mscvbsdtyu[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

mscvbsdtyu.exe
Size

27.8MB
MD5

30754219adee9f28f602747c8cf90999
SHA1

cc5804d51bc5d22340d049b854f7de2cdfa17acf
SHA256

3e3c69d2f253b093ee5364031e63b1a850953a17c842b1be3d63a7711081db39
SHA512

2875967be7193aeded7e4f64607ba52669fe5fbddb2d90f234c24071f3e7739eae1d24e3e41bdeca7b99eadfda1481c9401e0ee45e38fe1c11b4ba96e0c8e677
SSDEEP

393216:Un+H42Bc66Ql/9/cn78c8DB8/o25m1C0QeWEgX+yVq1yTXOPyCD0EYF:++lBd6Ql/9YmDBa58SeEV9T8jY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
mscvbsdtyu.exe

Files

mscvbsdtyu.exe
.exe windows:6 windows x64 arch:x64

aeebaa5161078dfbb3adbbc1b5314d3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

OpenProcessToken

bcrypt

BCryptEncrypt

crypt32

CertFreeCertificateChainEngine

iphlpapi

GetNetworkParams

kernel32

RtlPcToFileHeader
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

ncrypt

NCryptOpenKey

ole32

CoTaskMemFree

oleaut32

LoadRegTypeLi

secur32

GetUserNameExW

user32

LoadStringW

version

VerQueryValueW

ws2_32

WSAIoctl

api-ms-win-crt-heap-l1-1-0

_set_new_mode

api-ms-win-crt-math-l1-1-0

fmodf

api-ms-win-crt-string-l1-1-0

wcsncmp

api-ms-win-crt-runtime-l1-1-0

__p___wargv

api-ms-win-crt-stdio-l1-1-0

_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

DotNetRuntimeDebugHeader

Sections

.text
Size: - Virtual size: 851KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.managed
Size: - Virtual size: 9.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 15.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 852KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.43670
Size: - Virtual size: 11.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.43671
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.43672
Size: 27.7MB - Virtual size: 27.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aeebaa5161078dfbb3adbbc1b5314d3e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

bcrypt

crypt32

iphlpapi

kernel32

ncrypt

ole32

oleaut32

secur32

user32

version

ws2_32

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: - Virtual size: 851KB

.managed Size: - Virtual size: 9.9MB

.rdata Size: - Virtual size: 15.1MB

.data Size: - Virtual size: 2.6MB

.pdata Size: - Virtual size: 852KB

_RDATA Size: - Virtual size: 500B

.43670 Size: - Virtual size: 11.6MB

.43671 Size: 5KB - Virtual size: 5KB

.43672 Size: 27.7MB - Virtual size: 27.7MB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: - Virtual size: 851KB

.managed
Size: - Virtual size: 9.9MB

.rdata
Size: - Virtual size: 15.1MB

.data
Size: - Virtual size: 2.6MB

.pdata
Size: - Virtual size: 852KB

_RDATA
Size: - Virtual size: 500B

.43670
Size: - Virtual size: 11.6MB

.43671
Size: 5KB - Virtual size: 5KB

.43672
Size: 27.7MB - Virtual size: 27.7MB

.rsrc
Size: 9KB - Virtual size: 8KB