293a2adf60a94437cc0f92545b7caabdaed0a63007b51e2b3d449cdb1e00f5a8[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

293a2adf60a94437cc0f92545b7caabdaed0a63007b51e2b3d449cdb1e00f5a8.exe
Size

4.2MB
MD5

db0923875dc614be6c88fe00882b996e
SHA1

06f00d6ead7761bc0e15baf7502f1dec877a1dd2
SHA256

293a2adf60a94437cc0f92545b7caabdaed0a63007b51e2b3d449cdb1e00f5a8
SHA512

bcbccd63d9edc458ad426b9410a7b4afd24b17796a9c49bbe26501e33573bbee56490f4b4a113cd8ebee35e44db99bdcd9beb0570bfde562f044d923e6e9c261
SSDEEP

49152:UyX562Rb3ZQ9XQroc0zR5b/TIt8rvDI8CBhSRhYHOWoxGkhZMIGE/FYqNtGyV8J/:ZbR9cXQryezzhXj2ZEE/FYqNtGA86gOs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
293a2adf60a94437cc0f92545b7caabdaed0a63007b51e2b3d449cdb1e00f5a8.exe

Files

293a2adf60a94437cc0f92545b7caabdaed0a63007b51e2b3d449cdb1e00f5a8.exe
.exe windows x86

f28901ec47acb7e7c5bffc87a5118844

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathW

kernel32

ReadConsoleInputA
GetSystemTime
SystemTimeToFileTime
FlushConsoleInputBuffer
GlobalMemoryStatus
VirtualFree
SetConsoleMode
VirtualAlloc
LoadLibraryA
GetProcAddress
IsBadStringPtrW
FreeLibrary
ReleaseMutex
CreateMutexA
GetLastError
SetUnhandledExceptionFilter
AllocConsole
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleScreenBufferSize
GetTickCount
GetCurrentProcess
TerminateProcess
ExitProcess
CreateProcessW
OpenProcess
LocalFree
LocalAlloc
GetModuleHandleA
ResumeThread
AssignProcessToJobObject
SetInformationJobObject
CreateIoCompletionPort
CreateJobObjectA
Process32Next
Process32First
CreateToolhelp32Snapshot
Sleep
GetModuleFileNameA
GetModuleFileNameW
SetEnvironmentVariableA
GetEnvironmentVariableA
WriteFile
CreateFileW
OpenMutexA
SetFilePointer
GetCurrentThreadId
GetNativeSystemInfo
GetVersion
SetEvent
ReleaseSemaphore
LeaveCriticalSection
EnterCriticalSection
CreateSemaphoreA
InitializeCriticalSection
DeleteCriticalSection
CreateEventA
GetDiskFreeSpaceExA
GetQueuedCompletionStatus
GetExitCodeProcess
TerminateThread
CreateThread
GetComputerNameA
GetVolumeInformationA
GetWindowsDirectoryA
WideCharToMultiByte
UnlockFileEx
GetTempPathW
GetShortPathNameW
GetCurrentThread
GetLongPathNameW
GetCurrentDirectoryW
LockFileEx
CreateDirectoryW
GetExitCodeThread
GetSystemTimeAsFileTime
InterlockedIncrement
InterlockedDecrement
GetDriveTypeA
EncodePointer
DecodePointer
MultiByteToWideChar
RaiseException
RtlUnwind
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetModuleHandleW
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapAlloc
HeapFree
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
FindClose
GetDriveTypeW
FindFirstFileExW
SetFileAttributesW
GetFileAttributesW
MoveFileW
RemoveDirectoryW
DeleteFileW
SetEndOfFile
GetProcessHeap
HeapReAlloc
FindFirstFileExA
FindNextFileW
LCMapStringW
GetCPInfo
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
SetHandleCount
HeapSize
SetConsoleCtrlHandler
LoadLibraryW
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetTimeZoneInformation
ReadFile
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetFullPathNameW
CreateFileA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
GetFullPathNameA
CompareStringW
WaitForSingleObject
CloseHandle
VerSetConditionMask
VerifyVersionInfoW
FlushFileBuffers
InterlockedExchange

crypt32

CryptQueryObject
CertFreeCertificateContext
CertCloseStore
CertGetNameStringA
CryptMsgGetParam
CertFindCertificateInStore
CryptMsgClose

wsock32

ntohs
getsockname
__WSAFDIsSet
accept
shutdown
select
WSACleanup
WSAStartup
send
WSASetLastError
WSAGetLastError
connect
recv
socket
bind
closesocket
listen
htonl
setsockopt
htons
getservbyname
getsockopt
gethostbyname
inet_ntoa

advapi32

RevertToSelf
OpenProcessToken
GetTokenInformation
CreateProcessAsUserW
AllocateAndInitializeSid
OpenThreadToken
SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetFileSecurityW
FreeSid
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegOpenCurrentUser
RegCreateKeyExW
SetServiceStatus
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
StartServiceA
RegCloseKey
CreateServiceA
ChangeServiceConfig2A
StartServiceCtrlDispatcherA
DeleteService
RegisterServiceCtrlHandlerA
ControlService
QueryServiceStatusEx

user32

EnumWindows
GetForegroundWindow
IsWindowVisible
GetWindowThreadProcessId
IsWindow
GetKeyboardState
keybd_event
SetWindowPos
SetForegroundWindow
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
GetWindowTextA

netapi32

Netbios

ws2_32

getaddrinfo
freeaddrinfo

wintrust

WinVerifyTrust

wininet

InternetCrackUrlA
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 319KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f28901ec47acb7e7c5bffc87a5118844

Headers

DLL Characteristics

File Characteristics

Imports

shell32

kernel32

crypt32

wsock32

advapi32

user32

netapi32

ws2_32

wintrust

wininet

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 319KB - Virtual size: 318KB

.data Size: 27KB - Virtual size: 49KB

.rsrc Size: 76KB - Virtual size: 76KB

.reloc Size: 90KB - Virtual size: 90KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 319KB - Virtual size: 318KB

.data
Size: 27KB - Virtual size: 49KB

.rsrc
Size: 76KB - Virtual size: 76KB

.reloc
Size: 90KB - Virtual size: 90KB