6bbb792061ef218af9c519090abdf400N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6bbb792061ef218af9c519090abdf400N.exe
Size

278KB
MD5

6bbb792061ef218af9c519090abdf400
SHA1

373e9c46576fd5f5509925e2e26bc8200915d583
SHA256

6fad2e8ce9881b1f58e2ea491c41b3e871f7317db2fcfd9c07d978dbda2c5621
SHA512

f51b28b9afc0c09c66999c22d65b95b5128ac6c8903eac4339a722326b9fb3bf28d6f09bda4e1e16e78e1708a39a40b0af2cc41e933edfd5ad27f9bbc15fea3a
SSDEEP

6144:ZGPXvDzAcH0eDFbMJhWFR00AsgXUvH/DkkEilQ2GWw:Zwf3FR0vsUUvH/s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6bbb792061ef218af9c519090abdf400N.exe

Files

6bbb792061ef218af9c519090abdf400N.exe
.exe windows:4 windows x86 arch:x86

c5c463ae014f541a0087754d8f52daeb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

libgnutls-30

gnutls_alpn_get_selected_protocol
gnutls_auth_get_type
gnutls_certificate_client_get_request_status
gnutls_certificate_get_ours
gnutls_certificate_get_peers
gnutls_certificate_server_set_request
gnutls_certificate_type_get
gnutls_certificate_type_get2
gnutls_certificate_type_get_name
gnutls_certificate_type_list
gnutls_certificate_verification_profile_get_id
gnutls_certificate_verification_status_print
gnutls_certificate_verify_peers
gnutls_cipher_get
gnutls_cipher_get_name
gnutls_cipher_list
gnutls_cipher_suite_info
gnutls_compress_certificate_set_methods
gnutls_compression_get_id
gnutls_compression_get_name
gnutls_compression_list
gnutls_dh_get_group
gnutls_dh_get_peers_public_bits
gnutls_dh_get_prime_bits
gnutls_dh_get_secret_bits
gnutls_dh_params_deinit
gnutls_dh_params_export_pkcs3
gnutls_dh_params_export_raw
gnutls_dh_params_generate2
gnutls_dh_params_import_dsa
gnutls_dh_params_import_pkcs3
gnutls_dh_params_import_raw
gnutls_dh_params_import_raw2
gnutls_dh_params_init
gnutls_digest_get_id
gnutls_digest_get_name
gnutls_digest_list
gnutls_ecc_curve_get
gnutls_ecc_curve_get_name
gnutls_ecc_curve_get_size
gnutls_ecc_curve_list
gnutls_ffdhe_2048_group_generator
gnutls_ffdhe_2048_group_prime
gnutls_ffdhe_2048_key_bits
gnutls_ffdhe_3072_group_generator
gnutls_ffdhe_3072_group_prime
gnutls_ffdhe_3072_key_bits
gnutls_ffdhe_4096_group_generator
gnutls_ffdhe_4096_group_prime
gnutls_ffdhe_4096_key_bits
gnutls_ffdhe_6144_group_generator
gnutls_ffdhe_6144_group_prime
gnutls_ffdhe_6144_key_bits
gnutls_ffdhe_8192_group_generator
gnutls_ffdhe_8192_group_prime
gnutls_ffdhe_8192_key_bits
gnutls_free
gnutls_global_deinit
gnutls_global_init
gnutls_global_set_log_function
gnutls_global_set_log_level
gnutls_global_set_time_function
gnutls_gost_paramset_get_name
gnutls_group_get
gnutls_group_get_name
gnutls_group_list
gnutls_hash_get_len
gnutls_heartbeat_ping
gnutls_hex2bin
gnutls_hex_decode
gnutls_hex_decode2
gnutls_hex_encode
gnutls_hex_encode2
gnutls_kx_get
gnutls_kx_get_name
gnutls_kx_list
gnutls_load_file
gnutls_mac_get
gnutls_mac_get_name
gnutls_mac_list
gnutls_malloc
gnutls_memset
gnutls_ocsp_status_request_is_checked
gnutls_pcert_deinit
gnutls_pcert_import_rawpk_raw
gnutls_pem_base64_encode
gnutls_pem_base64_encode2
gnutls_pk_algorithm_get_name
gnutls_pk_bits_to_sec_param
gnutls_pk_get_name
gnutls_pk_list
gnutls_pkcs11_add_provider
gnutls_pkcs11_deinit
gnutls_pkcs11_init
gnutls_pkcs11_set_pin_function
gnutls_pkcs11_set_token_function
gnutls_pkcs12_bag_decrypt
gnutls_pkcs12_bag_deinit
gnutls_pkcs12_bag_enc_info
gnutls_pkcs12_bag_encrypt
gnutls_pkcs12_bag_get_count
gnutls_pkcs12_bag_get_data
gnutls_pkcs12_bag_get_friendly_name
gnutls_pkcs12_bag_get_key_id
gnutls_pkcs12_bag_get_type
gnutls_pkcs12_bag_init
gnutls_pkcs12_bag_set_crl
gnutls_pkcs12_bag_set_crt
gnutls_pkcs12_bag_set_data
gnutls_pkcs12_bag_set_friendly_name
gnutls_pkcs12_bag_set_key_id
gnutls_pkcs12_deinit
gnutls_pkcs12_export
gnutls_pkcs12_generate_mac3
gnutls_pkcs12_get_bag
gnutls_pkcs12_import
gnutls_pkcs12_init
gnutls_pkcs12_mac_info
gnutls_pkcs12_set_bag
gnutls_pkcs12_verify_mac
gnutls_pkcs7_deinit
gnutls_pkcs7_export
gnutls_pkcs7_export2
gnutls_pkcs7_get_embedded_data
gnutls_pkcs7_get_embedded_data_oid
gnutls_pkcs7_get_signature_info
gnutls_pkcs7_import
gnutls_pkcs7_init
gnutls_pkcs7_print
gnutls_pkcs7_print_signature_info
gnutls_pkcs7_set_crl
gnutls_pkcs7_set_crt
gnutls_pkcs7_sign
gnutls_pkcs7_signature_info_deinit
gnutls_pkcs7_verify
gnutls_pkcs7_verify_direct
gnutls_pkcs8_info
gnutls_pkcs_schema_get_name
gnutls_pkcs_schema_get_oid
gnutls_prf_rfc5705
gnutls_priority_cipher_list
gnutls_priority_deinit
gnutls_priority_get_cipher_suite_index
gnutls_priority_group_list
gnutls_priority_init
gnutls_priority_kx_list
gnutls_priority_mac_list
gnutls_priority_protocol_list
gnutls_priority_sign_list
gnutls_privkey_deinit
gnutls_privkey_get_spki
gnutls_privkey_import_url
gnutls_privkey_import_x509
gnutls_privkey_import_x509_raw
gnutls_privkey_init
gnutls_privkey_verify_seed
gnutls_protocol_get_name
gnutls_protocol_get_version
gnutls_protocol_list
gnutls_psk_client_get_hint
gnutls_psk_server_get_username2
gnutls_pubkey_deinit
gnutls_pubkey_export
gnutls_pubkey_export2
gnutls_pubkey_get_key_id
gnutls_pubkey_get_pk_algorithm
gnutls_pubkey_get_preferred_hash_algorithm
gnutls_pubkey_import
gnutls_pubkey_import_privkey
gnutls_pubkey_import_url
gnutls_pubkey_import_x509
gnutls_pubkey_import_x509_crq
gnutls_pubkey_import_x509_raw
gnutls_pubkey_init
gnutls_pubkey_print
gnutls_reauth
gnutls_rehandshake
gnutls_rnd
gnutls_safe_renegotiation_status
gnutls_sec_param_get_name
gnutls_sec_param_to_pk_bits
gnutls_server_name_get
gnutls_session_channel_binding
gnutls_session_etm_status
gnutls_session_ext_master_secret_status
gnutls_session_get_desc
gnutls_session_get_id
gnutls_sign_algorithm_get
gnutls_sign_algorithm_get_client
gnutls_sign_get_name
gnutls_sign_list
gnutls_srtp_get_profile_name
gnutls_srtp_get_selected_profile
gnutls_strdup
gnutls_strerror
gnutls_transport_is_ktls_enabled
gnutls_url_is_supported
gnutls_x509_cidr_to_rfc5280
gnutls_x509_crl_deinit
gnutls_x509_crl_export2
gnutls_x509_crl_get_issuer_dn3
gnutls_x509_crl_get_number
gnutls_x509_crl_import
gnutls_x509_crl_init
gnutls_x509_crl_list_import2
gnutls_x509_crl_print
gnutls_x509_crl_privkey_sign
gnutls_x509_crl_set_authority_key_id
gnutls_x509_crl_set_crt
gnutls_x509_crl_set_next_update
gnutls_x509_crl_set_number
gnutls_x509_crl_set_this_update
gnutls_x509_crl_set_version
gnutls_x509_crl_verify
gnutls_x509_crq_deinit
gnutls_x509_crq_export
gnutls_x509_crq_import
gnutls_x509_crq_init
gnutls_x509_crq_print
gnutls_x509_crq_privkey_sign
gnutls_x509_crq_set_basic_constraints
gnutls_x509_crq_set_challenge_password
gnutls_x509_crq_set_dn
gnutls_x509_crq_set_dn_by_oid
gnutls_x509_crq_set_extension_by_oid
gnutls_x509_crq_set_key_purpose_oid
gnutls_x509_crq_set_key_usage
gnutls_x509_crq_set_pubkey
gnutls_x509_crq_set_subject_alt_name
gnutls_x509_crq_set_subject_alt_othername
gnutls_x509_crq_set_tlsfeatures
gnutls_x509_crq_verify
gnutls_x509_crt_check_key_purpose
gnutls_x509_crt_deinit
gnutls_x509_crt_export2
gnutls_x509_crt_get_dn3
gnutls_x509_crt_get_expiration_time
gnutls_x509_crt_get_fingerprint
gnutls_x509_crt_get_issuer_dn3
gnutls_x509_crt_get_key_id
gnutls_x509_crt_get_pk_algorithm
gnutls_x509_crt_get_signature_algorithm
gnutls_x509_crt_get_signature_oid
gnutls_x509_crt_get_subject_key_id
gnutls_x509_crt_import
gnutls_x509_crt_import_url
gnutls_x509_crt_init
gnutls_x509_crt_list_import
gnutls_x509_crt_list_import2
gnutls_x509_crt_print
gnutls_x509_crt_privkey_sign
gnutls_x509_crt_set_activation_time
gnutls_x509_crt_set_authority_info_access
gnutls_x509_crt_set_authority_key_id
gnutls_x509_crt_set_basic_constraints
gnutls_x509_crt_set_crl_dist_points
gnutls_x509_crt_set_crq
gnutls_x509_crt_set_crq_extension_by_oid
gnutls_x509_crt_set_crq_extensions
gnutls_x509_crt_set_dn
gnutls_x509_crt_set_dn_by_oid
gnutls_x509_crt_set_expiration_time
gnutls_x509_crt_set_extension_by_oid
gnutls_x509_crt_set_inhibit_anypolicy
gnutls_x509_crt_set_issuer_unique_id
gnutls_x509_crt_set_key_purpose_oid
gnutls_x509_crt_set_key_usage
gnutls_x509_crt_set_name_constraints
gnutls_x509_crt_set_policy
gnutls_x509_crt_set_proxy
gnutls_x509_crt_set_proxy_dn
gnutls_x509_crt_set_pubkey
gnutls_x509_crt_set_serial
gnutls_x509_crt_set_spki
gnutls_x509_crt_set_subject_alt_name
gnutls_x509_crt_set_subject_alt_othername
gnutls_x509_crt_set_subject_key_id
gnutls_x509_crt_set_subject_unique_id
gnutls_x509_crt_set_tlsfeatures
gnutls_x509_crt_set_version
gnutls_x509_name_constraints_add_excluded
gnutls_x509_name_constraints_add_permitted
gnutls_x509_name_constraints_deinit
gnutls_x509_name_constraints_init
gnutls_x509_privkey_deinit
gnutls_x509_privkey_export
gnutls_x509_privkey_export2
gnutls_x509_privkey_export_dsa_raw
gnutls_x509_privkey_export_ecc_raw
gnutls_x509_privkey_export_gost_raw
gnutls_x509_privkey_export_pkcs8
gnutls_x509_privkey_export_rsa_raw2
gnutls_x509_privkey_generate
gnutls_x509_privkey_generate2
gnutls_x509_privkey_get_key_id
gnutls_x509_privkey_get_pk_algorithm
gnutls_x509_privkey_get_pk_algorithm2
gnutls_x509_privkey_get_seed
gnutls_x509_privkey_get_spki
gnutls_x509_privkey_import
gnutls_x509_privkey_import2
gnutls_x509_privkey_import_pkcs8
gnutls_x509_privkey_init
gnutls_x509_privkey_sec_param
gnutls_x509_privkey_set_flags
gnutls_x509_privkey_verify_params
gnutls_x509_spki_deinit
gnutls_x509_spki_get_rsa_oaep_params
gnutls_x509_spki_get_rsa_pss_params
gnutls_x509_spki_init
gnutls_x509_spki_set_rsa_oaep_params
gnutls_x509_spki_set_rsa_pss_params
gnutls_x509_tlsfeatures_add
gnutls_x509_tlsfeatures_deinit
gnutls_x509_tlsfeatures_init
gnutls_x509_trust_list_add_cas
gnutls_x509_trust_list_add_crls
gnutls_x509_trust_list_add_system_trust
gnutls_x509_trust_list_add_trust_file
gnutls_x509_trust_list_deinit
gnutls_x509_trust_list_init
gnutls_x509_trust_list_verify_crt
gnutls_x509_trust_list_verify_crt2

kernel32

CloseHandle
CreateFileA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FindClose
FindFirstFileA
FreeLibrary
GetCurrentProcess
GetEnvironmentVariableW
GetFileInformationByHandle
GetFileType
GetFinalPathNameByHandleA
GetHandleInformation
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
InitializeCriticalSection
IsDBCSLeadByteEx
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
PeekNamedPipe
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__getmainargs
__initenv
__mb_cur_max
__p___argv
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_assert
_cexit
_close
_dup2
_environ
_errno
_fdopen
_fileno
_get_osfhandle
_getch
_getmaxstdio
_initterm
_iob
_lock
_onexit
_open
_open_osfhandle
_putenv
_setmaxstdio
_setmode
_stricmp
_strnicmp
_tzset
_umask
_unlock
abort
atoi
calloc
exit
fclose
ferror
fflush
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
getc
getenv
localeconv
malloc
memchr
memcmp
memcpy
memset
localtime
gmtime
perror
putc
realloc
remove
setlocale
setvbuf
signal
strchr
strcmp
strcpy
strerror
strftime
strlen
strncmp
strspn
strstr
strtok
strtol
strtoul
vfprintf
wcslen
wcstombs
_strtoi64
_tzname
_write

libwinpthread-1

clock_gettime

libtasn1-6

asn1_encode_simple_der
asn1_strerror

ws2_32

WSAStartup
inet_pton

Sections

.text
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5c463ae014f541a0087754d8f52daeb

Headers

DLL Characteristics

File Characteristics

Imports

libgnutls-30

kernel32

msvcrt

libwinpthread-1

libtasn1-6

ws2_32

Sections

.text Size: 178KB - Virtual size: 177KB

.data Size: 1024B - Virtual size: 1020B

.rdata Size: 48KB - Virtual size: 47KB

/4 Size: 22KB - Virtual size: 21KB

.bss Size: - Virtual size: 9KB

.idata Size: 17KB - Virtual size: 16KB

.CRT Size: 512B - Virtual size: 48B

.tls Size: 512B - Virtual size: 8B

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 178KB - Virtual size: 177KB

.data
Size: 1024B - Virtual size: 1020B

.rdata
Size: 48KB - Virtual size: 47KB

/4
Size: 22KB - Virtual size: 21KB

.bss
Size: - Virtual size: 9KB

.idata
Size: 17KB - Virtual size: 16KB

.CRT
Size: 512B - Virtual size: 48B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 10KB - Virtual size: 10KB