6e7c7ca94c2912a97c827c78f6844880N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6e7c7ca94c2912a97c827c78f6844880N.exe
Size

1.4MB
MD5

6e7c7ca94c2912a97c827c78f6844880
SHA1

799c6ff0c967ea4cd238bb600204debdf3a9bbc9
SHA256

e9211b77cad956d8be8f8ffd4123292d456702e2bd7d098ae59b0388bf42a975
SHA512

a9598d2206cc3e38f2a9e63455d3348daa990b0b0569b700e84bc303706d16f3ff41a6afb19b5c48a74981061c4c6bb33408c6aeb5f4f92240c295caac3c3401
SSDEEP

24576:elmSgNGIzzF4nlx3c7VJYLIPmc8uxazs8M7jXwqdP0YxUUu8bTfDiaSK/1Nk7tcw:es5JKn0TYXcnazNM7jX7lW8bzDiaSK/0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6e7c7ca94c2912a97c827c78f6844880N.exe

Files

6e7c7ca94c2912a97c827c78f6844880N.exe
.dll windows:6 windows x64 arch:x64

814221f8fa18830d93cb323bf7a6c253

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetModuleHandleA
GetLocaleInfoA
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
QueryPerformanceCounter
CreateThread
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
GetCurrentProcess
VirtualQuery
SetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
lstrlenA
lstrlenW
GetCurrentThread
GetTickCount64
GetFileSize
CloseHandle
CreateFileA
ReadFile
TerminateProcess
WriteFile
VirtualFree
GetLastError

user32

CreateWindowExA
DefWindowProcA
DestroyWindow
MessageBoxA
SetClipboardData
UnregisterClassA
SetWindowLongPtrA
RegisterClassExA
CallWindowProcA
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture
IsWindowUnicode
GetClientRect
GetKeyState
GetMessageExtraInfo
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
GetKeyboardLayout
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext
ImmSetCandidateWindow

d3dcompiler_47

D3DCompile

d3d11

D3D11CreateDeviceAndSwapChain

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_type_info_destroy_list
_CxxThrowException
memset
memcpy
__C_specific_handler
strstr
__std_terminate
__std_exception_copy
__std_exception_destroy
memchr
memcmp
memmove

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_initterm_e
_initterm
_cexit
_execute_onexit_table
_crt_atexit
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
ftell
fclose
fseek
__stdio_common_vfprintf
__stdio_common_vsscanf
fwrite
fread
fflush
__stdio_common_vsprintf
_wfopen

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

strncpy
strncmp
strcmp
tolower

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-math-l1-1-0

sqrtf
sinf
cosf
fmodf
ceilf
acosf

Sections

.text
Size: 339KB - Virtual size: 338KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

814221f8fa18830d93cb323bf7a6c253

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

imm32

d3dcompiler_47

d3d11

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 339KB - Virtual size: 338KB

.rdata Size: 57KB - Virtual size: 57KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 13KB - Virtual size: 13KB

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.vmp0 Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 469B

.text
Size: 339KB - Virtual size: 338KB

.rdata
Size: 57KB - Virtual size: 57KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 13KB - Virtual size: 13KB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.vmp0
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 469B