6ddffd60e8c6f0e4f935b311ad8449b0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

6ddffd60e8c6f0e4f935b311ad8449b0N.exe
Size

242KB
MD5

6ddffd60e8c6f0e4f935b311ad8449b0
SHA1

5c5b6f504d6562946afaa463acab4420e770257c
SHA256

9df4f06e78570302f4f67677d70a47e963e99aaac10ec41178e4542032820ba7
SHA512

e07403c0e55435f06a8c68119662345462572eb45a6e4a8e4f0ccd217c1fe7bc1bb973d0312f49dfa5b840d06d2db191ce749a86b4e15348764b411d6b7b978f
SSDEEP

6144:eF7lrqGjG5ONvskbODoKRmEXEihpqfnM:eFJrzGsNUZ8K4Ey/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6ddffd60e8c6f0e4f935b311ad8449b0N.exe

Files

6ddffd60e8c6f0e4f935b311ad8449b0N.exe
.dll windows:10 windows x86 arch:x86

14ad0cea7e3a036d6fa337ae2c997913

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

FXSXP32.pdb

Imports

msvcrt

memcpy
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler4_common
_vsnwprintf
_initterm
_amsg_exit
malloc
free
_mbscpy
wcsncpy_s
wcsncmp
memmove_s
strrchr
wcsstr
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
wcscat_s
wcscpy_s
iswspace
iswcntrl
_wcsdup
_wcsicmp
memcpy_s
__CxxFrameHandler3
wcsrchr
wcschr
_XcptFilter
_wcsnicmp
_wsplitpath_s
iswalpha
swscanf_s
_CxxThrowException
_callnewh
_ftol2_sse
_wcsnset
memset

fxsapi

FaxSendDocumentExW
FaxGetRecipientsLimit
FaxFreeSenderInformation
FaxGetSenderInformation
FaxGetReceiptsOptions
FaxConnectFaxServerW
FaxClose
FaxGetPersonalCoverPagesOption
FaxAccessCheckEx

kernel32

ReadFile
ExpandEnvironmentStringsW
GetProcAddress
FreeLibrary
CreateDirectoryW
GetFileAttributesW
MultiByteToWideChar
GetComputerNameW
WideCharToMultiByte
GetLocaleInfoEx
GetUserPreferredUILanguages
SetFilePointer
OutputDebugStringW
GetFileSize
GetVersionExW
GetFullPathNameW
SetEndOfFile
UnmapViewOfFile
CopyFileW
GetFileType
CreateFileMappingW
MapViewOfFileEx
GetCurrentThread
LocalFree
GetModuleFileNameW
FindNextFileW
FindClose
GetLastError
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
GetProcessHeap
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetModuleHandleW
OpenMutexW
MapViewOfFile
CreateProcessW
CreateEventW
ReleaseMutex
CreateMutexW
SetEnvironmentVariableW
WaitForMultipleObjects
VirtualAlloc
VirtualFree
MulDiv
SetLastError
WriteFile
GetProfileIntW
QueryPerformanceCounter
GetTempPathW
CreateFileW
DeleteFileW
FindFirstFileW
CloseHandle
GetTempFileNameW
MoveFileW
DisableThreadLibraryCalls
LoadLibraryW
lstrlenA
OutputDebugStringA
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
DeleteCriticalSection
InitializeCriticalSection
GetTickCount
GetSystemTime
SystemTimeToFileTime

advapi32

OpenProcessToken
ReportEventW
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
SetSecurityDescriptorOwner
AllocateAndInitializeSid
SetEntriesInAclW
GetSecurityDescriptorOwner
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorGroup
GetTokenInformation
CopySid
IsValidSid
GetLengthSid
OpenThreadToken
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
RegQueryValueW
TraceMessage

winspool.drv

GetPrinterW
OpenPrinterW
EnumPrintersW
DocumentPropertiesW
GetJobW
SetJobW
ClosePrinter
FindFirstPrinterChangeNotification
FindNextPrinterChangeNotification
FindClosePrinterChangeNotification

gdi32

GetTextMetricsW
TextOutW
SetBkMode
DeleteObject
SetMapMode
CreateFontIndirectW
StartDocW
EndPage
GetDeviceCaps
CreateDCW
GetTextExtentExPointW
StartPage
SelectObject
GetObjectW
GetStockObject
EndDoc
StretchDIBits
DeleteDC

user32

MessageBoxW
WinHelpW
MessageBeep
DialogBoxParamW
CreateWindowExW
GetWindowTextW
SendMessageW
EndDialog
SetWindowTextW
IsDlgButtonChecked
GetDlgItem
CheckDlgButton
UpdateWindow
InvalidateRect
BeginPaint
EndPaint
GetWindowContextHelpId
EnableWindow
LoadStringW

shell32

SHGetFolderPathAndSubDirW
SHGetFolderPathW
ShellExecuteExW
SHSetLocalizedName

mapi32

ord62
ord82
ord140
ord185
ord17
ord75

comdlg32

ChooseFontW

tapi32

lineTranslateDialogW
lineGetTranslateCapsW
lineTranslateAddressW
lineInitializeExW
lineShutdown

Exports

Exports

ServiceEntry
XPProviderInit

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14ad0cea7e3a036d6fa337ae2c997913

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

fxsapi

kernel32

advapi32

winspool.drv

gdi32

user32

shell32

mapi32

comdlg32

tapi32

Exports

Exports

Sections

.text Size: 87KB - Virtual size: 86KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 145KB - Virtual size: 145KB

.text
Size: 87KB - Virtual size: 86KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 145KB - Virtual size: 145KB