9D35A2451909B6BE08A7EA84F91EBC89[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

9D35A2451909B6BE08A7EA84F91EBC89.exe
Size

292KB
MD5

9d35a2451909b6be08a7ea84f91ebc89
SHA1

391d0734a3ecc0caef61a5072ed9d9cb58b9d036
SHA256

8ffee263c3396988a98d96765417481341b340bea2b89143b1e28627aca4a96a
SHA512

343d061b642ad83b08dc47fb4221aeb123ab8d174de24d0dfa9c3f897459a111d686d45c32b2c2d1e9025b1dcc6e52b63b438fe644cae88bb9ae8fc0d7115b1f
SSDEEP

6144:hu367fjFYz8j46XaPQrScv7NqTOD4VQNAOwNT4:huKeutaPQuW4aNOT4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9D35A2451909B6BE08A7EA84F91EBC89.exe

Files

9D35A2451909B6BE08A7EA84F91EBC89.exe
.exe windows x86

48d0db812472e2d0910eff7a4afa8525

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapSize
MultiByteToWideChar
GetLastError
HeapReAlloc
CloseHandle
RaiseException
HeapAlloc
InitializeCriticalSectionEx
DeleteCriticalSection
GetProcessHeap
ReadConsoleW
SetStdHandle
FreeEnvironmentStringsW
DecodePointer
HeapFree
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileType
GetFileSizeEx
EnumSystemLocalesW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
WideCharToMultiByte
FormatMessageW
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
FreeLibrary
LoadLibraryExW
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
SetEnvironmentVariableW
RemoveDirectoryW
DeleteFileW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
IsValidLocale
GetUserDefaultLCID
WriteConsoleW

user32

MessageBoxW

advapi32

RegGetValueA

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocString

urlmon

URLOpenBlockingStreamW

Sections

.text
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

48d0db812472e2d0910eff7a4afa8525

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

urlmon

Sections

.text Size: 201KB - Virtual size: 200KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 4KB - Virtual size: 11KB

.gfids Size: 1KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 201KB - Virtual size: 200KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 4KB - Virtual size: 11KB

.gfids
Size: 1KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 11KB - Virtual size: 11KB