11ed68d0bd36bc74df66f88cef51b4eb592cd1cba29812fc6c1cf8e99cdc2949[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

11ed68d0bd36bc74df66f88cef51b4eb592cd1cba29812fc6c1cf8e99cdc2949.exe
Size

152KB
MD5

6bfe7638a02706a837381106503c3f60
SHA1

63a639d4328dab44e3bfab3abf48606404497897
SHA256

11ed68d0bd36bc74df66f88cef51b4eb592cd1cba29812fc6c1cf8e99cdc2949
SHA512

5ee31f2a980775808871f35550389bb2328a4c29703c8ae8ef770dd5f10d0b5e8c3b3596d78942894eaf22813c2ba9fb895aa7e9fcea003a7e8346de6cea64c0
SSDEEP

3072:zFVBWnVbfnVbftqNoQsR2I7IRP+tKAdNcGrV3J:zFVcnVbfRAVCIkx73J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11ed68d0bd36bc74df66f88cef51b4eb592cd1cba29812fc6c1cf8e99cdc2949.exe

Files

11ed68d0bd36bc74df66f88cef51b4eb592cd1cba29812fc6c1cf8e99cdc2949.exe
.exe windows:4 windows x86 arch:x86

be31827983f79646c191e6a9012a4de3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
GetExitCodeProcess
OpenProcess
GetPrivateProfileIntA
GetPrivateProfileStringA
InitializeCriticalSection
GetModuleHandleA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateEventA
GetWindowsDirectoryA
SuspendThread
DuplicateHandle
GetCurrentThread
GetCurrentProcess
ResumeThread
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
Sleep
GetModuleFileNameA
WaitForSingleObject
ResetEvent
GetCurrentProcessId
SetEvent
ReleaseMutex
CloseHandle
GetLastError
FormatMessageA
GetTickCount
LocalFree
RtlUnwind
ExitProcess
TerminateProcess
GetTimeZoneInformation
GetSystemTime
GetLocalTime
MoveFileA
CreateThread
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
GetCommandLineA
GetVersion
HeapReAlloc
HeapAlloc
HeapSize
TlsAlloc
SetLastError
HeapFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
CreateFileA
MultiByteToWideChar
GetCPInfo
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
ReadFile
GetProcAddress
LoadLibraryA
SetEndOfFile
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
DeleteFileA
WriteConsoleA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegisterServiceCtrlHandlerA
ControlService
DeleteService
OpenServiceA
QueryServiceStatus
OpenSCManagerA
CreateServiceA
CloseServiceHandle
StartServiceA
StartServiceCtrlDispatcherA
SetServiceStatus

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

be31827983f79646c191e6a9012a4de3

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 20KB - Virtual size: 25KB

.rsrc Size: 12KB - Virtual size: 11KB

.rmnet Size: 56KB - Virtual size: 56KB

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 20KB - Virtual size: 25KB

.rsrc
Size: 12KB - Virtual size: 11KB

.rmnet
Size: 56KB - Virtual size: 56KB