6542d82345a5315bbffbeb7d060a8140N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6542d82345a5315bbffbeb7d060a8140N.exe
Size

18KB
MD5

6542d82345a5315bbffbeb7d060a8140
SHA1

bc304154572ed4118290a44a44e4847c33caeab1
SHA256

5de34411e6d48e5fda7d19183b8d5f92e7babd8f74d036aa7f5a9bc88cf1209e
SHA512

cb531ca5c87bc3b7bd73bd3e90e3e9e79c4ec63161a6fa020d73cb10b46dc477f6564ea353720f832a0266c91ce631a3fdbdb2c2c99957201d997ea8c2a80607
SSDEEP

384:xPi9sJM9yz+oVQbygYP8IjguNyvH4xcYz1lLUVR9KUStTcw+:2s2QC8QbydP8ug+yvH4xtZlLUXpStTT+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6542d82345a5315bbffbeb7d060a8140N.exe

Files

6542d82345a5315bbffbeb7d060a8140N.exe
.dll regsvr32 windows:4 windows x86 arch:x86

d61b1e14d3a0278d6875fd239de6556d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitThread
GetModuleFileNameA
lstrcatA
GetProcAddress
GetModuleHandleA
CompareStringW
lstrlenW
InitializeCriticalSection
DeleteCriticalSection
lstrcmpA
LeaveCriticalSection
Sleep
HeapAlloc
GetProcessHeap
ReadFile
SetFilePointer
HeapFree
CreateMutexA
ReleaseMutex
SetEndOfFile
GetSystemDirectoryW
MultiByteToWideChar
WideCharToMultiByte
WriteProcessMemory
VirtualProtect
IsBadStringPtrA
lstrcpyW
GetTickCount
lstrlenA
GetCurrentProcess
WaitForSingleObject
CreateThread
SetEvent
CreateEventA
lstrcmpiA
GetSystemDirectoryA
lstrcpyA
CreateFileA
WriteFile
CloseHandle
EnterCriticalSection
HeapReAlloc

user32

wsprintfA
CharUpperW
CharLowerA
wsprintfW

advapi32

CryptHashData
CryptEncrypt
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CryptCreateHash
CryptAcquireContextA
CryptDecrypt
RegOpenKeyExA
CryptDeriveKey

ole32

StringFromIID
CoGetMalloc

oleaut32

SysAllocString
SysFreeString

wininet

InternetConnectA
InternetCrackUrlW
InternetCrackUrlA

urlmon

CoInternetCombineUrl

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d61b1e14d3a0278d6875fd239de6556d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

wininet

urlmon

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB