distributive095[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

distributive095.exe
Size

6.8MB
MD5

5a2548ee26c5b3613a8096befe770a0f
SHA1

04c62c2fe5fb17af23f7e70e401999213f8d7c0d
SHA256

be23d93128af34f8a0c84faeb605c524906d7d0f1f88ee3c3e50e2419819042b
SHA512

bdfa32197e5319be3c567c404f874689b7d55766aadf18d3ce3b77fc4bc9a97c0eaf3fc46723ef00b5cae4fbe3c73688d23c2bd2dc198f0ef364a38ae8ed9d27
SSDEEP

196608:sWtV7YeiolI0wtfX+wZIX2frbwMXmbwnsbMi3oqLNkE:r7YtolIl5XmskQmEns4i3nLNkE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
distributive095.exe

Files

distributive095.exe
.exe windows x86

ce1caa42157340f3d78c9dc597bc1009

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SetLastError
WaitForSingleObject
CreateEventA
HeapAlloc
HeapFree
GetProcessHeap
GetNativeSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
Beep
GetModuleHandleA
GetProcAddress
IsBadReadPtr
WriteConsoleW
CreateFileW
HeapSize
SetStdHandle
FreeLibrary
LoadLibraryA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
ReadFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
QueryPerformanceFrequency
Sleep
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
InitializeCriticalSectionEx
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
CompareStringEx
GetCPInfo
GetStringTypeW
RaiseException
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
WriteFile
LCMapStringW
SetEndOfFile
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
IsProcessorFeaturePresent
DecodePointer
GetCommandLineA
RaiseException
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringW
GetStringTypeW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

LoadIconA
LoadCursorA
CreateWindowExA
DefWindowProcA
RegisterClassA
CharUpperBuffW

gdi32

CreateSolidBrush

shell32

ShellExecuteA

ws2_32

setsockopt
send
select
recv
ntohs
socket
getsockname
getpeername
ioctlsocket
connect
closesocket
__WSAFDIsSet
WSAStartup
WSACleanup
shutdown
WSAGetLastError
WSASocketW
getaddrinfo
getnameinfo
freeaddrinfo
getsockopt

Sections

.text
Size: - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.IeQ
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.f'x
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.~kF
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 517KB - Virtual size: 517KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce1caa42157340f3d78c9dc597bc1009

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ws2_32

Sections

.text Size: - Virtual size: 361KB

.rdata Size: - Virtual size: 87KB

.data Size: 13KB - Virtual size: 17KB

.IeQ Size: - Virtual size: 3.3MB

.f'x Size: 1KB - Virtual size: 1KB

.~kF Size: 6.3MB - Virtual size: 6.3MB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 517KB - Virtual size: 517KB

.text
Size: - Virtual size: 361KB

.rdata
Size: - Virtual size: 87KB

.data
Size: 13KB - Virtual size: 17KB

.IeQ
Size: - Virtual size: 3.3MB

.f'x
Size: 1KB - Virtual size: 1KB

.~kF
Size: 6.3MB - Virtual size: 6.3MB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 517KB - Virtual size: 517KB