89163f4d2e020316704e1509b0c22530N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

89163f4d2e020316704e1509b0c22530N.exe
Size

31KB
MD5

89163f4d2e020316704e1509b0c22530
SHA1

f11a9f4dba4bc195f92c4eec2e93e0ca4872c6af
SHA256

bb27bfa79e52f538ccb8340415a28921d8f9e5d2aef1ec228ab4a21d6cdefe37
SHA512

2df7922f4bedcc28716a0f7bbcb9d13143153a56d46ecdf622fceeb2567593ddbebe8de142c5a71b73abae38a4ceff663c188a93ab8fe693bcc4a0bb2a0d2cab
SSDEEP

384:pAB1DNcCOzz5yoHy3qjdET+qoCq5g5/Gh7xTJjSD89Dzg6Y+d02HUP2R3SPxWeJL:CB1RcJS3UyHoNK+jSD89Dzgrs9oPn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89163f4d2e020316704e1509b0c22530N.exe

Files

89163f4d2e020316704e1509b0c22530N.exe
.dll windows:6 windows x64 arch:x64

f9abf993d527cc0e4011fd49f60d160a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

DirectDB.pdb

Imports

msvcrt

??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memcpy
memcmp
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_vsnwprintf
memset

advapi32

RegGetValueW

shlwapi

StrCmpNIW
StrCmpIW
StrCmpW
PathStripPathW

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlMoveMemory
RtlVirtualUnwind

kernel32

CompareFileTime
lstrcmpiA
lstrcmpA
GetFileSize
OpenFileMappingW
MapViewOfFile
CreateFileW
GetFullPathNameW
HeapAlloc
CreateFileMappingW
QueryPerformanceCounter
HeapCreate
CreateMutexW
ReleaseMutex
HeapDestroy
HeapFree
SetFileTime
UnmapViewOfFile
FlushViewOfFile
TerminateProcess
GetCurrentProcess
InitializeCriticalSection
GetSystemInfo
DisableThreadLibraryCalls
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
GetLastError
CloseHandle
ExpandEnvironmentStringsW
GetModuleFileNameW
Sleep
SetUnhandledExceptionFilter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter

ole32

CoCreateInstance
CoGetMalloc

user32

CharLowerBuffW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9abf993d527cc0e4011fd49f60d160a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

shlwapi

ntdll

kernel32

ole32

user32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 24KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 960B

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 244B

.text
Size: 24KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 960B

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 244B