ENCRYPT_C_VISIBLEENTRY[.]exe[.]bin | Triage

Sharing

General

Target

ENCRYPT_C_VISIBLEENTRY.exe.bin
Size

391KB
MD5

4be7c8cdc4eb344bc3bce1e9d2bf4b6d
SHA1

5c18b5a920917420dfba267853769ce0e11ef57f
SHA256

6aabcc25ae4ca7804b2f70fdf4b9fd17ca8cfd70bb0c9903a8d537570ebb9405
SHA512

46492322b2392ab8ce9bde3f8ad62bd95e62de1d8c0a0c284ef58334a2e3e7a38ad193c2f69a0f6a5d769d12f6bc9fe815cb9699aa256dd474836c8d8bd7395c
SSDEEP

12288:SUyh8ETAbg65kkZ7oZXu6PWHzXzroCvczjCo:3dDbgerajCo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ENCRYPT_C_VISIBLEENTRY.exe.bin

Files

ENCRYPT_C_VISIBLEENTRY.exe.bin
.exe windows:6 windows x86 arch:x86

f3e838ee31b285ae737d3c8fdc09fd2f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
CreateFileA
CloseHandle
GetLastError
HeapCreate
ConvertThreadToFiber
CreateFiber
DeleteFiber
SwitchToFiber
CreateActCtxA
ActivateActCtx
CreateThread
ResumeThread
OpenThread
WaitForSingleObject
GetFileInformationByHandle
VirtualAlloc
GetCurrentProcess
HeapLock

Exports

Exports

CewKUR
KTw434UJ
QzVO354E
VisibleEntry

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ