b48Bgeco4hXV0EUw[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

b48Bgeco4hXV0EUw.exe
Size

12.5MB
MD5

6dcafe205c42486ea9100ecc7b783e19
SHA1

a0e9937036cdbaa7a928418c67a11cd2cdc48842
SHA256

e3b7264fa3bf1b63853726decbf86bbabb7704359b4bee9639120e6929e10def
SHA512

8385cbd582cc4fef9cdbbcdb66411c4c42f32405945fdf215bb6cf2f943425f969f00ece0a2eb92153672839e5bfb61dd59ead5089c54444fb2c26881b778a0c
SSDEEP

196608:ugDy7lLb2gpkYaFlBN+46/e8wS93L55Pd0tSHWt0Z6bd1p6ArTmRUb:ugy32gGFlz+4meTS9WWY0iJeU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b48Bgeco4hXV0EUw.exe

Files

b48Bgeco4hXV0EUw.exe
.exe windows:6 windows x64 arch:x64

Password: infected

1950080942d2c2c2f25f001f7a51205a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

VerSetConditionMask

kernel32

SetLastError
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

CloseClipboard

advapi32

SystemFunction036

msvcp140

?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception

api-ms-win-crt-runtime-l1-1-0

_errno

api-ms-win-crt-stdio-l1-1-0

fputc

api-ms-win-crt-heap-l1-1-0

_set_new_mode

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-filesystem-l1-1-0

_wstat64

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-time-l1-1-0

strftime

api-ms-win-crt-string-l1-1-0

tolower

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

ws2_32

WSAIoctl

crypt32

PFXImportCertStore

Sections

.text
Size: - Virtual size: 557KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.grh0
Size: - Virtual size: 7.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.grh1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.grh2
Size: 12.5MB - Virtual size: 12.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

1950080942d2c2c2f25f001f7a51205a

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

advapi32

msvcp140

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

ws2_32

crypt32

Sections

.text Size: - Virtual size: 557KB

.rdata Size: - Virtual size: 164KB

.data Size: - Virtual size: 7KB

.pdata Size: - Virtual size: 23KB

.grh0 Size: - Virtual size: 7.3MB

.grh1 Size: 4KB - Virtual size: 4KB

.grh2 Size: 12.5MB - Virtual size: 12.5MB

.reloc Size: 512B - Virtual size: 296B

.rsrc Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 557KB

.rdata
Size: - Virtual size: 164KB

.data
Size: - Virtual size: 7KB

.pdata
Size: - Virtual size: 23KB

.grh0
Size: - Virtual size: 7.3MB

.grh1
Size: 4KB - Virtual size: 4KB

.grh2
Size: 12.5MB - Virtual size: 12.5MB

.reloc
Size: 512B - Virtual size: 296B

.rsrc
Size: 512B - Virtual size: 469B