1b91b0dedf19d07324d2b61fbbe120fed77a90b74e8680df94f802a3bf6bb00b[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1b91b0dedf19d07324d2b61fbbe120fed77a90b74e8680df94f802a3bf6bb00b.exe
Size

176KB
MD5

4013fb8ec1263f3fc4dbf7411122be54
SHA1

ede00c8915a7387df3aa4e6b5ba7c86152fb1180
SHA256

1b91b0dedf19d07324d2b61fbbe120fed77a90b74e8680df94f802a3bf6bb00b
SHA512

affb5c62ceabbac1c855b62e7db9cf12d0a83b3218bb40e2f5de82eccdc4857c093dd818b38e920557691cb7a5637db90c417aaf53218f039992cb24bedde7e7
SSDEEP

384:gT/WSnV4iPKeAsZxrpVrJy1KPAZRsZiMaxs1vvW9TOmZ:grM0Zx1VVGb9o1GxOu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b91b0dedf19d07324d2b61fbbe120fed77a90b74e8680df94f802a3bf6bb00b.exe

Files

1b91b0dedf19d07324d2b61fbbe120fed77a90b74e8680df94f802a3bf6bb00b.exe
.dll windows:4 windows x64 arch:x64

1d6bd0a4f955b5558c6bd42c7619b081

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken

kernel32

CloseHandle
CreateMutexA
CreatePipe
CreateProcessA
GetComputerNameA
GetCurrentProcess
GetExitCodeProcess
GetFileSize
GetModuleFileNameA
GetVersionExA
ReadFile
ReleaseMutex
SetHandleInformation
Sleep
TerminateProcess
VerSetConditionMask
VerifyVersionInfoA
WaitForSingleObject
WriteFile

msvcrt

_beginthread
exit
fclose
fopen
fread
free
fseek
ftell
fwrite
getenv
malloc
memcpy
memset
rand
sprintf
srand
strcpy
strlen
wcstombs
_time64

netapi32

NetApiBufferFree
NetGetJoinInformation

ws2_32

WSACleanup
WSAStartup
__WSAFDIsSet
closesocket
connect
freeaddrinfo
getaddrinfo
htons
inet_addr
inet_ntop
ntohs
recv
select
send
setsockopt
socket

Exports

Exports

FreeInstalledPackageInfo
GetInstalledPackageInfo
Test
rundll
start

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d6bd0a4f955b5558c6bd42c7619b081

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

netapi32

ws2_32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 4KB

.bss Size: 132KB - Virtual size: 132KB

.edata Size: 4KB - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 16KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 4KB

.bss
Size: 132KB - Virtual size: 132KB

.edata
Size: 4KB - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB