6e0d51f73d81445ed3b44b52b561de70N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6e0d51f73d81445ed3b44b52b561de70N.exe
Size

483KB
MD5

6e0d51f73d81445ed3b44b52b561de70
SHA1

4c28aed6425f0d98596dc5d900daae346bcb84f2
SHA256

406ba5fb8eb1138f6cb1372485522db8341c449b6695868a1c3e4b265c5d167c
SHA512

afbc5698d9aca854015ffd106973728c8fa7e3a9e7fbc4780a7bd0a93ac8527f9ddcfd2dcb4d322588dac6ab95d6292dc65d929d4821185c2cd25e39098b55e2
SSDEEP

12288:CumWsZAJeNA1/aO5ovSoe/TiLcPbwEcBj:CtWsZAiuyO9ouZsX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6e0d51f73d81445ed3b44b52b561de70N.exe

Files

6e0d51f73d81445ed3b44b52b561de70N.exe
.dll regsvr32 windows:6 windows x86 arch:x86

9c669fde058e416e03258c8ce7cc202e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

P:\Target\x86\ship\factoid\x-none\mofl.pdb

Imports

kernel32

CreateFileMappingA
MultiByteToWideChar
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
FreeLibrary
GetModuleHandleW
LoadLibraryExA
LoadResource
SizeofResource
lstrcmpiA
lstrlenA
lstrlenW
FormatMessageA
WideCharToMultiByte
IsDBCSLeadByte
DeleteFileA
WriteFile
GetTempFileNameA
MoveFileA
LoadLibraryExW
InitializeCriticalSection
LockResource
FindResourceExA
LocalFree
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
UnmapViewOfFile
MapViewOfFile
GetTickCount
GetVersion
GetLastError
CloseHandle
GetFileSize
FindNextFileW
FindFirstFileW
LocalAlloc
QueryPerformanceCounter
FindClose
FindResourceA
CreateFileA
LoadLibraryA
IsDebuggerPresent
GetProcessHeap
HeapSetInformation
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualProtect
WerRegisterMemoryBlock
HeapAlloc
HeapFree
GetModuleFileNameW
EncodePointer
DecodePointer
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

advapi32

DeregisterEventSource
ReportEventW
RegSetValueExA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegCloseKey
RegisterEventSourceW

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoInitialize
CoUninitialize

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen
SysStringByteLen
SysAllocStringByteLen
VariantInit
VariantClear
VarBstrCat
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
UnRegisterTypeLi

mfc100

ord5037
ord2528
ord1008
ord1691
ord11964
ord11243
ord10930
ord1861
ord6521
ord462
ord7876
ord11744
ord5242
ord1313
ord300
ord305
ord316
ord2626
ord1885
ord7584
ord6835
ord1288
ord7510
ord11180
ord9449
ord11787
ord11726
ord4078
ord7141
ord13767
ord4724
ord2163
ord11421
ord11420
ord13301
ord7073
ord13299
ord8486
ord3676
ord11806
ord7091
ord1732
ord10922
ord14075
ord13181
ord11413
ord7144
ord13483
ord13480
ord13485
ord13482
ord13484
ord13481
ord888
ord6112
ord3409
ord5238
ord11172
ord7355
ord11184
ord11153
ord4622
ord4903
ord5095
ord8439
ord4881
ord5098
ord4625
ord4774
ord4606
ord6897
ord6898
ord6888
ord4772
ord7357
ord9281
ord8304
ord13518
ord322
ord1281
ord880
ord3406
ord4317
ord2818
ord1929
ord12097
ord12721
ord13329
ord11297
ord13310
ord11274
ord1483
ord901
ord306
ord310
ord6010
ord2067
ord2056
ord2061
ord2063
ord265
ord1294
ord266
ord1296
ord1948
ord2089
ord2087
ord1940
ord1867
ord408
ord2040
ord323
ord1297
ord3618
ord906
ord2090
ord2052
ord2050
ord2079
ord1979

msvcr100

towupper
memcmp
memcpy_s
wcschr
wcsstr
_wcsicmp
__iob_func
memset
_vsnwprintf
ldiv
free
wcstol
_wtol
_wsplitpath_s
__CxxFrameHandler3
memcpy
fprintf
_CxxThrowException
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
vswprintf_s
_pctype
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
tolower
toupper
iswctype
towlower
??0exception@std@@QAE@ABQBDH@Z
memmove
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
_ismbcdigit
wcsrchr
_wcsupr_s
wcsncmp
malloc
_time64
_wtoi
wcstombs_s
_vsnprintf
_resetstkoflw
_recalloc
_mbsstr
_mbsnbcpy_s
wcsncpy_s
strcat_s
strcpy_s

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 265KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c669fde058e416e03258c8ce7cc202e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

oleaut32

mfc100

msvcr100

msvcp100

Exports

Exports

Sections

.text Size: 191KB - Virtual size: 191KB

.data Size: 9KB - Virtual size: 10KB

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 265KB - Virtual size: 268KB

.text
Size: 191KB - Virtual size: 191KB

.data
Size: 9KB - Virtual size: 10KB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 265KB - Virtual size: 268KB