b51b65cb46babb35d9be20c84a6c2480N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

b51b65cb46babb35d9be20c84a6c2480N.exe
Size

418KB
MD5

b51b65cb46babb35d9be20c84a6c2480
SHA1

f4e4148e1020b94e2703083513f81959c76afd13
SHA256

c7d3653ff84b94b6125c7e80ed082366266ba5dbe96ddc2a4f9b35838afeacf4
SHA512

1610a61b70a2071e17c5d690d2d1348e27be4cbc32f5e4aba86130e8222f64224a878c6d6f8dd269b8f108e1514d652d332939cd3017a03066a901e0ad333f83
SSDEEP

6144:+3AbLCIIT8U4qIoP109oK5QPnaGJoKNht6OdkaPav+h9sjUBNYdO:SIi8U4phoj5JoROuaPaMsjU7Y0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b51b65cb46babb35d9be20c84a6c2480N.exe

Files

b51b65cb46babb35d9be20c84a6c2480N.exe
.dll regsvr32 windows:6 windows x64 arch:x64

4cf1d261f361f561f2cc103c6671d6fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

RtlCaptureContext
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
MoveFileW
SwitchToThread
GetTickCount
Sleep
InterlockedPopEntrySList
InterlockedPushEntrySList
InitializeSListHead
FileTimeToSystemTime
GetFileInformationByHandle
GetFileSize
SetFilePointer
ReadFile
CreateFileW
CreateFileMappingW
MapViewOfFile
CloseHandle
WriteFile
UnmapViewOfFile
GetLocalTime
SystemTimeToFileTime
WideCharToMultiByte
VirtualProtect
LoadLibraryW
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
HeapSize
CreateEventW
SetEvent
InitializeCriticalSectionEx
GetLastError
RaiseException
DeleteCriticalSection
WriteConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
SetFilePointerEx
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
MultiByteToWideChar
GetFileType
GetStdHandle
GetTimeZoneInformation
LCMapStringW
CompareStringW
GetModuleFileNameW
GetModuleHandleExW
IsDebuggerPresent
OutputDebugStringW
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
GetModuleHandleW
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
RtlUnwindEx
RtlPcToFileHeader
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetFileAttributesExW
SetFileAttributesW
ExitProcess

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoInitialize

gdiplus

GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToStream
GdipGetImageEncoders
GdipGetEncoderParameterListSize
GdipCloneImage
GdipDrawImageRectRect
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAlloc
GdipFree
GdiplusStartup
GdipGetEncoderParameterList

ws2_32

shutdown

Exports

Exports

?RdvServiceMain@@YAXPEAX0K0K@Z
DllRegisterServer
DllUnregisterServer
VssServiceMain

Sections

.text
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4cf1d261f361f561f2cc103c6671d6fe

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

gdiplus

ws2_32

Exports

Exports

Sections

.text Size: 321KB - Virtual size: 321KB

.rdata Size: 74KB - Virtual size: 73KB

.data Size: 3KB - Virtual size: 4.1MB

.pdata Size: 15KB - Virtual size: 15KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 321KB - Virtual size: 321KB

.rdata
Size: 74KB - Virtual size: 73KB

.data
Size: 3KB - Virtual size: 4.1MB

.pdata
Size: 15KB - Virtual size: 15KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB