6f1e65462ada0140bead1d75e6a8db30N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6f1e65462ada0140bead1d75e6a8db30N.exe
Size

271KB
MD5

6f1e65462ada0140bead1d75e6a8db30
SHA1

cda7e53e97281d210225674372a72b84ab4745d9
SHA256

8c06dc850c3cbbfcaeaba8648624b3469542a1f8d4c976a83202d3004ffd5f3b
SHA512

2246da9cd65a187f11354f2428fe132ba69d11e742f301441e6bd8dfe5d31337c914c4ff17c9435264e839154131dadceed6e96c273188340c560492c058d098
SSDEEP

6144:faW+zdAZxWvg3wCLYMkLSiUqrj7j4KK8PCI:f+gHLYMG7j46

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f1e65462ada0140bead1d75e6a8db30N.exe

Files

6f1e65462ada0140bead1d75e6a8db30N.exe
.exe windows:4 windows x86 arch:x86

948ab9470a9409ae58983819c6ccd6ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
HeapAlloc
HeapFree
VirtualAlloc
GetCommandLineW
WriteConsoleInputW
WriteConsoleInputA
GetSystemTimeAdjustment
UpdateResourceA
SetComputerNameA
GetPrivateProfileSectionW
GetNumberOfConsoleInputEvents
GetShortPathNameA
GetThreadSelectorEntry
SetVolumeLabelA
GetLogicalDriveStringsW
GetFileInformationByHandle
WriteConsoleOutputCharacterW
WriteProfileStringA
SetThreadContext

advapi32

RegOpenKeyExA
CryptVerifySignatureA
RegQueryValueExW
RegQueryMultipleValuesA
LookupPrivilegeValueW
CryptContextAddRef
RegEnumKeyA
LookupSecurityDescriptorPartsA
CreateServiceA
CryptSetKeyParam
RegEnumKeyExW
CryptGetProvParam
RegEnumValueA
RegReplaceKeyW
RegSetValueExW
ReportEventA
RegOpenKeyExW
RegReplaceKeyA
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyW
StartServiceW
DuplicateTokenEx
CryptSetProviderA
RegEnumValueW
LookupAccountNameW
CryptHashSessionKey
InitiateSystemShutdownA
CryptGetUserKey
CryptDeriveKey
RegCreateKeyA
RegQueryValueW
RegSetValueW
RevertToSelf
ReportEventW
RegDeleteKeyA
InitiateSystemShutdownW
RegSetValueA
RegConnectRegistryA
CryptGetDefaultProviderW
RegCreateKeyExW
RegFlushKey
RegRestoreKeyW
RegQueryValueA
CreateServiceW
CryptReleaseContext
CryptEnumProviderTypesA
LookupAccountSidW
CryptGetDefaultProviderA
CryptCreateHash
AbortSystemShutdownW
LogonUserW
CryptImportKey
RegLoadKeyA
RegQueryValueExA
RegOpenKeyW
RegCreateKeyW
CryptSignHashA
CryptSetProviderExW
CryptDestroyKey
RegDeleteValueA
LogonUserA
CryptGenRandom
CryptSignHashW
CryptGenKey
RegCreateKeyExA
RegDeleteValueW
CryptEnumProvidersW
AbortSystemShutdownA
RegEnumKeyExA
LookupPrivilegeValueA
CryptSetHashParam
LookupPrivilegeDisplayNameA
CryptAcquireContextW
RegSaveKeyW
CryptSetProviderW
CryptEncrypt
DuplicateToken
CryptVerifySignatureW
CryptDuplicateKey
RegQueryMultipleValuesW
LookupAccountSidA
StartServiceA
CryptAcquireContextA
LookupPrivilegeNameW
CryptHashData
CryptEnumProviderTypesW
CryptGetKeyParam
RegLoadKeyW
RegConnectRegistryW
InitializeSecurityDescriptor
LookupPrivilegeDisplayNameW
LookupSecurityDescriptorPartsW
CryptDestroyHash
CryptSetProvParam

comdlg32

PrintDlgW
PageSetupDlgA
GetFileTitleW
ChooseColorW

Sections

.text
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

948ab9470a9409ae58983819c6ccd6ea

Headers

File Characteristics

Imports

kernel32

advapi32

comdlg32

Sections

.text Size: 138KB - Virtual size: 138KB

.data Size: 112KB - Virtual size: 112KB

.reloc Size: 19KB - Virtual size: 19KB

.text
Size: 138KB - Virtual size: 138KB

.data
Size: 112KB - Virtual size: 112KB

.reloc
Size: 19KB - Virtual size: 19KB