a6906555e3c6d0b372801a86b1a68dc0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a6906555e3c6d0b372801a86b1a68dc0N.exe
Size

1.4MB
MD5

a6906555e3c6d0b372801a86b1a68dc0
SHA1

338ac2fa3e39e5aae041e5fa38db97b819c0fef6
SHA256

272ace4541024d7ce5af4ac97327f016586c8eb3ac3de28fd7b3082b500f65ae
SHA512

08fc01001055f156569c3354447c74b75e7358296485d4c7e0e22f288219a3dcc547d5a64c0cccb2f9b9afc5a0460e89b630ce4cc068d6f6dc3279acbc0ac3e3
SSDEEP

24576:9lFtj2LTHQy5Sk2PlYjboGxZqwijaahIJpX:9ljjGP92PlYvoGxUSJpX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a6906555e3c6d0b372801a86b1a68dc0N.exe

Files

a6906555e3c6d0b372801a86b1a68dc0N.exe
.exe windows:5 windows x86 arch:x86

b90673f10d00ca3603bdd6d05970eba3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ICWCONN2.pdb

Imports

advapi32

RegQueryValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyW
RegDeleteValueW

c

LocalAlloc
ExitProcess
WriteFile
SetFilePointer
GetCurrentProcessId
GetCurrentThreadId
GetCommandLineW
GlobalFree
FreeLibrary
GetProcAddress
GetLastError
LoadLibraryW
GlobalAlloc
lstrcpynW
lstrcpyW
GetPrivateProfileStringW
GetVersionExW
lstrcmpiW
GetModuleHandleW
FindClose
FindNextFileW
DeleteFileW
SetFileAttributesW
FindFirstFileW
lstrcatW
CompareStringW
GetFullPathNameW
GetPrivateProfileIntW
CreateSemaphoreW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CloseHandle
GetCommandLineA
GetVersionExA
GetModuleHandleA
GetStdHandle
GetModuleFileNameA
FreeEnvironmMZ�
�
gram cannot be run in DOS mode. $
mode. $
��j��j��j��c�r�k��c�c�b��c�t�u��j��;��c�d��c�m�|��c�s�k��c�v�k��Richj��
c�r�k��c�c�b��c�t�u��j��;��c�d��c�m�|��c�s�k��c�v�k��Richj��
��c�t�u��j��;��c�d��c�m�|��c�s�k��c�v�k��Richj��
;��c�d��c�m�|��c�s�k��c�v�k��Richj��
m�|��c�s�k��c�v�k��Richj��
��c�v�k��Richj��
chj��

�

@
`
.text
�-
Sleep
LocalFree
lstrcmpW
lstrlenW
GetStartupInfoA

��l�

@

�

ll
DLL.DLL
ER32.dll
vcrt.dll
T32.dll
��L$
PAPI.dll
DLG32.dll
ELL32.dll
.dll
�L�
�L�
�
�
��L�
SHLWAPI.dll

`o��

��

p��

�)��
��

07�x

�
�

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b90673f10d00ca3603bdd6d05970eba3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

c

���l�

�

`o��

p���

07�x

Sections

.text Size: 52KB - Virtual size: 48KB

.data Size: 4KB - Virtual size: 15KB

.rsrc Size: 24KB - Virtual size: 20KB

��l�

�

`o��

p��

.text
Size: 52KB - Virtual size: 48KB

.data
Size: 4KB - Virtual size: 15KB

.rsrc
Size: 24KB - Virtual size: 20KB