eb2ebc558aee6c073217d1f0aa463f10N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

eb2ebc558aee6c073217d1f0aa463f10N.exe
Size

829KB
MD5

eb2ebc558aee6c073217d1f0aa463f10
SHA1

d768ecb490a027679d2914606837d48952e4fed1
SHA256

ebb9349a62453345a7e95905d539223a58f445d25330caa0b0a5f2ea23ea6eee
SHA512

ec62d25e16634a4a35e9563fd3ecf299c2f4e5b237cf802bdda11f1e1c7ccaeef678768c63a8b50d8ee46aeef5a90fcf7958078c428fe518ab04ce39da7e883f
SSDEEP

6144:lVEOEP3Tpdu4d9hgQm2h+sOfsDSVgbji5k6uETAOKXyEyOMrupGopH:lVEBThgQm2h+sOfsehTUZMrCGop

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb2ebc558aee6c073217d1f0aa463f10N.exe

Files

eb2ebc558aee6c073217d1f0aa463f10N.exe
.exe windows:6 windows x86 arch:x86

afc4b900a192becce892b9cfd80fd872

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
WaitForSingleObject
Sleep
SetEvent
CloseHandle
CreateEventA
GetCurrentThreadId
SetLastError
CancelIo
lstrlenW
CreateEventW
ResetEvent
WideCharToMultiByte
TryEnterCriticalSection
RaiseException
ResumeThread
OpenProcess
GetFileAttributesA
GetSystemDirectoryA
GetThreadContext
VirtualAllocEx
CreateProcessA
SetThreadContext
GetExitCodeProcess
GetModuleFileNameA
GetFileSizeEx
GetCurrentDirectoryA
MoveFileExA
CreateFileA
GetSystemInfo
CreateThread
GlobalMemoryStatusEx
GetConsoleWindow
TlsGetValue
TlsAlloc
WriteConsoleW
CreateFileW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
VirtualAlloc
VirtualFree
MultiByteToWideChar
HeapFree
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
RtlUnwind
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetFileType
GetCommandLineW
GetCommandLineA
WriteFile
GetStdHandle
GetModuleFileNameW
ExitProcess
VirtualQuery
VirtualProtect
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
IsProcessorFeaturePresent
FreeLibrary
TlsFree
IsDebuggerPresent
OutputDebugStringW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
LCMapStringEx
EncodePointer
LocalFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
CompareStringEx
GetCPInfo
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsSetValue

user32

GetCursorPos
GetInputState
PostThreadMessageA
ShowWindow

advapi32

RegQueryValueExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegCreateKeyW
RegDeleteValueW
GetUserNameW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString

ws2_32

WSAGetLastError
WSACleanup
closesocket
gethostbyname
select
WSAStartup
send
socket
connect
recv
htons
setsockopt
shutdown
getnameinfo
ioctlsocket
freeaddrinfo
getsockopt
ntohs
getpeername
getaddrinfo
WSASocketW
__WSAFDIsSet
WSAIoctl

winmm

timeGetTime

Sections

.text
Size: 692KB - Virtual size: 692KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

afc4b900a192becce892b9cfd80fd872

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

ws2_32

winmm

Sections

.text Size: 692KB - Virtual size: 692KB

.rdata Size: 79KB - Virtual size: 78KB

.data Size: 9KB - Virtual size: 20KB

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 692KB - Virtual size: 692KB

.rdata
Size: 79KB - Virtual size: 78KB

.data
Size: 9KB - Virtual size: 20KB

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 36KB - Virtual size: 35KB