689c2de656a60d4290e3265584a61f30N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

689c2de656a60d4290e3265584a61f30N.exe
Size

92KB
MD5

689c2de656a60d4290e3265584a61f30
SHA1

bffcdf34858b9faa66b444ec075a13904293d3d8
SHA256

bcf8be3432426323d2cddd7f9d4fc868ca68c0970eaa051d9ca1657b1cc7947e
SHA512

5633336fce0bb49217d4760bf049c1b9d8d4fa15e8f5e15acaef6c2e134de215f13f212ecb064a3ab451984eb0045578c91e2a3274e2f675622dd97779246029
SSDEEP

1536:UkN81oZlcqIa2NkomsFTzKmI/yoS/W0Ly3L3BkLvArsX1PaPkSebJi7ShHM+b5Cn:RNfKFTgbrsX1w6HMlY/Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
689c2de656a60d4290e3265584a61f30N.exe

Files

689c2de656a60d4290e3265584a61f30N.exe
.dll windows:6 windows x64 arch:x64

ee594711a89cf1222c6d61531e8369dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Temp\perl-5.28.0\lib\auto\Compress\Raw\Zlib\Zlib.pdb

Imports

perl528

Perl_mg_set
Perl_croak_nocontext
Perl_mfree
Perl_sv_len
win32_errno
Perl_mg_get
Perl_sv_setpv
Perl_croak_xs_usage
Perl_dowantarray
Perl_sv_upgrade
Perl_sv_2iv_flags
Perl_sv_setnv
Perl_stack_grow
Perl_sv_setuv_mg
Perl_sv_setiv
Perl_sv_utf8_upgrade_flags_grow
Perl_newSVpv
Perl_sv_setref_pv
Perl_sv_setiv_mg
Perl_newSVpvf_nocontext
Perl_newXS_deffile
Perl_sv_2bool_flags
Perl_sv_free2
Perl_xs_boot_epilog
Perl_xs_handshake
Perl_sv_setpvn
Perl_sv_pvbyten_force
win32_strerror
Perl_sv_derived_from
Perl_sv_2uv_flags
Perl_sv_2mortal
Perl_get_sv
Perl_sv_2pvbyte
Perl_sv_pvn_force_flags
Perl_sv_grow
Perl_realloc
Perl_sv_utf8_downgrade
Perl_sv_newmortal
Perl_calloc
Perl_malloc
Perl_newSVsv
Perl_sv_2pv_flags
Perl_newSViv
Perl_get_context

vcruntime140

memcpy
memcmp
__C_specific_handler
__std_type_info_destroy_list
memset
memmove

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_initialize_narrow_environment
_seh_filter_dll
_initterm_e
_initterm
_execute_onexit_table
_cexit
_configure_narrow_argv

kernel32

IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

Exports

Exports

boot_Compress__Raw__Zlib

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee594711a89cf1222c6d61531e8369dd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

perl528

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 67KB - Virtual size: 66KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 104B

.text
Size: 67KB - Virtual size: 66KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 104B