f262587068e0010fcb22c5dc1b166c90N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

f262587068e0010fcb22c5dc1b166c90N.exe
Size

590KB
MD5

f262587068e0010fcb22c5dc1b166c90
SHA1

dc3cb5fb6c7f1b8462daa8f5c214b5e093d551e1
SHA256

c67925eeb344d43378d4086ea42c079cccfea5096fb5c2c0f1162acc9c9c4227
SHA512

8cf7a5c2f05197e78928fa89228c02bc0bdb2dc384f854fb93fa12a16ac741796cdda4570d66b0399c4021d66b9339095a57ea181727544994660810cb1fd742
SSDEEP

12288:9aqzPTY53of4XgbXZqHfdQCaIY//RnhOWrZVoexdqCLH31Ii3Dn:jPYPwbXZq6C7Y/5kWrZVoe/1LH3bDn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f262587068e0010fcb22c5dc1b166c90N.exe

Files

f262587068e0010fcb22c5dc1b166c90N.exe
.exe windows:10 windows x64 arch:x64

5dee48ec7c50d677fa5bfe4d23399111

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

logoff.pdb

Imports

winsta

WinStationOpenServerW
WinStationGetAllSessionsW
WinStationNameFromLogonIdW
WinStationFreeMemory
WinStationOpenServerExW
WinStationReset
LogonIdFromWinStationNameW

user32

ExitWindowsEx
LoadStringW

kernel32

RtlLookupFunctionEntry
UnhandledExceptionFilter
RtlCaptureContext
GetCurrentProcessId
Sleep
SetUnhandledExceptionFilter
RtlVirtualUnwind
GetCurrentThreadId
GetConsoleOutputCP
SetThreadUILanguage
GetLastError
HeapSetInformation
SetLastError
GetStdHandle
MultiByteToWideChar
FormatMessageW
LoadLibraryW
WriteConsoleW
GetModuleHandleW
FreeLibrary
GetFileType
GetCommandLineW
LocalAlloc
LocalFree
VerSetConditionMask
VerifyVersionInfoW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
GetTickCount
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
GetSystemTimeAsFileTime

msvcrt

wcscat_s
vswprintf_s
wcschr
free
vfwprintf
fwprintf
malloc
wcstol
_wcsnicmp
_wcsdup
_wcslwr
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
_ultoa
_wsetlocale
swprintf_s
fgetwc
wcstoul
setlocale
__iob_func
memcpy
memmove
wcscpy_s
iswctype
memset

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5dee48ec7c50d677fa5bfe4d23399111

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winsta

user32

kernel32

msvcrt

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 6KB

.pdata Size: 1024B - Virtual size: 540B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 6KB

.pdata
Size: 1024B - Virtual size: 540B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 568KB - Virtual size: 572KB