6f2c48805311ddf231c71554d2521c60N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6f2c48805311ddf231c71554d2521c60N.exe
Size

876KB
MD5

6f2c48805311ddf231c71554d2521c60
SHA1

90fdadb51a4c128009ea5f9adf266ed1d7583531
SHA256

cd73a71b6fafd444cb4e7f13a2f27c5e2c4ebfcb2b7ee1154dcf7709f41bb2eb
SHA512

19ef2af7d500372363d46c4f73db957d7f3fa9d4e919301e5d8cee53492de617fbf7afa758c25ae0d67560231fbb1b2a3ced9bf3b070f2562afe6bb6de0d5d69
SSDEEP

12288:oRrL+3d2LpFaiUmNvFHRZajdr7cx8j+UnRY8J39y+tft+gEi11PComFE0:+rL+3d0pECFHRZajvA+tU/i116T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f2c48805311ddf231c71554d2521c60N.exe

Files

6f2c48805311ddf231c71554d2521c60N.exe
.dll windows:5 windows x64 arch:x64

40f34c22521e4322e70298e705b43d40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAllocEx
GetLastError
WriteProcessMemory
ResumeThread
SetFileAttributesW
CreateFileW
TerminateProcess
GetFileAttributesW
CopyFileW
VirtualFreeEx
WriteFile
CreateDirectoryW
CreateProcessW
SetThreadContext
CloseHandle
GetThreadContext
SetEndOfFile
CreateFileA
WriteConsoleW
SetStdHandle
LoadLibraryW
WideCharToMultiByte
MultiByteToWideChar
EncodePointer
DecodePointer
GetStringTypeW
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetCPInfo
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCurrentProcess
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
SetLastError
FlsAlloc
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
GetProcAddress
GetModuleHandleW
ExitProcess
GetModuleFileNameW
ReadFile
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetLocaleInfoW
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
GetProcessHeap

advapi32

RegCloseKey
RegOpenKeyExW
RegEnumValueW
RegEnumValueA
RegDeleteValueW
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExW
RegSetValueExW

shell32

SHGetKnownFolderPath

ole32

CoCreateInstance
CoUninitialize
CoInitialize

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 653KB - Virtual size: 663KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40f34c22521e4322e70298e705b43d40

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

Sections

.text Size: 164KB - Virtual size: 164KB

.rdata Size: 45KB - Virtual size: 45KB

.data Size: 653KB - Virtual size: 663KB

.pdata Size: 8KB - Virtual size: 8KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 164KB - Virtual size: 164KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 653KB - Virtual size: 663KB

.pdata
Size: 8KB - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 3KB