6bf367624eb13b2aba100330dcd76400N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6bf367624eb13b2aba100330dcd76400N.exe
Size

9.3MB
MD5

6bf367624eb13b2aba100330dcd76400
SHA1

031bc25806003bc3955d78ddcf30c716e104ae3e
SHA256

8665c006bae4af32a70f575e008f0a5843bc241ca8965af20d9fe571046b6b88
SHA512

234e083e31f2cc6b8b8f191f9d09e2242b20bec04cb62b17caea08a8f11eebdbd6470d048cfa2f2cb58543b5dfae53f73dba309204a0d784aa6d7aaf2dbdba31
SSDEEP

196608:w+//GkSlgJVaW5fUpxf+fVpD2cK133ag6CImhpmefFoUiQroJLhV58zJ3:hWZFwfUpxWpDk3zpmOviQwoz1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6bf367624eb13b2aba100330dcd76400N.exe

Files

6bf367624eb13b2aba100330dcd76400N.exe
.dll windows:6 windows x64 arch:x64

9c773be6eae61f67e6fe8f1d2f835290

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

IsBadWritePtr
CreateFileW
WriteFile
GetTempPathA
GetTempFileNameA
GetLongPathNameA
CreateProcessW
FindFirstFileW
CreateToolhelp32Snapshot
HeapFree
GetSystemInfo
GetStartupInfoW
ReadFile
GetExitCodeProcess
GetProcAddress
DeleteFileW
FindNextFileW
HeapAlloc
GetProcessHeap
VirtualProtect
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
MoveFileW
CreateDirectoryW
GetComputerNameW
OutputDebugStringW
OutputDebugStringA
GetLastError
GetTempPathW
CreatePipe
WaitForSingleObject
CloseHandle
CreateThread
GetCurrentProcessId
Process32NextW
Process32FirstW
FreeLibraryAndExitThread
GetModuleFileNameW
Sleep
LoadLibraryW
OpenProcess
IsBadReadPtr
GetCurrentThread
GetModuleHandleW
TerminateProcess
CreateMutexW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
SetStdHandle
GetTimeZoneInformation
GetOEMCP
GetACP
IsValidCodePage
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
SetConsoleCtrlHandler
GetFileInformationByHandle
ExitThread
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
RtlLookupFunctionEntry
RtlUnwindEx
WriteConsoleW
GetCommandLineA
GetConsoleCP
SetFilePointerEx
RtlPcToFileHeader
GetModuleHandleExW
ExitProcess
IsProcessorFeaturePresent
IsDebuggerPresent
OpenThread
Thread32Next
Thread32First
SetConsoleMode
ReadConsoleW
ReadConsoleA
GetConsoleMode
GetEnvironmentVariableW
ConvertFiberToThread
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SystemTimeToFileTime
QueryPerformanceCounter
GetSystemTimeAsFileTime
FileTimeToSystemTime
QueryPerformanceFrequency
FileTimeToLocalFileTime
GetFileAttributesW
GetCurrentDirectoryW
FindClose
SetEvent
CreateEventW
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
ReadProcessMemory
WriteProcessMemory
SetLastError
VirtualQuery
FreeLibrary
LoadLibraryExW
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualFree
VirtualProtectEx
VirtualQueryEx
GetStringTypeW
EncodePointer
DecodePointer
RaiseException
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
ResetEvent
GetFileSize
MapViewOfFileEx
lstrlenW
SwitchToThread
WaitForMultipleObjects
InitializeCriticalSectionEx
SleepEx
VerSetConditionMask
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
VerifyVersionInfoA
GetTickCount
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
PeekNamedPipe
FormatMessageA
CreateFileA
GetFileSizeEx
DeleteFileA
AreFileApisANSI
GetSystemTime
LocalFree
GetFileAttributesExW
GetDiskFreeSpaceA
CreateFileMappingA
GetDiskFreeSpaceW
LockFileEx
FlushFileBuffers
HeapValidate
GetFileAttributesA
FormatMessageW
UnlockFileEx
LockFile
FlushViewOfFile
UnlockFile
SetEndOfFile
SetFilePointer
HeapCompact
GetFullPathNameA
GetFullPathNameW
InitializeCriticalSection
VirtualLock
VirtualUnlock
MoveFileExW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
DeleteFiber
FlsSetValue
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
GlobalFree
GetProcAddress
LocalAlloc
LocalFree
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

PostMessageW
IsWindow
EnumWindows
GetParent
GetClassNameW
MessageBoxW
GetUserObjectInformationW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
SetWindowLongPtrW
DispatchMessageW
GetWindowThreadProcessId
CallWindowProcW
SendMessageW
GetProcessWindowStation
SwitchToThisWindow
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

ole32

CoUninitialize
CoCreateGuid
CoInitialize

ws2_32

setsockopt
shutdown
sendto
send
ntohs
htons
getsockopt
getsockname
getpeername
ioctlsocket
closesocket
WSAGetLastError
ntohl
htonl
gethostname
accept
WSASetLastError
WSAIoctl
WSAStringToAddressW
getaddrinfo
freeaddrinfo
InetNtopW
bind
listen
socket
WSAStartup
WSACleanup
connect
recv
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
__WSAFDIsSet
select
recvfrom

shlwapi

PathFindFileNameW
PathFileExistsW
PathIsDirectoryW
StrChrW
PathRenameExtensionW
StrCpyW
PathAppendW

winmm

timeGetTime

bcrypt

BCryptGenRandom

crypt32

CertGetCertificateChain
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
CertAddCertificateContextToStore
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertFreeCertificateChain
CertOpenStore

wldap32

ord32
ord33
ord27
ord79
ord30
ord200
ord26
ord22
ord41
ord45
ord143
ord217
ord46
ord211
ord35
ord60
ord301
ord50

wtsapi32

WTSSendMessageW

Exports

Exports

�8d��;��y\�hm�}��'��4�NB��Z�Lq^��8!X��\2mլ'l,oƙ��W�yF��Mr`�ZEa+X;��XMM��mT��/KH��N4��8�!1��M��i^ Ǆ� *��+�j��b[a�l�Ȝ��s�ibk��Am8*�A��?Z"�=\��2�Mm��z'7�?i�M��Kg��X�-W!��9�M��{��d�dj|�)�R��*ۛ��oW)��N��LL'��X��fL��5G�/p�m��OӤ�2��l��g2 R�ej��&^u�Z��8[ ��l�⏵��o��y��Ý�� nՖ�?�(Sݥ=��̓�s4��r@�Y~��`�TP�_��p�\~R h��=U��|��MX<b�� ͋��m�uDoH��5��(dڰ�E��U��cۢ�R��:��՚$)��8��~��w��T4��Vg�!`w�<K�>1H|�c�O��?֐T��C��(zA!�gU��[1�q9-:.3��ز��[7JfY`��]��H��H�)��Bn[(�$��j��K ܳ�)S'� #�!Wd��i�Օn�}� ��E.�n�T��dճO9�ʡ��9[��(�Zu U�md��0g�ǈ��d)��!�ߞ�]�*;{`��T�ń �3.��Pp�+�2��G�9!j#��+�Ml�W�G��q�?wFɠ��^ �_G��T��}��h��#R�lY�r�06��a��z�0��I��)�]8�k��=x&� ��4,]��0�Ȥ((��Ǭ�w𐯹��s�&�*��7s�ԙ3�C��MK��o�RODD�c[�=2��߹7Dc�9֖T�zw`��H�o�ha�iUҒ�� *$v�B�V�uYN��F�c�*�Y��m�82<pP��Y�\�B��j"�f��_�A�ڤ(�Ee�3%�ħ�+=ww��T9ֻ7�3vA�uF�Q��}e?�cZ]�+H�l��oK<5ԡ`g6V�MRf(q�K�~��)��Q~W&��y��a�#��Y��(�X�Tz�5 �,��I��@2c��/3z�*7u#\'g�p�nG��,��nA��+��h��4�|�~i�n��~)?],�n�w��&��p��c�yD߯C��wD,.C3��&"��\#�F��\(�/�H��x$��$�\~]4�fSze; �\�;�R��T��r��1��E��K'��,f�a��#��?K|-�P�Q{��e]��.�Y@k�R�-�herG��dA��*��K��V�� R5Ho��S�ta_�Α'��U��3�%0��b��0�Y� 4x�ߨp}��+襛ʖ��xr��/�yP�ӳ2?��J)�3�S��)C�|b��RNĐ(0)�&�8H��6A�Ǘ�P,Q�|��[�a��D�5�}I0aZT�n��lOLG��b_��ڏ��,)]��n�ꩁ��p�v0�Jj �:��{J��;+P��Zs\։��l��RP ��a�NX��8_6�)v��Ľ�'��q\��i�hsq$%� �2vg��*�?�+c��Am�Tm�Z2ޞ�e�_��Z�-�s(��:� �+><^O��T�F�4�7��P�ܨ\!��#�$3�S�F�s�zNǺNՎ~�Ͼ��b��_�:�:S 1n��b?��CP�R軛l�4�4c�DL,��v��I��O��QD��Д�(��`�q��A�Ȟ�Y �M��64��dw�3��{[��m��n9�gR�_'�m�;<�I�!�s<�F��u�{�̫�,�I�'�=�ߏ��, V��5,rn��;{0"��Go��Ǎ�p��X�Ye�a��(�� :V|az0��qܓ��.W-��G��ϓ[�Ϩ��Qߜa��M�:��b��e2�n"��{T�`s��! �&��_ W-�`MaD�2��njʧ��Ȧ,��L�=7{ ��ú�~�r��2F��G��(��5�6~l �4Vੱ��/1��׬��Qn��z� ?8��W�� Y�!��޴��DOQo��ʵخ�Q ��<J��r�g��e��7[��`�훪��a�E�h��M��gQr�=��[C f��"�t$}p2Ye�t��'�ۉL��'�w@�Y�� B��=DشS+��3�P��(�y��؆艃!r�^t��DB��8m㐠��S?�|&�[�&L�h�u��3��rpŪ��N�.(�@%D�4�uY2�_��ظ�L�}�Q�]��@�L�~�Ys�ɬ��-��ֵ�ǳHB��lY�G� )�7PH�=��4��{��)�*,pA26�"�p%ʐ]L`#}s��?��sۂ��֠��_��4�/L��܍ {�NZq� ��5��Q�2��lAXOO��+R�SjJd&A�3Az'ƺX�X��8�:�:��5_��څ��m p`c:�'"�y�5R�^�qÑ8��=f��g�|�v̩�;��*�nt��l��ټM��f'Ir��'��K��T2��*/Q��D|%�޾� ip�e�X�+=#F��&)�@ȹ2��Y��S%'��ͩ��#��-��ҋts#VX7��W�,��.�#~�'1�-~�W٧+�8�Xw<.�>��n�ɹ�CbX,�E]5��C;��_�E��a�;o�Y��L��k�th73� * �0��N�r�*O䚵��q=(��'��լ��7��_��>kd��љcky-̈́o��([�)X1��{F�]3��V8��CvA~l�<$߾YWU ��@g(p�;d�6��ozS1��CR7�u��L(�H��o)�{:�{

Sections

.text
Size: - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 41B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.texi0
Size: - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.texi1
Size: 9.3MB - Virtual size: 9.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c773be6eae61f67e6fe8f1d2f835290

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

ws2_32

shlwapi

winmm

bcrypt

crypt32

wldap32

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 6.7MB

.rdata Size: - Virtual size: 2.3MB

.data Size: - Virtual size: 394KB

.pdata Size: - Virtual size: 367KB

.detourc Size: - Virtual size: 8KB

.detourd Size: - Virtual size: 24B

.tls Size: - Virtual size: 41B

_RDATA Size: - Virtual size: 11KB

.texi0 Size: - Virtual size: 4.4MB

.texi1 Size: 9.3MB - Virtual size: 9.3MB

.reloc Size: 512B - Virtual size: 208B

.rsrc Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 6.7MB

.rdata
Size: - Virtual size: 2.3MB

.data
Size: - Virtual size: 394KB

.pdata
Size: - Virtual size: 367KB

.detourc
Size: - Virtual size: 8KB

.detourd
Size: - Virtual size: 24B

.tls
Size: - Virtual size: 41B

_RDATA
Size: - Virtual size: 11KB

.texi0
Size: - Virtual size: 4.4MB

.texi1
Size: 9.3MB - Virtual size: 9.3MB

.reloc
Size: 512B - Virtual size: 208B

.rsrc
Size: 512B - Virtual size: 469B