c5304cc010fbb6d6dc36ffd87eb97220N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

c5304cc010fbb6d6dc36ffd87eb97220N.exe
Size

6.0MB
MD5

c5304cc010fbb6d6dc36ffd87eb97220
SHA1

2ab5257fc3d43532897bf806bd6e4991bf0e5e26
SHA256

e74fcac3c25078c0a67cfaa5bb1a492f8cf05e2d5975f5450d3b616b690c7f9f
SHA512

918ccc890bb4055a85b512347714e76299010b3c6f3c8088aadaa8a11288c378eff5ea7aba6881e705d2321492dbaeb1b75718ee5bb83430592cf58f410dce5e
SSDEEP

3072:7+T9xpJ8Zl1t1HI1I/9HhFr1WlG/O7TIJFIGQzS:iT9Gl/ZI1I/9HnGv7MJr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c5304cc010fbb6d6dc36ffd87eb97220N.exe

Files

c5304cc010fbb6d6dc36ffd87eb97220N.exe
.exe windows:5 windows x64 arch:x64

ad4ca62e89ded9830567bc3dbcb98179

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

TlsGetValue
CreateFileW
GetCommandLineW
IsDebuggerPresent
IsProcessorFeaturePresent
GetLastError
SetLastError
GetCurrentThreadId
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsSetValue
TlsFree
GetModuleHandleW
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
HeapFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LoadLibraryExW
OutputDebugStringW
HeapAlloc
HeapReAlloc
GetStringTypeW
HeapSize
LCMapStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
VirtualAlloc
CloseHandle

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12.0MB - Virtual size: 12.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad4ca62e89ded9830567bc3dbcb98179

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 12.0MB - Virtual size: 12.0MB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 12.0MB - Virtual size: 12.0MB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB