62cdbaaa5195922c7b15b174a5bfa650N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

62cdbaaa5195922c7b15b174a5bfa650N.exe
Size

3.1MB
MD5

62cdbaaa5195922c7b15b174a5bfa650
SHA1

2f5c84f62ea39fafa0cabc2eaf37eb6136dfa1a9
SHA256

d72e5a0034be64c079e02177360f7db46692ad3d9a37c3ad9330355aaf50f311
SHA512

b5971b41c896393fa2fbb19988cc0c7cb4e9706683454c81cd1a3c8e38ba258298b2f433a742ae72d5cd5c60a941ac37f04496a39e23e767895c687b7a412a5d
SSDEEP

98304:8yM1ZNxlfQqZa6MI1QR42nMMxMola8MMMMgYuLuNNUMMMMMM:ZM1ZNx+qj1A4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
62cdbaaa5195922c7b15b174a5bfa650N.exe

Files

62cdbaaa5195922c7b15b174a5bfa650N.exe
.exe windows:5 windows x86 arch:x86

f94af0ac6c111f8df4406885aced2b1d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegSetValueExW

kernel32

GetCurrentProcessId
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

version

GetFileVersionInfoW

winspool.drv

ord203

comctl32

FlatSB_GetScrollPos

gdi32

SelectPalette

msimg32

AlphaBlend

user32

LoadCursorW

ole32

OleInitialize

oleaut32

SafeArrayGetLBound

Exports

Exports

@@Unit1@Finalize
@@Unit1@Initialize
_Form1
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f94af0ac6c111f8df4406885aced2b1d

Headers

File Characteristics

Imports

advapi32

kernel32

version

winspool.drv

comctl32

gdi32

msimg32

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: - Virtual size: 1.2MB

.data Size: - Virtual size: 92KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: - Virtual size: 4KB

.idata Size: - Virtual size: 12KB

.didata Size: - Virtual size: 4KB

.edata Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 2.4MB

.vmp1 Size: 2.7MB - Virtual size: 2.7MB

.reloc Size: 512B - Virtual size: 252B

.rsrc Size: 351KB - Virtual size: 351KB

.text
Size: - Virtual size: 1.2MB

.data
Size: - Virtual size: 92KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: - Virtual size: 4KB

.idata
Size: - Virtual size: 12KB

.didata
Size: - Virtual size: 4KB

.edata
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 2.4MB

.vmp1
Size: 2.7MB - Virtual size: 2.7MB

.reloc
Size: 512B - Virtual size: 252B

.rsrc
Size: 351KB - Virtual size: 351KB