Exploit[.]Win32[.]Nekto[.]aap-44c5a19431d1db95428286af5b3400c3fe10c58fd0b06d8a89e1734c650ce023

Sharing

Copy URL Twitter E-mail

General

Target

Exploit.Win32.Nekto.aap-44c5a19431d1db95428286af5b3400c3fe10c58fd0b06d8a89e1734c650ce023
Size

103KB
MD5

46c776dbc38470e0f20c6a5da72d6506
SHA1

90288fbe99582fbff5e81ddb55f3537f999a37f7
SHA256

44c5a19431d1db95428286af5b3400c3fe10c58fd0b06d8a89e1734c650ce023
SHA512

104143cdca81d6548bc7f60e1448ba04e7dc4fba2f7b12e76fb4acad930fa09e6dd49dde93e686ebacd40dce81946f59402996a35255ddf2704023da348112e4
SSDEEP

1536:r1Xfc+CSQMt0zke1jMnmKB7tSQQMfvPrDUALuVKll6FB0u4IzhN6cdw/96:e+Fvt0zke1omgxzfvPveKH6IuZzh7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Exploit.Win32.Nekto.aap-44c5a19431d1db95428286af5b3400c3fe10c58fd0b06d8a89e1734c650ce023

Files

Exploit.Win32.Nekto.aap-44c5a19431d1db95428286af5b3400c3fe10c58fd0b06d8a89e1734c650ce023
.exe windows x86

e31425b9e75ea19c429cd8e330ae5740

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFileInfoA
SHSetLocalizedName
SHBrowseForFolderW
SHGetDataFromIDListW
ExtractIconW
Shell_NotifyIconA
SHGetInstanceExplorer
FindExecutableA
ShellMessageBoxW
SHGetDesktopFolder
SHCreateDirectoryExW
ShellAboutA
ExtractIconExA
SHGetSpecialFolderPathA
SHGetFolderPathW
SHOpenFolderAndSelectItems
SHFileOperationA

uxtheme

OpenThemeData
IsAppThemed
GetWindowTheme
GetThemeSysSize
GetThemeInt
GetCurrentThemeName
IsThemeActive
CloseThemeData
DrawThemeEdge
GetThemeSysColor
DrawThemeBackground
GetThemeBool
SetWindowTheme

comsvcs

CoEnterServiceDomain
CoCreateActivity

odbctrac

TraceSQLConnect
TraceSQLBindCol

esent

JetBeginTransaction
JetCloseFile
JetCommitTransaction
JetCloseDatabase

crypt32

CertOpenSystemStoreA
CertControlStore
CertSetStoreProperty
CertAddStoreToCollection
CertDuplicateStore
CertGetStoreProperty
CryptUnprotectData
CryptSignMessage
CryptDecodeMessage
CryptMsgClose

shlwapi

UrlUnescapeA
UrlIsNoHistoryA
UrlEscapeA
UrlCreateFromPathA
PathIsRootA
PathCombineA
PathCommonPrefixA
UrlCanonicalizeW
UrlHashA
UrlCombineA
UrlIsA
UrlCompareA
UrlGetPartA

kernel32

HeapReAlloc
EnumResourceNamesA
GetFileAttributesA
GetProcAddress
WriteProfileStringW
GetDateFormatA
WaitForSingleObject
RemoveDirectoryA
CloseHandle
GetEnvironmentVariableA
GetBinaryTypeA
GetDiskFreeSpaceA
OpenJobObjectA
OpenEventW
OpenMutexA
GetModuleHandleA
GetSystemDirectoryA
DeleteFileW
GetStdHandle

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e31425b9e75ea19c429cd8e330ae5740

Headers

DLL Characteristics

File Characteristics

Imports

shell32

uxtheme

comsvcs

odbctrac

esent

crypt32

shlwapi

kernel32

Sections

.text Size: 98KB - Virtual size: 97KB

.data Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 688B

.text
Size: 98KB - Virtual size: 97KB

.data
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 688B