA_do_sign
ECDSA_do_verify
ECDSA_size
EC_GROUP_cmp
EC_GROUP_free
EC_GROUP_get_curve_name
EC_GROUP_get_order
EC_GROUP_method_of
EC_GROUP_new_by_curve_name
EC_GROUP_set_asn1_flag
EC_KEY_METHOD_get_sign
EC_KEY_METHOD_new
EC_KEY_METHOD_set_sign
EC_KEY_OpenSSL
EC_KEY_dup
EC_KEY_free
EC_KEY_generate_key
EC_KEY_get0_group
EC_KEY_get0_private_key
EC_KEY_get0_public_key
EC_KEY_get_ex_data
EC_KEY_new
EC_KEY_new_by_curve_name
EC_KEY_set_asn1_flag
EC_KEY_set_ex_data
EC_KEY_set_group
EC_KEY_set_method
EC_KEY_set_private_key
EC_KEY_set_public_key
EC_METHOD_get_field_type
EC_POINT_cmp
EC_POINT_free
EC_POINT_get_affine_coordinates_GFp
EC_POINT_is_at_infinity
EC_POINT_mul
EC_POINT_new
EC_POINT_oct2point
EC_POINT_point2oct
ERR_error_string
ERR_get_error
ERR_peek_error
ERR_peek_last_error
EVP_CIPHER_CTX_ctrl
EVP_CIPHER_CTX_free
EVP_CIPHER_CTX_iv
EVP_CIPHER_CTX_iv_length
EVP_CIPHER_CTX_iv_noconst
EVP_CIPHER_CTX_key_length
EVP_CIPHER_CTX_new
EVP_CIPHER_CTX_set_key_length
EVP_Cipher
EVP_CipherInit
EVP_Digest
EVP_DigestFinal_ex
EVP_DigestInit_ex
EVP_DigestUpdate
EVP_MD_CTX_copy_ex
EVP_MD_CTX_free
EVP_MD_CTX_md
EVP_MD_CTX_new
EVP_MD_block_size
EVP_PKEY_base_id
EVP_PKEY_free
EVP_PKEY_get0_EC_KEY
EVP_PKEY_get0_RSA
EVP_PKEY_get1_DSA
EVP_PKEY_get1_EC_KEY
EVP_PKEY_get1_RSA
EVP_PKEY_new
EVP_PKEY_set1_DSA
EVP_PKEY_set1_EC_KEY
EVP_PKEY_set1_RSA
EVP_aes_128_cbc
EVP_aes_128_ctr
EVP_aes_128_gcm
EVP_aes_192_cbc
EVP_aes_192_ctr
EVP_aes_256_cbc
EVP_aes_256_ctr
EVP_aes_256_gcm
EVP_chacha20
EVP_des_ede3_cbc
EVP_md5
EVP_sha1
EVP_sha256
EVP_sha384
EVP_sha512
OPENSSL_init_crypto
OpenSSL_version_num
PEM_read_PUBKEY
PEM_read_RSAPublicKey
PEM_read_bio_PrivateKey
PEM_write_DSAPrivateKey
PEM_write_DSA_PUBKEY
PEM_write_ECPrivateKey
PEM_write_EC_PUBKEY
PEM_write_RSAPrivateKey
PEM_write_RSAPublicKey
PEM_write_RSA_PUBKEY
PEM_write_bio_DSAPrivateKey
PEM_write_bio_ECPrivateKey
PEM_write_bio_PrivateKey
PEM_write_bio_RSAPrivateKey
RAND_status
RSAPublicKey_dup
RSA_blinding_on
RSA_free
RSA_generate_key_ex
RSA_get0_crt_params
RSA_get0_factors
RSA_get0_key
RSA_get_default_method
RSA_get_ex_data
RSA_meth_dup
RSA_meth_set1_name
RSA_meth_set_priv_dec
RSA_meth_set_priv_enc
RSA_new
RSA_public_decrypt
RSA_set0_crt_params
RSA_set0_factors
RSA_set0_key
RSA_set_ex_data
RSA_set_method
RSA_sign
RSA_size
X509_NAME_free
X509_NAME_oneline
X509_free
X509_get_pubkey
d2i_ASN1_OCTET_STRING
d2i_ECPKParameters
d2i_X509
d2i_X509_NAME
o2i_ECPublicKey

msys-2.0

__b64_ntop
__b64_pton
__cxa_atexit
__dn_expand
__errno
__getreent
__locale_ctype_ptr
__locale_mb_cur_max
__main
__memcpy_chk
__progname
__res_init
__res_query
__res_state
__stack_chk_fail
__stack_chk_guard
_dll_crt0@0
_exit
_fcntl64
_fdopen64
_fopen64
_fstat64
_geteuid32
_getpwuid32
_getuid32
_impure_ptr
_initgroups32
_open64
_setregid32
_setreuid32
_stat64
access
arc4random
arc4random_buf
asprintf
bind
calloc
clock_gettime
close
closedir
closelog
connect
ctime
cygwin_internal
dirfd
dirname
dlclose
dlerror
dll_dllcrt0
dlopen
dlsym
dup2
execlp
execv
execve
exit
explicit_bzero
fchmod
fclose
fcntl
fdopen
fflush
fgetc
fgets
fopen
fork
fprintf
fputc
fputs
free
freeaddrinfo
fscanf
fseek
fstat
fwrite
gai_strerror
getaddrinfo
getenv
geteuid
gethostname
getline
getnameinfo
getopt
getpagesize
getpid
getppid
getpwnam
getpwuid
getservbyname
getsid
getsockname
getsockopt
gettimeofday
getuid
gmtime
h_errno
initgroups
isatty
kill
link
listen
localtime
localtime_r
malloc
mbstowcs
mbtowc
memchr
memcmp
memcpy
memmem
memmove
memset
mkdir
mkstemp
mktime
msys_detach_dll
nanosleep
nl_langinfo
open
opendir
openlog
optarg
optind
pathconf
perror
pipe
poll
posix_memalign
printf
putchar
puts
qsort
raise
read
readdir
readv
realloc
reallocarray
realpath
rename
rewind
setenv
setlocale
setregid
setreuid
setsockopt
setvbuf
sigaction
sigemptyset
sigfillset
snprintf
socket
socketpair
stat
strcasecmp
strcasestr
strchr
strcmp
strcspn
strdup
strerror
strftime
strlcat
strlcpy
strlen
strncasecmp
strncmp
strndup
strpbrk
strptime
strrchr
strsep
strsignal
strspn
strstr
strtol
strtoll
strtoul
strtoull
sysconf
syslog
tcgetattr
tcsetattr
time
timingsafe_bcmp
tolower
toupper
towlower
umask
ungetc
unlink
vasprintf
vsnprintf
waitpid
wcwidth
write

msys-gcc_s-1

__addvdi3
__addvsi3
__divdi3
__moddi3
__mulvsi3
__negvdi2
__negvsi2
__subvsi3
__udivdi3
__umoddi3

kernel32

FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA

Sections

.text
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dfe7e110956f9ceef386a42aae6cac98

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msys-crypto-1.1

msys-2.0

msys-gcc_s-1

kernel32

Sections

.text Size: 288KB - Virtual size: 287KB

.data Size: 512B - Virtual size: 96B

.rdata Size: 158KB - Virtual size: 158KB

.buildid Size: 512B - Virtual size: 53B

/4 Size: 512B - Virtual size: 4B

.bss Size: - Virtual size: 6KB

.idata Size: 11KB - Virtual size: 11KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 288KB - Virtual size: 287KB

.data
Size: 512B - Virtual size: 96B

.rdata
Size: 158KB - Virtual size: 158KB

.buildid
Size: 512B - Virtual size: 53B

/4
Size: 512B - Virtual size: 4B

.bss
Size: - Virtual size: 6KB

.idata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB