6a4b020df814d4735fad1870ca7b8ed0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6a4b020df814d4735fad1870ca7b8ed0N.exe
Size

216KB
MD5

6a4b020df814d4735fad1870ca7b8ed0
SHA1

bd47e6c35553102cb913d2f873a9494fb22b5d60
SHA256

c83f17a14f5233480aa389d4c716d0a354ac4e13da8e5c417d48731a5454a89f
SHA512

b14d73e16547d5fe7362138efe32436f7f6ebb64e098b433b3c2cff7390afcf6ef431d5648c7a5c77494d8b321f49c0d91cb0276e7b474d3f449ae89452da1a4
SSDEEP

6144:7FyYoNKHe/XnKZT2Xkck03xLohXihp6v1SuYc:obD9onvsuYc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a4b020df814d4735fad1870ca7b8ed0N.exe

Files

6a4b020df814d4735fad1870ca7b8ed0N.exe
.dll windows:10 windows x86 arch:x86

9836f7007d8f7a0ba834ba656a61440d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

OpenCL.pdb

Imports

msvcp_win

?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
??Bid@locale@std@@QAEIXZ
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBG1AAPBGPAD3AAPAD@Z
??0?$codecvt@GDU_Mbstatet@@@std@@QAE@I@Z
??1?$codecvt@GDU_Mbstatet@@@std@@MAE@XZ
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPBD@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o___stdio_common_vswprintf
_o__callnewh
_o__cexit
_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
memmove
_o___stdio_common_vsnprintf_s
_o_free
_o_malloc
_o_wcscat_s
_o_wcscpy_s
_o_wcstombs_s
_except_handler4_common
_CxxThrowException
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
strchr
memcmp
__std_terminate
__CxxFrameHandler3
memcpy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA
GetModuleFileNameA
GetProcAddress
GetModuleHandleW
FreeLibrary
DisableThreadLibraryCalls
GetModuleHandleExW

api-ms-win-core-registry-l1-1-0

RegEnumValueA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-security-base-l1-1-0

GetTokenInformation
GetSidSubAuthority
GetSidSubAuthorityCount

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
OpenProcessToken
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-devices-config-l1-1-1

CM_Get_Device_ID_ListW
CM_Get_Child
CM_Get_DevNode_PropertyW
CM_Locate_DevNodeW
CM_Get_Device_ID_List_SizeW
CM_Open_DevNode_Key
CM_Get_Sibling
CM_Get_Device_IDW
CM_Get_DevNode_Status

api-ms-win-core-com-l1-1-0

StringFromGUID2

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
EnterCriticalSection
AcquireSRWLockShared
CreateMutexExW
LeaveCriticalSection
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
ReleaseSemaphore
ReleaseSRWLockShared
ReleaseMutex

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoActivateInstance
RoInitialize

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

clBuildProgram
clCloneKernel
clCompileProgram
clCreateBuffer
clCreateBufferWithProperties
clCreateCommandQueue
clCreateCommandQueueWithProperties
clCreateContext
clCreateContextFromType
clCreateFromGLBuffer
clCreateFromGLRenderbuffer
clCreateFromGLTexture
clCreateFromGLTexture2D
clCreateFromGLTexture3D
clCreateImage
clCreateImage2D
clCreateImage3D
clCreateImageWithProperties
clCreateKernel
clCreateKernelsInProgram
clCreatePipe
clCreateProgramWithBinary
clCreateProgramWithBuiltInKernels
clCreateProgramWithIL
clCreateProgramWithSource
clCreateSampler
clCreateSamplerWithProperties
clCreateSubBuffer
clCreateSubDevices
clCreateUserEvent
clEnqueueAcquireGLObjects
clEnqueueBarrier
clEnqueueBarrierWithWaitList
clEnqueueCopyBuffer
clEnqueueCopyBufferRect
clEnqueueCopyBufferToImage
clEnqueueCopyImage
clEnqueueCopyImageToBuffer
clEnqueueFillBuffer
clEnqueueFillImage
clEnqueueMapBuffer
clEnqueueMapImage
clEnqueueMarker
clEnqueueMarkerWithWaitList
clEnqueueMigrateMemObjects
clEnqueueNDRangeKernel
clEnqueueNativeKernel
clEnqueueReadBuffer
clEnqueueReadBufferRect
clEnqueueReadImage
clEnqueueReleaseGLObjects
clEnqueueSVMFree
clEnqueueSVMMap
clEnqueueSVMMemFill
clEnqueueSVMMemcpy
clEnqueueSVMMigrateMem
clEnqueueSVMUnmap
clEnqueueTask
clEnqueueUnmapMemObject
clEnqueueWaitForEvents
clEnqueueWriteBuffer
clEnqueueWriteBufferRect
clEnqueueWriteImage
clFinish
clFlush
clGetCommandQueueInfo
clGetContextInfo
clGetDeviceAndHostTimer
clGetDeviceIDs
clGetDeviceInfo
clGetEventInfo
clGetEventProfilingInfo
clGetExtensionFunctionAddress
clGetExtensionFunctionAddressForPlatform
clGetGLObjectInfo
clGetGLTextureInfo
clGetHostTimer
clGetImageInfo
clGetKernelArgInfo
clGetKernelInfo
clGetKernelSubGroupInfo
clGetKernelWorkGroupInfo
clGetMemObjectInfo
clGetPipeInfo
clGetPlatformIDs
clGetPlatformInfo
clGetProgramBuildInfo
clGetProgramInfo
clGetSamplerInfo
clGetSupportedImageFormats
clLinkProgram
clReleaseCommandQueue
clReleaseContext
clReleaseDevice
clReleaseEvent
clReleaseKernel
clReleaseMemObject
clReleaseProgram
clReleaseSampler
clRetainCommandQueue
clRetainContext
clRetainDevice
clRetainEvent
clRetainKernel
clRetainMemObject
clRetainProgram
clRetainSampler
clSVMAlloc
clSVMFree
clSetCommandQueueProperty
clSetContextDestructorCallback
clSetDefaultDeviceCommandQueue
clSetEventCallback
clSetKernelArg
clSetKernelArgSVMPointer
clSetKernelExecInfo
clSetMemObjectDestructorCallback
clSetProgramReleaseCallback
clSetProgramSpecializationConstant
clSetUserEventStatus
clUnloadCompiler
clUnloadPlatformCompiler
clWaitForEvents

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9836f7007d8f7a0ba834ba656a61440d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-string-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-devices-config-l1-1-1

api-ms-win-core-com-l1-1-0

api-ms-win-core-wow64-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 63KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 6KB - Virtual size: 5KB

.didat Size: 512B - Virtual size: 8B

.rsrc Size: 1024B - Virtual size: 824B

.reloc Size: 143KB - Virtual size: 143KB

.text
Size: 64KB - Virtual size: 63KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 6KB - Virtual size: 5KB

.didat
Size: 512B - Virtual size: 8B

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 143KB - Virtual size: 143KB