6fafbf697dbeb0fb9ce576cddf998fa0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6fafbf697dbeb0fb9ce576cddf998fa0N.exe
Size

7.6MB
MD5

6fafbf697dbeb0fb9ce576cddf998fa0
SHA1

6808a9e9eb7f9263b51146a4454bcc31bbd092e8
SHA256

0362b5a16e9135b211a7bdcb67799d6a4f84105f85ec7fb59c1069a3cf05a327
SHA512

9240527f9cf4f2974127538ed514e6c45a20592a4290459ed9db98145a81a47c842f1f4aef9e024d3b5a694b9a432d6c98a3476bc61a199ee61c8d4b95a5ddad
SSDEEP

196608:aWosyB23ywor8Okj8xONL/est5iGMbaMC/lSdaUM:abLB2DOkAUNL1mGMbanS4z

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

6fafbf697dbeb0fb9ce576cddf998fa0N.exe
.dll windows:6 windows x64 arch:x64

7713efa60880633be1569c1035df88c7

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:39:dd:e1:19:bb:32:0d:fb:9f:5d:ef:e3:f7:12:45
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

10/11/2021, 00:00

Not After

09/11/2024, 23:59

Subject

CN=Hangil IT Co.\, Ltd,O=Hangil IT Co.\, Ltd,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

87:22:8b:cc:ab:68:04:97:bb:63:19:e8:50:0c:0f:47:da:03:ff:c4
Signer

Actual PE Digest

87:22:8b:cc:ab:68:04:97:bb:63:19:e8:50:0c:0f:47:da:03:ff:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\___WORKING\__PHACH\x64_TOIRSCRIPT_PUBLIC\x64\Release\InjectBot.pdb

Imports

kernel32

CloseHandle
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetCurrentProcessId
OpenProcess
VirtualProtectEx
DisableThreadLibraryCalls
FreeLibrary
GetModuleFileNameA
LoadLibraryA
GetProcAddress
GetCurrentThread
VirtualAlloc
VirtualProtect
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
QueryPerformanceCounter
QueryPerformanceFrequency
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
CreateFileW
OutputDebugStringA
GetFileSize
ReadFile
EnterCriticalSection
LeaveCriticalSection
VirtualQuery
LoadLibraryExW
FindClose
FindNextFileW
GetModuleFileNameW
RaiseException
GetCurrentProcess
GetCommandLineA
GetSystemFirmwareTable
GetComputerNameA
GetSystemInfo
VirtualQueryEx
K32GetMappedFileNameW
SetEndOfFile
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
GetTempPathA
TerminateProcess
GetCurrentThreadId
FlushInstructionCache
GetFileSizeEx
SetFilePointerEx
FindFirstFileExW
GetModuleHandleW
SetLastError
GetSystemTimeAsFileTime
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
RtlPcToFileHeader
VirtualFree
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
WriteFile
CreateFileA
GetModuleHandleA
GetTickCount64
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
DecodePointer
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
ReadConsoleW
GetConsoleMode
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSListHead
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetModuleHandleExW
WriteConsoleW
RtlUnwind
EncodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
IsDebuggerPresent
ExitProcess
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetCursor
SetCursorPos
GetClientRect
GetKeyState
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
ScreenToClient
GetCursorPos
ClientToScreen
UnhookWindowsHookEx
SetWindowsHookExA
GetWindowThreadProcessId
FindWindowA
SetWindowLongPtrA
KillTimer
SetTimer
CallWindowProcA
SendMessageA
RegisterWindowMessageA
GetForegroundWindow
GetAsyncKeyState
LoadCursorA
CallNextHookEx
GetProcessWindowStation
GetUserObjectInformationW

advapi32

GetUserNameA

winhttp

WinHttpConnect
WinHttpReceiveResponse
WinHttpOpen
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSetStatusCallback
WinHttpCloseHandle

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

Exports

Exports

oba

Sections

.text
Size: - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 684KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CPADinfo
Size: - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX1
Size: 7.6MB - Virtual size: 7.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7713efa60880633be1569c1035df88c7

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

01:39:dd:e1:19:bb:32:0d:fb:9f:5d:ef:e3:f7:12:45Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

87:22:8b:cc:ab:68:04:97:bb:63:19:e8:50:0c:0f:47:da:03:ff:c4Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

winhttp

imm32

Exports

Exports

Sections

.text Size: - Virtual size: 4.8MB

.rdata Size: - Virtual size: 684KB

.data Size: - Virtual size: 329KB

.pdata Size: - Virtual size: 104KB

CPADinfo Size: - Virtual size: 56B

.detourc Size: - Virtual size: 8KB

.detourd Size: - Virtual size: 24B

_RDATA Size: - Virtual size: 500B

.UPX0 Size: - Virtual size: 4.1MB

.UPX1 Size: 7.6MB - Virtual size: 7.6MB

.reloc Size: 512B - Virtual size: 240B

.rsrc Size: 512B - Virtual size: 480B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

01:39:dd:e1:19:bb:32:0d:fb:9f:5d:ef:e3:f7:12:45
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

87:22:8b:cc:ab:68:04:97:bb:63:19:e8:50:0c:0f:47:da:03:ff:c4
Signer

.text
Size: - Virtual size: 4.8MB

.rdata
Size: - Virtual size: 684KB

.data
Size: - Virtual size: 329KB

.pdata
Size: - Virtual size: 104KB

CPADinfo
Size: - Virtual size: 56B

.detourc
Size: - Virtual size: 8KB

.detourd
Size: - Virtual size: 24B

_RDATA
Size: - Virtual size: 500B

.UPX0
Size: - Virtual size: 4.1MB

.UPX1
Size: 7.6MB - Virtual size: 7.6MB

.reloc
Size: 512B - Virtual size: 240B

.rsrc
Size: 512B - Virtual size: 480B