15b705de9c95614e69759edea4988f10N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

15b705de9c95614e69759edea4988f10N.exe
Size

93KB
MD5

15b705de9c95614e69759edea4988f10
SHA1

09d8087be3af1b97ceb7366bc3a3bd5203f97f60
SHA256

01b54fcbc959501cca917fa142f0f850527785c09836173407ed6e39c10fcdb9
SHA512

62915845cdf21cae9357fae24e521072335f9168a3b23e935d6ab20a478d7d0cebff909036105c012dcd960924b9e1b8cae47f491eaae40ee8f0e382d21a41f4
SSDEEP

1536:VEot9GHZeXIvRotQPU9w969qeWZDDFEPHPAiUswXGHPn57FIS:VEAsZeYvnnCqeWZDDFEPHPAipwKh7F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15b705de9c95614e69759edea4988f10N.exe

Files

15b705de9c95614e69759edea4988f10N.exe
.exe windows:4 windows x86 arch:x86

c4d74f2917941af5dba0e08636e8913c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__assert
__errno
__getreent
__main
_exit
_fopen64
_impure_ptr
_open64
_stat64
abort
access
atoi
basename
calloc
chdir
chmod
close
cygwin_conv_to_full_win32_path
cygwin_internal
dll_crt0__FP11per_process
dup2
endmntent
execv
exit
fclose
fork
fprintf
fputc
free
fscanf
getenv
getmntent
getopt_long
getpass
getpid
getpwnam
kill
malloc
memset
mkdir
openlog
optarg
optind
printf
pthread_atfork
pthread_create
pthread_getspecific
pthread_key_create
pthread_mutex_lock
pthread_mutex_unlock
pthread_once
pthread_setspecific
puts
realloc
setenv
setmntent
setpgrp
signal
sleep
snprintf
sprintf
strcasecmp
strcat
strchr
strcmp
strcpy
strdup
strerror
strlen
strncat
strrchr
strsignal
strstr
strtosigno
syslog
time
unlink
waitpid

advapi32

CloseServiceHandle
ControlService
CreateServiceA
DeleteService
EnumServicesStatusA
OpenSCManagerA
OpenServiceA
QueryServiceConfigA
QueryServiceStatus
RegCloseKey
RegConnectRegistryA
RegCreateKeyExA
RegEnumValueA
RegFlushKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceA
StartServiceCtrlDispatcherA

kernel32

AddAtomA
AllocConsole
CloseHandle
EnterCriticalSection
FindAtomA
FormatMessageA
FreeConsole
GetAtomNameA
GetExitCodeProcess
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetTickCount
GetVersion
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
OpenProcess
SetConsoleTitleA
SetLastError
Sleep
WaitForSingleObject

user32

BringWindowToTop
GetForegroundWindow
GetTopWindow
SetForegroundWindow

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kekiegi
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c4d74f2917941af5dba0e08636e8913c

Headers

File Characteristics

Imports

cygwin1

advapi32

kernel32

user32

Sections

.text Size: 48KB - Virtual size: 47KB

.data Size: 1KB - Virtual size: 1KB

.rdata Size: 12KB - Virtual size: 11KB

.bss Size: - Virtual size: 21KB

.idata Size: 31KB - Virtual size: 32KB

kekiegi Size: - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 47KB

.data
Size: 1KB - Virtual size: 1KB

.rdata
Size: 12KB - Virtual size: 11KB

.bss
Size: - Virtual size: 21KB

.idata
Size: 31KB - Virtual size: 32KB

kekiegi
Size: - Virtual size: 4KB