c7b06b1063d39e73182d129af5bfe390N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

c7b06b1063d39e73182d129af5bfe390N.exe
Size

984KB
MD5

c7b06b1063d39e73182d129af5bfe390
SHA1

54d0668da3db34df7270eea7f50743db63ea3987
SHA256

db5b12c944196f1f421d3cfab39ec71feca7a26b3d7e05eae73d7697bbf05062
SHA512

93fc6c2ecd379a30c20141d3d08272abd643ae88b61c153ab343f144e7d7bcf2183a14ab0a5ba31ddd4d1c71fbacf2801227536db467fe1855ed8371481bd550
SSDEEP

12288:w9kOlex++uD2lbeIx1JPgtEnC1UPX5UPP9djo8rgkfEpFRAX64XQf:w9rG+LkeIPPginC1UPX5UPP9djo8ckf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7b06b1063d39e73182d129af5bfe390N.exe

Files

c7b06b1063d39e73182d129af5bfe390N.exe
.exe windows:5 windows x64 arch:x64

5950ed8f1e0b38dc1a9b97426e6b8e9f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
DuplicateTokenEx
ImpersonateLoggedOnUser
LogonUserA
LookupPrivilegeValueA
LookupAccountSidA
AdjustTokenPrivileges
GetTokenInformation
OpenThreadToken
RevertToSelf
CreateProcessWithLogonW
AllocateAndInitializeSid
FreeSid
GetUserNameA
CheckTokenMembership
CreateProcessAsUserA
CreateProcessWithTokenW
OpenProcessToken

ntdll

NtQueryInformationProcess

ws2_32

accept
__WSAFDIsSet
WSAGetLastError
shutdown
send
recv
ioctlsocket
ntohs
listen
socket
connect
WSASocketA
WSAIoctl
WSACleanup
WSAStartup
closesocket
ntohl
htons
htonl
getaddrinfo
bind
select
inet_addr
freeaddrinfo
gethostbyname

cryptdll

CDGenerateRandomBits

shlwapi

PathFileExistsA

shell32

ShellExecuteA

kernel32

FreeEnvironmentStringsW
SetStdHandle
HeapReAlloc
CreateFileW
WriteConsoleW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
IsValidCodePage
FindFirstFileExW
RemoveDirectoryW
DeleteFileW
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
LCMapStringW
GetStringTypeW
GetFileType
QueryPerformanceFrequency
GetModuleFileNameW
GetStdHandle
GetModuleHandleExW
ExitProcess
RaiseException
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
FreeLibrary
GetProcAddress
VirtualAlloc
VirtualFree
LoadLibraryA
GetModuleHandleA
Sleep
GetLastError
WaitForSingleObject
CreatePipe
GetStartupInfoA
ExpandEnvironmentStringsA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetCurrentDirectoryW
FindClose
HeapSize
FileTimeToSystemTime
GetFullPathNameA
GetFileAttributesA
FindFirstFileA
FindNextFileA
CopyFileA
MoveFileA
OpenProcess
CloseHandle
VirtualProtect
VirtualAllocEx
VirtualProtectEx
GetCurrentProcessId
CreateThread
CreateRemoteThread
OpenThread
ReadProcessMemory
WriteProcessMemory
GetThreadContext
SetThreadContext
Wow64GetThreadContext
Wow64SetThreadContext
ResumeThread
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
CreateToolhelp32Snapshot
Thread32First
Thread32Next
ReadFile
GetTickCount
DisconnectNamedPipe
SetNamedPipeHandleState
PeekNamedPipe
CreateFileA
WaitNamedPipeA
WriteFile
FlushFileBuffers
LocalAlloc
LocalFree
GetModuleFileNameA
GetEnvironmentVariableA
GetComputerNameA
GetVersionExA
GetACP
GetOEMCP
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
TerminateProcess
SetErrorMode
DuplicateHandle
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
CreateProcessA
ProcessIdToSessionId
MultiByteToWideChar
Process32First
Process32Next
GetCurrentThread
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
FindNextFileW
WideCharToMultiByte
TlsAlloc
SetEndOfFile
VirtualQuery
SystemTimeToTzSpecificLocalTime
SetLastError
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount

Sections

.text
Size: 582KB - Virtual size: 581KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5950ed8f1e0b38dc1a9b97426e6b8e9f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ntdll

ws2_32

cryptdll

shlwapi

shell32

kernel32

Sections

.text Size: 582KB - Virtual size: 581KB

.rdata Size: 206KB - Virtual size: 205KB

.data Size: 5KB - Virtual size: 57KB

.pdata Size: 22KB - Virtual size: 22KB

.rsrc Size: 163KB - Virtual size: 162KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 582KB - Virtual size: 581KB

.rdata
Size: 206KB - Virtual size: 205KB

.data
Size: 5KB - Virtual size: 57KB

.pdata
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 163KB - Virtual size: 162KB

.reloc
Size: 5KB - Virtual size: 4KB