63bfa17720dfadb5785a13f733819b50N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

63bfa17720dfadb5785a13f733819b50N.exe
Size

73KB
MD5

63bfa17720dfadb5785a13f733819b50
SHA1

90bcd97c0825d7c67801f7fc9ec9e491be46e356
SHA256

0418712bce63c19424d8096cfed14ab1e3da980acafa82735bd1933116bd5f78
SHA512

6b9798e9791710f97fd9d4bdd47f25ad507b055ad090afd7af4a67bfdedb3999077efd885e3cfcbad6b9ada00f8ffaaa80e12978975bc78b4840a166b92206ae
SSDEEP

1536:C9tzJvjb4fRIRDoaqK048uVkclLsEV9hxc8JNBHEaqUk2jW/6Qfc:kU8Do0ECkce09hxcQNBHEWk2C6QE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63bfa17720dfadb5785a13f733819b50N.exe

Files

63bfa17720dfadb5785a13f733819b50N.exe
.exe windows:6 windows x86 arch:x86

35799ed6badbcbd7b2935dec46e515c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

tzutil.pdb

Imports

advapi32

LookupPrivilegeValueW
OpenProcessToken
EventRegister
EventUnregister
EventWrite
AdjustTokenPrivileges

kernel32

GetConsoleMode
GetFileType
CloseHandle
GetLastError
GetCurrentProcess
CompareStringW
LocalFree
LocalAlloc
WideCharToMultiByte
WriteConsoleW
GetModuleHandleW
GetStdHandle
SetThreadPreferredUILanguages
GetConsoleOutputCP
HeapSetInformation
FormatMessageW
SearchPathW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
UnmapViewOfFile
FreeLibrary
GetLocaleInfoW
GetVersionExW
CreateFileW
CreateFileMappingW
MapViewOfFile
LoadLibraryExW
SetLastError
GetSystemDirectoryW
FindResourceExW
LoadResource
LockResource
GetSystemTime
GetTimeZoneInformation
GetDynamicTimeZoneInformation
EnterCriticalSection
LeaveCriticalSection
CompareStringOrdinal
DeleteCriticalSection
InitializeCriticalSection
RegQueryValueExW
IsTimeZoneRedirectionEnabled
InterlockedExchange
Sleep
InterlockedCompareExchange
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsValidLocale
RegEnumKeyExW
RegCloseKey
SystemTimeToFileTime
FileTimeToSystemTime
SetDynamicTimeZoneInformation
GetLocalTime
RegOpenKeyExW

msvcrt

_controlfp
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_wsetlocale
_wcsicmp
memset
wprintf
??2@YAPAXI@Z
_vsnwprintf
_itow_s
_wtoi
wcschr
wcsncmp
_wcsnicmp
memcpy
bsearch

user32

LoadStringW

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

35799ed6badbcbd7b2935dec46e515c5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

user32

Sections

.text Size: 37KB - Virtual size: 37KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 30KB - Virtual size: 31KB

.text
Size: 37KB - Virtual size: 37KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 30KB - Virtual size: 31KB