10b9cff5180a26bb9647571305ae27b0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

10b9cff5180a26bb9647571305ae27b0N.exe
Size

1.9MB
MD5

10b9cff5180a26bb9647571305ae27b0
SHA1

8a190ef8629b93ad8442cc7fbbbdc39ac5706693
SHA256

c2f115ae70415b2e4d2183d41facb509a8bbfa57e3453c56f2fc0b773d28ee3c
SHA512

01da74af02d6e1e2a31fd75e5808fb682f92522cd9069f48959aaec8572139323a08914a27198e8e9cddb9c8eb75a5ce3c1f6738a4ea4acb079132b15800cc2b
SSDEEP

24576:7EE4dGHr7F14MiEr1q5YQj6tXYR6i8JsbXs2dmS+iZ1ozrOQ3xB/3pbyM:YEvHr7Fb/j7aep/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10b9cff5180a26bb9647571305ae27b0N.exe

Files

10b9cff5180a26bb9647571305ae27b0N.exe
.exe windows:6 windows x64 arch:x64

d6baa3d80d489a7c8ec46ead077b7ee1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

crypt32

CryptUnprotectData

wininet

InternetConnectA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
HttpOpenRequestA

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoInitialize
CoUninitialize
CoCreateInstance

user32

GetDesktopWindow
GetWindowRect
GetSystemMetrics
MessageBoxA
GetCursorPos
FindWindowA

iphlpapi

GetAdaptersInfo

shlwapi

PathCombineA

mpr

WNetGetProviderNameW
WNetGetProviderNameA

advapi32

RegEnumKeyExW
RegCloseKey
RegQueryValueExA
GetUserNameA
RegQueryValueExW
RegOpenKeyExA
RegOpenKeyExW
RegOpenKeyW

kernel32

ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetTimeZoneInformation
FindNextFileW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetConsoleMode
FindClose
CompareStringW
GetConsoleOutputCP
SetFilePointerEx
GetFileSizeEx
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
FindFirstFileExW
GetSystemFirmwareTable
SetLastError
GetPhysicallyInstalledSystemMemory
GetCurrentProcess
Wow64DisableWow64FsRedirection
ExpandEnvironmentStringsA
CreateMutexA
LocalAlloc
GetModuleHandleA
OpenProcess
MultiByteToWideChar
Sleep
FormatMessageW
GetTickCount64
Wow64RevertWow64FsRedirection
GetLastError
GetFileAttributesA
CreateFileA
GetDiskFreeSpaceExW
LoadLibraryA
CloseHandle
K32GetModuleBaseNameA
GetSystemInfo
LoadLibraryW
GetWindowsDirectoryA
K32EnumProcesses
GetProcAddress
LocalFree
RemoveDirectoryA
VerSetConditionMask
GetProcessHeap
GlobalMemoryStatusEx
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
BuildCommDCBAndTimeoutsA
lstrcmpiA
VerifyVersionInfoW
GetComputerNameExA
CreateDirectoryA
lstrcmpiW
IsWow64Process
GetComputerNameA
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
RaiseException
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
GetNativeSystemInfo
GetStringTypeW
LCMapStringEx
InitializeCriticalSectionEx
EncodePointer
DecodePointer
CompareStringEx
GetCPInfo
GetCommandLineW
GetCommandLineA
ExitProcess
FreeLibraryAndExitThread
ExitThread
CreateThread
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameW
GetFileType
GetStdHandle
LoadLibraryExW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
InitializeSListHead
TerminateProcess
RtlUnwindEx
RtlPcToFileHeader
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind

shell32

SHGetSpecialFolderPathA

wevtapi

EvtClose
EvtNext
EvtRender
EvtQuery
EvtOpenLog

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d6baa3d80d489a7c8ec46ead077b7ee1

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

wininet

oleaut32

ole32

user32

iphlpapi

shlwapi

mpr

advapi32

kernel32

shell32

wevtapi

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 184KB - Virtual size: 183KB

.data Size: 57KB - Virtual size: 65KB

.pdata Size: 70KB - Virtual size: 69KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 184KB - Virtual size: 183KB

.data
Size: 57KB - Virtual size: 65KB

.pdata
Size: 70KB - Virtual size: 69KB

.reloc
Size: 6KB - Virtual size: 6KB