91bd06a476788957303bd77b534eeea0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

91bd06a476788957303bd77b534eeea0N.exe
Size

2.4MB
MD5

91bd06a476788957303bd77b534eeea0
SHA1

cdbc2309b9f212dad8b73d32d094622e0f92626b
SHA256

b64c81f881573266b1582e2601dc8a5ed70bd612a0eaafef16d9087d64027e60
SHA512

825ef7a61cc0412a3a4d3b6da74b161850b6626df9768f6e4ae0a81bbe260733f7ed7f3f0b70dd3d09fc7ff063e820569beb536bf1c240e17e198c532c73eca8
SSDEEP

24576:dTaJ+64AVEI6Qhjh2Fl7N18oLBoWhCMLIx+hZMgkkjukaJBr+92kJ5NZIqt:JaJ+6vEIY7LS4xKk6+kkJ5TI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
91bd06a476788957303bd77b534eeea0N.exe

Files

91bd06a476788957303bd77b534eeea0N.exe
.dll regsvr32 windows:6 windows x64 arch:x64

8bd1b793a7635d3fb28a87d534f9728a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\PC\Desktop\C2New\Rev\x64\Release\Rev.pdb

Imports

kernel32

GetModuleHandleA
PostQueuedCompletionStatus
GetCommandLineA
CreateEventW
MultiByteToWideChar
FormatMessageW
ReleaseSRWLockExclusive
SetEvent
AcquireSRWLockExclusive
TerminateThread
WaitForSingleObjectEx
CloseHandle
ReleaseSRWLockShared
IsDBCSLeadByte
LoadResource
QueueUserAPC
CreateWaitableTimerA
GetProcAddress
LocalFree
AcquireSRWLockShared
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
SleepEx
lstrcmpiA
CreateProcessA
GetSystemTimeAsFileTime
FormatMessageA
CreateEventA
CreateIoCompletionPort
GetExitCodeProcess
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
HeapFree
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
CreateFileW
GetFileAttributesW
UnmapViewOfFile
HeapValidate
HeapSize
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
DeleteFileA
DeleteFileW
HeapReAlloc
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
LockFileEx
GetFileSize
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GetCurrentThreadId
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
WaitForSingleObject
FindResourceA
GetQueuedCompletionStatus
CreatePipe
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EncodePointer
GetThreadLocale
WaitForMultipleObjects
LoadLibraryExA
EnterCriticalSection
SetLastError
SetWaitableTimer
SetHandleInformation
SetThreadLocale
SizeofResource
InitializeSRWLock
GetModuleFileNameA
ReadFile
ExitProcess
Sleep
DeleteCriticalSection
GetEnvironmentStringsW
GetCommandLineW
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
GetTimeZoneInformation
GetFileSizeEx
HeapQueryInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFileType
GetStdHandle
GetModuleFileNameW
FreeLibraryAndExitThread
ExitThread
CreateThread
VirtualQuery
VirtualProtect
RtlUnwind
VirtualAlloc
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
OpenEventA
ReleaseSemaphore
ResetEvent
SetFilePointerEx
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeSListHead
GetStartupInfoW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
CompareStringEx
DecodePointer
RaiseException
GetLastError
GetSystemTime
InitializeCriticalSectionEx
IsDebuggerPresent
TryAcquireSRWLockExclusive
RtlPcToFileHeader
IsProcessorFeaturePresent
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
GetLocaleInfoEx
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileInformationByHandle
SetFileInformationByHandle
DeviceIoControl
CopyFileW
MoveFileExW
GetFileInformationByHandleEx
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceFrequency
InitOnceComplete
InitOnceBeginInitialize
LCMapStringEx
GetStringTypeW

user32

GetDC
GetSystemMetrics
CharNextW
ReleaseDC
CharNextA

gdi32

BitBlt
DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

RegDeleteValueA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegEnumKeyExA
CreateProcessWithLogonW
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegOpenKeyExA
CryptEnumProvidersA

ole32

CoTaskMemAlloc
StringFromGUID2
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

oleaut32

LoadTypeLi
RegisterTypeLi
SysAllocString
SysStringLen
VarUI4FromStr
SysFreeString
UnRegisterTypeLi

ws2_32

WSARecv
htons
recv
WSACleanup
__WSAFDIsSet
accept
bind
WSAIoctl
WSASend
select
ntohl
shutdown
listen
WSASetLastError
WSASocketW
getaddrinfo
getpeername
getsockname
ntohs
WSAAddressToStringW
gethostname
WSAStartup
getsockopt
htonl
freeaddrinfo
ioctlsocket
setsockopt
WSAGetLastError
closesocket
inet_pton
send
socket
connect

bcrypt

BCryptDecrypt
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGenerateSymmetricKey
BCryptDestroyKey

gdiplus

GdipSaveImageToStream
GdipGetImageEncodersSize
GdiplusStartup
GdiplusShutdown
GdipGetImageEncoders
GdipFree
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipDisposeImage

crypt32

CryptStringToBinaryA
CryptUnprotectData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fptable
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8bd1b793a7635d3fb28a87d534f9728a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

ws2_32

bcrypt

gdiplus

crypt32

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 364KB - Virtual size: 363KB

.data Size: 60KB - Virtual size: 70KB

.pdata Size: 83KB - Virtual size: 83KB

_RDATA Size: 512B - Virtual size: 500B

.fptable Size: 512B - Virtual size: 256B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 364KB - Virtual size: 363KB

.data
Size: 60KB - Virtual size: 70KB

.pdata
Size: 83KB - Virtual size: 83KB

_RDATA
Size: 512B - Virtual size: 500B

.fptable
Size: 512B - Virtual size: 256B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 10KB - Virtual size: 10KB