6353a3cfee78ee862a2e676ddeff8e70N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6353a3cfee78ee862a2e676ddeff8e70N.exe
Size

2.9MB
MD5

6353a3cfee78ee862a2e676ddeff8e70
SHA1

cdbc8ec819f3e9becdd1279ee0e2534009446a9c
SHA256

18347decaeb902d7444c35e888b25ff81e0ccbfd4d2b3f33c3388be2557dc3d0
SHA512

d3220df3f8ef3f472a9bf06a6449044261681ff0a4dacd86206d8fb56366d2d98f5872a487c21351552b792f322ae65a0bea3ad993fcad76053b0b846e837990
SSDEEP

49152:JVhSnCpiXkrRrFe52xZHoY0jqcg904QMGFc4PC:u2kC0xc4a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6353a3cfee78ee862a2e676ddeff8e70N.exe

Files

6353a3cfee78ee862a2e676ddeff8e70N.exe
.exe windows:6 windows x64 arch:x64

3794507b8314ca818bea95ceaf528adb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetHandleInformation
GetSystemInfo
CreateIoCompletionPort
GetQueuedCompletionStatusEx
GetCurrentProcess
PostQueuedCompletionStatus
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
GetProcAddress
AcquireSRWLockShared
ReleaseSRWLockShared
lstrlenW
TryAcquireSRWLockExclusive
GetCurrentThreadId
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
CreateWaitableTimerExW
SetWaitableTimer
WaitForSingleObject
QueryPerformanceCounter
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
IsProcessorFeaturePresent
InitializeSListHead
GetStdHandle
GetCurrentProcessId
QueryPerformanceFrequency
HeapFree
IsDebuggerPresent
HeapReAlloc
ReleaseMutex
GetProcessHeap
HeapAlloc
FindNextFileW
FindClose
FindFirstFileW
GetFinalPathNameByHandleW
UnhandledExceptionFilter
AcquireSRWLockExclusive
GetConsoleMode
ReleaseSRWLockExclusive
GetModuleHandleW
FormatMessageW
MultiByteToWideChar
WriteConsoleW
CreateThread
GetCurrentThread
GetFullPathNameW
GetSystemTimeAsFileTime
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
SetUnhandledExceptionFilter
CloseHandle

ntdll

NtDeviceIoControlFile
RtlNtStatusToDosError
NtAllocateVirtualMemory
NtWaitForSingleObject
NtWriteVirtualMemory
NtProtectVirtualMemory
NtCreateThreadEx
NtCreateFile
NtWriteFile
NtCancelIoFileEx

ws2_32

send
recv
shutdown
getsockopt
ioctlsocket
connect
bind
WSASocketW
getsockname
getpeername
setsockopt
WSAIoctl
WSAGetLastError
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo
closesocket
WSASend

secur32

QueryContextAttributesW
FreeCredentialsHandle
EncryptMessage
ApplyControlToken
DecryptMessage
InitializeSecurityContextW
DeleteSecurityContext
FreeContextBuffer
AcceptSecurityContext
AcquireCredentialsHandleA

crypt32

CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertDuplicateCertificateChain
CertDuplicateStore
CertFreeCertificateChain
CertDuplicateCertificateContext
CertFreeCertificateContext
CertCloseStore
CertVerifyCertificateChainPolicy
CertGetCertificateChain

advapi32

RegQueryValueExW
RegOpenKeyExW
SystemFunction036
RegCloseKey

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

bcrypt

BCryptGenRandom

vcruntime140

_CxxThrowException
__current_exception_context
__current_exception
__CxxFrameHandler3
memmove
memset
memcpy
memcmp
__C_specific_handler

api-ms-win-crt-math-l1-1-0

pow
__setusermatherr

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_crt_atexit
_configure_narrow_argv
_initialize_onexit_table
_set_app_type
_seh_filter_exe
_exit
__p___argc
exit
terminate
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm_e
_c_exit
_initterm
_cexit
__p___argv
_register_thread_local_exe_atexit_callback

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1016KB - Virtual size: 1015KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3794507b8314ca818bea95ceaf528adb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

ws2_32

secur32

crypt32

advapi32

shell32

ole32

bcrypt

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 1016KB - Virtual size: 1015KB

.data Size: 12KB - Virtual size: 12KB

.pdata Size: 110KB - Virtual size: 109KB

.rsrc Size: 1024B - Virtual size: 880B

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 1016KB - Virtual size: 1015KB

.data
Size: 12KB - Virtual size: 12KB

.pdata
Size: 110KB - Virtual size: 109KB

.rsrc
Size: 1024B - Virtual size: 880B

.reloc
Size: 19KB - Virtual size: 18KB