EHNLBFILGINHBAKADHED[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

EHNLBFILGINHBAKADHED.exe
Size

21.9MB
MD5

53f7f949861e79d8fbef4f11af3a06ed
SHA1

b99df0abeb8c645db6b890cc1754846e874d396d
SHA256

4bcf32c3b4535733b19a6eab0a88880dc79973f5313e7895495e01dbaad0a7fe
SHA512

5344eec941a02b65b2a106fed8e1f4d08e7aa9281713891bc457316b17ca17bdb5de2db69baa2349ef4156c8eb97a7d146308c71af26df1864309ba283a4005f
SSDEEP

393216:P+5uL8r/F/TwVmlXk8OBdHv1Th0KkJ4F:suYhbwVm6/f9NAJ4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
EHNLBFILGINHBAKADHED.exe

Files

EHNLBFILGINHBAKADHED.exe
.exe windows:6 windows x64 arch:x64

Password: sordum

9a5396378240510e9db196b6bddb0b1b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

EnterCriticalSection
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetWindowsHookExA

advapi32

CryptDestroyHash

shell32

ShellExecuteA

msvcp140

_Query_perf_frequency

normaliz

IdnToAscii

wldap32

ord143

crypt32

CertFreeCertificateChainEngine

ws2_32

closesocket

shlwapi

PathFindFileNameW

rpcrt4

RpcStringFreeA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy

api-ms-win-crt-stdio-l1-1-0

fgetc

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

_cexit

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-math-l1-1-0

_dsign

api-ms-win-crt-convert-l1-1-0

strtoul

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp

api-ms-win-crt-string-l1-1-0

tolower

api-ms-win-crt-utility-l1-1-0

qsort

Sections

.text
Size: - Virtual size: 499KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 874KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ditconm
Size: - Virtual size: 13.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ditconm
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ditconm
Size: 21.9MB - Virtual size: 21.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: sordum

9a5396378240510e9db196b6bddb0b1b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcp140

normaliz

wldap32

crypt32

ws2_32

shlwapi

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

Sections

.text Size: - Virtual size: 499KB

.rdata Size: - Virtual size: 114KB

.data Size: - Virtual size: 874KB

.pdata Size: - Virtual size: 20KB

.ditconm Size: - Virtual size: 13.6MB

.ditconm Size: 5KB - Virtual size: 4KB

.ditconm Size: 21.9MB - Virtual size: 21.9MB

.reloc Size: 512B - Virtual size: 292B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 499KB

.rdata
Size: - Virtual size: 114KB

.data
Size: - Virtual size: 874KB

.pdata
Size: - Virtual size: 20KB

.ditconm
Size: - Virtual size: 13.6MB

.ditconm
Size: 5KB - Virtual size: 4KB

.ditconm
Size: 21.9MB - Virtual size: 21.9MB

.reloc
Size: 512B - Virtual size: 292B

.rsrc
Size: 512B - Virtual size: 480B