46bc015ab11605da099d0a56dfd24d80N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

46bc015ab11605da099d0a56dfd24d80N.exe
Size

202KB
MD5

46bc015ab11605da099d0a56dfd24d80
SHA1

0e8460b7566f670e49eaa9d81f258e8d64becf6a
SHA256

4ceda4b8349bd828280a02abc20a0831a331ff78c1e85f0446c5f0c3dc83ece3
SHA512

920b7b7df4bce7a08587a45a41efeae30a19c47f396e02a061dbf7a79c1a366a69f7c9a8e8ac34951734de01940044579d76cf54a8b935f920df1e70b6355ca4
SSDEEP

6144:1/DJqlH2lzQ4uidU1T0MMCNEt6bmHFkYbvq/sfAQ0Qh:17wlH2lzpuidU1wlCNEplvbvq/sYF8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46bc015ab11605da099d0a56dfd24d80N.exe

Files

46bc015ab11605da099d0a56dfd24d80N.exe
.exe windows:4 windows x86 arch:x86

a4801f47200e684d30d217a706e60905

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

libgnutls-30

gnutls_alert_get
gnutls_alert_get_name
gnutls_alert_send
gnutls_alert_send_appropriate
gnutls_alpn_get_selected_protocol
gnutls_alpn_set_protocols
gnutls_anon_allocate_server_credentials
gnutls_anon_set_server_known_dh_params
gnutls_anon_set_server_params_function
gnutls_anti_replay_enable
gnutls_anti_replay_init
gnutls_anti_replay_set_add_function
gnutls_anti_replay_set_ptr
gnutls_auth_get_type
gnutls_bye
gnutls_certificate_allocate_credentials
gnutls_certificate_client_get_request_status
gnutls_certificate_get_ours
gnutls_certificate_get_peers
gnutls_certificate_server_set_request
gnutls_certificate_set_flags
gnutls_certificate_set_known_dh_params
gnutls_certificate_set_ocsp_status_request_file
gnutls_certificate_set_params_function
gnutls_certificate_set_rawpk_key_file
gnutls_certificate_set_verify_function
gnutls_certificate_set_x509_crl_file
gnutls_certificate_set_x509_key_file
gnutls_certificate_set_x509_trust_file
gnutls_certificate_type_get
gnutls_certificate_type_get2
gnutls_certificate_type_get_name
gnutls_certificate_type_list
gnutls_certificate_verification_status_print
gnutls_certificate_verify_peers
gnutls_cipher_get
gnutls_cipher_get_name
gnutls_cipher_list
gnutls_cipher_suite_get_name
gnutls_cipher_suite_info
gnutls_compress_certificate_set_methods
gnutls_compression_get
gnutls_compression_get_id
gnutls_compression_get_name
gnutls_compression_list
gnutls_credentials_set
gnutls_db_check_entry_expire_time
gnutls_db_set_ptr
gnutls_db_set_remove_function
gnutls_db_set_retrieve_function
gnutls_db_set_store_function
gnutls_deinit
gnutls_dh_get_group
gnutls_dh_get_peers_public_bits
gnutls_dh_get_prime_bits
gnutls_dh_get_secret_bits
gnutls_dh_params_deinit
gnutls_dh_params_export_pkcs3
gnutls_dh_params_generate2
gnutls_dh_params_import_pkcs3
gnutls_dh_params_import_raw
gnutls_dh_params_init
gnutls_digest_get_name
gnutls_digest_list
gnutls_dtls_cookie_send
gnutls_dtls_cookie_verify
gnutls_dtls_prestate_set
gnutls_dtls_set_mtu
gnutls_ecc_curve_get
gnutls_ecc_curve_get_name
gnutls_ecc_curve_get_size
gnutls_error_is_fatal
gnutls_free
gnutls_global_init
gnutls_global_set_audit_log_function
gnutls_global_set_log_function
gnutls_global_set_log_level
gnutls_global_set_time_function
gnutls_group_get
gnutls_group_get_name
gnutls_group_list
gnutls_handshake
gnutls_handshake_set_post_client_hello_function
gnutls_handshake_set_private_extensions
gnutls_handshake_set_timeout
gnutls_heartbeat_enable
gnutls_heartbeat_ping
gnutls_heartbeat_pong
gnutls_hex_encode2
gnutls_init
gnutls_key_generate
gnutls_kx_get
gnutls_kx_get_name
gnutls_kx_list
gnutls_load_file
gnutls_mac_get
gnutls_mac_get_name
gnutls_mac_list
gnutls_malloc
gnutls_memset
gnutls_ocsp_status_request_is_checked
gnutls_pcert_deinit
gnutls_pcert_import_rawpk_raw
gnutls_pem_base64_encode
gnutls_pk_algorithm_get_name
gnutls_pk_list
gnutls_pkcs11_add_provider
gnutls_pkcs11_init
gnutls_pkcs11_set_pin_function
gnutls_pkcs11_set_token_function
gnutls_prf_rfc5705
gnutls_priority_cipher_list
gnutls_priority_deinit
gnutls_priority_get_cipher_suite_index
gnutls_priority_group_list
gnutls_priority_init
gnutls_priority_kx_list
gnutls_priority_mac_list
gnutls_priority_protocol_list
gnutls_priority_set_direct
gnutls_priority_sign_list
gnutls_protocol_get_name
gnutls_protocol_get_version
gnutls_protocol_list
gnutls_psk_allocate_server_credentials
gnutls_psk_client_get_hint
gnutls_psk_server_get_username
gnutls_psk_server_get_username2
gnutls_psk_set_server_credentials_file
gnutls_psk_set_server_credentials_hint
gnutls_psk_set_server_known_dh_params
gnutls_psk_set_server_params_function
gnutls_pubkey_export2
gnutls_pubkey_get_pk_algorithm
gnutls_reauth
gnutls_record_recv
gnutls_record_recv_early_data
gnutls_record_recv_seq
gnutls_record_send
gnutls_record_set_max_early_data_size
gnutls_record_set_max_recv_size
gnutls_rehandshake
gnutls_safe_renegotiation_status
gnutls_sec_param_to_pk_bits
gnutls_server_name_get
gnutls_session_channel_binding
gnutls_session_etm_status
gnutls_session_ext_master_secret_status
gnutls_session_get_desc
gnutls_session_get_id
gnutls_session_get_ptr
gnutls_session_is_resumed
gnutls_session_set_ptr
gnutls_session_ticket_enable_server
gnutls_session_ticket_key_generate
gnutls_set_default_priority
gnutls_sign_algorithm_get
gnutls_sign_algorithm_get_client
gnutls_sign_get_name
gnutls_sign_list
gnutls_srtp_get_profile_name
gnutls_srtp_get_selected_profile
gnutls_srtp_set_profile_direct
gnutls_strerror
gnutls_transport_is_ktls_enabled
gnutls_transport_set_errno
gnutls_transport_set_int2
gnutls_transport_set_ptr
gnutls_transport_set_pull_function
gnutls_transport_set_pull_timeout_function
gnutls_transport_set_push_function
gnutls_x509_crt_deinit
gnutls_x509_crt_export2
gnutls_x509_crt_import
gnutls_x509_crt_init
gnutls_x509_crt_print

kernel32

CloseHandle
CreateEventA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FormatMessageW
FreeLibrary
GetConsoleMode
GetCurrentProcess
GetEnvironmentVariableW
GetFileInformationByHandle
GetFileType
GetFinalPathNameByHandleA
GetHandleInformation
GetLastError
GetModuleHandleA
GetModuleHandleW
GetNumberOfConsoleInputEvents
GetProcAddress
InitializeCriticalSection
IsDBCSLeadByteEx
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
PeekConsoleInputA
PeekNamedPipe
SetUnhandledExceptionFilter
Sleep
SleepEx
TerminateProcess
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

__getmainargs
__initenv
__mb_cur_max
__p___argv
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_assert
_cexit
_close
_dup2
_environ
_errno
_fdopen
_fileno
_get_osfhandle
_getch
_getmaxstdio
_initterm
_iob
_lock
_onexit
_open
_open_osfhandle
_putenv
_setmaxstdio
_setmode
_stricmp
_tzset
_unlock
abort
atoi
calloc
clock
exit
fclose
fflush
fgets
fopen
fprintf
fputc
fputs
fread
free
fwrite
getenv
localeconv
malloc
memcmp
memcpy
memset
localtime
gmtime
perror
putc
realloc
setlocale
signal
strchr
strcmp
strcpy
strerror
strftime
strlen
strncmp
strspn
strstr
strtol
vfprintf
time
wcslen
wcstombs
_tzname
_write

libwinpthread-1

clock_gettime

user32

DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage

ws2_32

WSACleanup
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSASocketW
WSAStartup
accept
bind
closesocket
freeaddrinfo
getaddrinfo
getnameinfo
getpeername
ioctlsocket
listen
recv
recvfrom
select
send
sendto
setsockopt
shutdown

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4801f47200e684d30d217a706e60905

Headers

DLL Characteristics

File Characteristics

Imports

libgnutls-30

kernel32

msvcrt

libwinpthread-1

user32

ws2_32

Sections

.text Size: 130KB - Virtual size: 129KB

.data Size: 512B - Virtual size: 140B

.rdata Size: 31KB - Virtual size: 31KB

/4 Size: 19KB - Virtual size: 18KB

.bss Size: - Virtual size: 9KB

.idata Size: 11KB - Virtual size: 11KB

.CRT Size: 512B - Virtual size: 48B

.tls Size: 512B - Virtual size: 8B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 130KB - Virtual size: 129KB

.data
Size: 512B - Virtual size: 140B

.rdata
Size: 31KB - Virtual size: 31KB

/4
Size: 19KB - Virtual size: 18KB

.bss
Size: - Virtual size: 9KB

.idata
Size: 11KB - Virtual size: 11KB

.CRT
Size: 512B - Virtual size: 48B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 8KB - Virtual size: 7KB