20126f64aeeed4db2ce8d56aa217d9c1d81644c0884f6abb020f2ec1c06967d0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

20126f64aeeed4db2ce8d56aa217d9c1d81644c0884f6abb020f2ec1c06967d0.exe
Size

77KB
MD5

117745f70f41b9c22af6dbd96ff20428
SHA1

7a6b1ee57a6353a71bfb5021b98fec67d3ceb86e
SHA256

20126f64aeeed4db2ce8d56aa217d9c1d81644c0884f6abb020f2ec1c06967d0
SHA512

2be5a0b1c3742161735a2b13b4e8b424b6e5d2811eb960e0d91e11aec0788c07403966090d583dd364cdcd98029efa1980f3a8b34c75b15045751e4d84ba159e
SSDEEP

768:HrpRjzGFVyi9WCLNluuPv3bedbHHlar7JNSmzeFAbXJ7JRVSvzd9p:HmdLPb2bHHcFNSAeF377p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20126f64aeeed4db2ce8d56aa217d9c1d81644c0884f6abb020f2ec1c06967d0.exe

Files

20126f64aeeed4db2ce8d56aa217d9c1d81644c0884f6abb020f2ec1c06967d0.exe
.dll windows:6 windows x64 arch:x64

579f52f57e43aa6ff0d07e88af5d0ff5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

nsi.pdb

Imports

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
NtTerminateProcess
RtlNtStatusToDosError
NtWaitForSingleObject
NtDeviceIoControlFile
memset

api-ms-win-core-errorhandling-l1-1-0

GetLastError

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-libraryloader-l1-1-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

CreateEventA

Exports

Exports

NsiAllocateAndGetPersistentDataWithMaskTable
NsiAllocateAndGetTable
NsiCancelChangeNotification
NsiDeregisterChangeNotification
NsiDeregisterChangeNotificationEx
NsiEnumerateObjectsAllParameters
NsiEnumerateObjectsAllParametersEx
NsiEnumerateObjectsAllPersistentParametersWithMask
NsiFreePersistentDataWithMaskTable
NsiFreeTable
NsiGetAllParameters
NsiGetAllParametersEx
NsiGetAllPersistentParametersWithMask
NsiGetObjectSecurity
NsiGetParameter
NsiGetParameterEx
NsiRegisterChangeNotification
NsiRegisterChangeNotificationEx
NsiRequestChangeNotification
NsiRequestChangeNotificationEx
NsiSetAllParameters
NsiSetAllParametersEx
NsiSetAllPersistentParametersWithMask
NsiSetObjectSecurity
NsiSetParameter
NsiSetParameterEx

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE

�{
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

579f52f57e43aa6ff0d07e88af5d0ff5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-synch-l1-1-0

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 528B

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 512B - Virtual size: 12B

�{ Size: 64KB - Virtual size: 64KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 528B

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 512B - Virtual size: 12B

�{
Size: 64KB - Virtual size: 64KB