21be95dfebf4b9e7efb25bbedbfc3b80N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

21be95dfebf4b9e7efb25bbedbfc3b80N.exe
Size

286KB
MD5

21be95dfebf4b9e7efb25bbedbfc3b80
SHA1

191b6eb0db5276f3318c3a95fb9d39920d6b9788
SHA256

a33ae343dd9bc333a3a96050f791dbd44034c7217d1cb353e481ba78b48eea89
SHA512

d3a8976c465fa13a6d8b85fbc0d51449282cd9120ea8764821895e8750f6cbce69d62b0c89b642932868b0cca6c64b692d390094802f1aa8a00cf8a3bf3c786b
SSDEEP

3072:wEE/ipk2SOui45FtkoqdxCjnsBrZpvgL0MEgxj4voNO4t:k3vPtkzdMjsBrXvgAvmsoI4t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21be95dfebf4b9e7efb25bbedbfc3b80N.exe

Files

21be95dfebf4b9e7efb25bbedbfc3b80N.exe
.exe windows:5 windows x86 arch:x86

64ac0c3c194e5b73cc661451e0d0679b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDiskFreeSpaceW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetPrivateProfileIntA
GetProfileSectionA
GetSystemWindowsDirectoryW
IsDebuggerPresent
LoadLibraryA
LoadLibraryExA
GetConsoleAliasW
LocalFree
ReadConsoleOutputAttribute
ReadConsoleOutputCharacterA
ReadProcessMemory
SetConsoleDisplayMode
SetInformationJobObject
WriteProcessMemory
lstrlen
ExitProcess
Sleep
GetModuleHandleW
VirtualAllocEx
GetDriveTypeA
lstrlenW
LocalAlloc

user32

LoadCursorW

gdi32

AddFontResourceA
AbortDoc
DdEntry31

advapi32

RegQueryValueExA
RegOpenKeyExW
RegOpenKeyA

shell32

ExtractIconExW
CommandLineToArgvW
Shell_NotifyIconA
SHLoadNonloadedIconOverlayIdentifiers
SHLoadInProc
SHInvokePrinterCommandW
SHGetSpecialFolderPathW
SHGetIconOverlayIndexW
SHGetIconOverlayIndexA
SHGetDiskFreeSpaceA
SHFreeNameMappings
SHAppBarMessage
FindExecutableA
DoEnvironmentSubstW
ExtractIconExA
DuplicateIcon
DragQueryPoint
DragFinish

shlwapi

StrRChrW
StrChrIW
StrCmpNIW
StrRChrA

Sections

.sdata
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.l1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

64ac0c3c194e5b73cc661451e0d0679b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

Sections

.sdata Size: 170KB - Virtual size: 170KB

.rdata Size: 73KB - Virtual size: 72KB

INIT Size: 22KB - Virtual size: 22KB

.rsrc Size: 14KB - Virtual size: 14KB

.l1 Size: 2KB - Virtual size: 2KB

.l1 Size: 2KB - Virtual size: 2KB

.sdata
Size: 170KB - Virtual size: 170KB

.rdata
Size: 73KB - Virtual size: 72KB

INIT
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 14KB - Virtual size: 14KB

.l1
Size: 2KB - Virtual size: 2KB

.l1
Size: 2KB - Virtual size: 2KB