6e34dc7fd017318842b76d4ae684c3f0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

6e34dc7fd017318842b76d4ae684c3f0N.exe
Size

268KB
MD5

6e34dc7fd017318842b76d4ae684c3f0
SHA1

7d81567a328be2fa446f063343322019d3085d8b
SHA256

34f75710cb681c5aa903f065a74ccbe70a13cb8d0f5c8884c8917c76e8ed86b8
SHA512

d5e3e45494e9d63df76a2d0fd3a146186bf25d3ecc6cae0794ff28119374e36ad3bf0c8fdb49d83d83790a64d9f3e32bf69ccdd02c33da362b938e88de25123b
SSDEEP

3072:cjtJIQU1ozn5Xol5tOhfz/kP11hwjYYLA7M+HmiWJlCu0xcfjtHX8:cjtLUY5XKty/klHYLAM+GiW19X8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6e34dc7fd017318842b76d4ae684c3f0N.exe

Files

6e34dc7fd017318842b76d4ae684c3f0N.exe
.exe windows:4 windows x86 arch:x86

b79949378cba5c4bf7a80447425232e0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dinput

DirectInputCreateA

winmm

timeGetTime

ws2_32

WSAGetLastError
socket
htons
gethostbyname
gethostname
closesocket
recv
send
connect
WSAStartup
WSACleanup

shlwapi

PathRemoveFileSpecA
PathRenameExtensionW

kernel32

CreateFileW
CreateFileA
GetLocaleInfoW
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
GetLastError
CreateMutexA
GetModuleFileNameA
CloseHandle
GetLocaleInfoA
LocalFree
FormatMessageA
GetModuleFileNameW
SetCurrentDirectoryA
GetDateFormatA
GetTimeFormatA
Sleep
CreateDirectoryW
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetLocalTime
CreateThread
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
ReadFile
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetProcAddress
GetModuleHandleA
ExitProcess
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
SetHandleCount
GetStdHandle
GetFileType
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
InterlockedExchange
LoadLibraryA
InitializeCriticalSection
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
MultiByteToWideChar
SetEndOfFile

user32

MessageBoxA
MessageBoxW
GetCursorPos

Sections

.text
Size: 212KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b79949378cba5c4bf7a80447425232e0

Headers

File Characteristics

Imports

dinput

winmm

ws2_32

shlwapi

kernel32

user32

Sections

.text Size: 212KB - Virtual size: 210KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 12KB - Virtual size: 19KB

.rsrc Size: 4KB - Virtual size: 176B

.text
Size: 212KB - Virtual size: 210KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 12KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 176B