6154df33aa99fada3797912a13c32170N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6154df33aa99fada3797912a13c32170N.exe
Size

125KB
MD5

6154df33aa99fada3797912a13c32170
SHA1

d6987fc13af21e5e9ccc23fea230b018b58d2d1b
SHA256

e4c075cb3ec665c1e3603f725160f1e84172d386794101eca496d8a31eba3bb9
SHA512

6d8342801ddbf47646d743fe71390b7bcb35d4fd9e2efd52d39f410459a94b0c0eb5b2ca0a02550a6a0b7f1ccb88025cd0c98b4401e4f3690db48f7974adabdb
SSDEEP

3072:ybmIoVWv6bEwzVEvp5G4SDuj2rWLoOCQ1ZkJJzM:lI0HzV+p5BouQpzM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6154df33aa99fada3797912a13c32170N.exe

Files

6154df33aa99fada3797912a13c32170N.exe
.exe windows:6 windows x86 arch:x86

a8dc4a68e88dfae3c6a6507bf88d711e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowThreadProcessId
EnumWindows
GetWindowTextA

shell32

CommandLineToArgvW

ole32

CoGetObject
CoUninitialize
CoInitializeEx

advapi32

GetTokenInformation
OpenProcessToken

kernel32

HeapReAlloc
HeapSize
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
WriteConsoleW
SetFilePointerEx
DeleteCriticalSection
HeapFree
GetCommandLineW
GetCurrentProcess
DeviceIoControl
TerminateProcess
GetModuleFileNameW
CreateFileW
OpenProcess
Sleep
UpdateProcThreadAttribute
CloseHandle
GetSystemInfo
GetWindowsDirectoryW
GetProcAddress
ReadProcessMemory
GetCurrentProcessId
GetProcessHeap
GlobalMemoryStatusEx
CreateProcessW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
FlushFileBuffers
RtlUnwind
RaiseException
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DecodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
HeapAlloc
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8dc4a68e88dfae3c6a6507bf88d711e

Headers

DLL Characteristics

File Characteristics

Imports

user32

shell32

ole32

advapi32

kernel32

Sections

.text Size: 84KB - Virtual size: 84KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 84KB - Virtual size: 84KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB