326283-34frgegrgexe[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

326283-34frgegrgexe.exe
Size

307KB
MD5

a9a6d0f6e1266dafd869ce61daedf2a6
SHA1

caf22ef1d06ca587e3705bbebb4305accb51c100
SHA256

d511ea53f500da9e831ba3393914619555dbe05d2c5719a2f4c23742ca74c816
SHA512

85a6f8ac6ab8b832d5bb8e4804b749bd5e78736f9cdee9916085474b73107a2a015fd6aff72b2b551a120bb9a32038ecde8008007307637c0d5d003d53d2a104
SSDEEP

6144:L4I/z1O3VmuWC2qtvftovsNbNY7P8CatjPoO/c:5/RO3wuWCDFokNReZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
326283-34frgegrgexe.exe

Files

326283-34frgegrgexe.exe
.exe windows x86

d1c1cb151aead525fe0c61b5fb472992

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
HeapSize
VirtualAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetModuleHandleA
VirtualFree
FlushFileBuffers
ReadFile
LocalFree
FileTimeToLocalFileTime
FindNextFileW
CloseHandle
QueryPerformanceFrequency
HeapReAlloc
GetSystemInfo
SetConsoleWindowInfo
LocalAlloc
LoadLibraryA
GetProcAddress
GetLastError
GetStdHandle
ReleaseSemaphore
MultiByteToWideChar
FileTimeToSystemTime
GetConsoleWindow
HeapCreate
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetModuleFileNameA
InterlockedDecrement
CreateFileA
Sleep
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
OpenProcess
WriteFile
ExpandEnvironmentStringsA
GetProcessHeap
OpenSemaphoreA
SetConsoleScreenBufferSize
HeapFree
QueryPerformanceCounter
GetCurrentProcess
HeapAlloc
GetTickCount
TlsGetValue
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
ExitProcess
GetModuleHandleW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess

user32

SetCapture
ReleaseDC
GetWindowLongA
SetWindowLongA
RegisterClassA
DialogBoxParamA
LoadCursorA
SetMenuItemInfoA
DestroyMenu
LoadImageA
GetSystemMetrics
ReleaseCapture
IsWindow
EnumDesktopsA
GetSysColorBrush
GetMenuItemInfoA
SetWindowPos
GetDesktopWindow
EndDialog
EndPaint
SetWindowRgn
GetWindowRect
PostQuitMessage
SendDlgItemMessageA
GetWindowDC
GetDC
LoadIconA
wsprintfA
GetClientRect
BeginPaint
PtInRect
GetDlgItem

gdi32

GetDIBits
BitBlt
DeleteDC
CreateHalftonePalette
DeleteObject
SelectObject
GetPaletteEntries
CreateCompatibleDC
CreateRectRgnIndirect
CreateCompatibleBitmap

advapi32

SetEntriesInAclA
CryptEnumProviderTypesA
GetTokenInformation
AccessCheck
CopySid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AllocateAndInitializeSid
FreeSid
GetLengthSid

ole32

CoInitialize
CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

VariantInit
SysAllocStringLen

wininet

InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA

psapi

GetModuleBaseNameA
EnumProcessModules
GetModuleFileNameExA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

StrFormatByteSizeA

comctl32

ImageList_Destroy
ord17
ImageList_DragEnter
ImageList_DragLeave
ImageList_BeginDrag
ImageList_DragMove
ImageList_EndDrag
ImageList_ReplaceIcon
ImageList_Create
ImageList_Draw

pdh

PdhOpenQueryA
PdhOpenLogA
PdhCloseQuery
PdhCloseLog

rasapi32

RasValidateEntryNameA

rasdlg

RasDialDlgA

ntdsapi

DsReplicaGetInfoW

tapi32

lineGetLineDevStatus

comsvcs

CoCreateActivity

Sections

.text
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1c1cb151aead525fe0c61b5fb472992

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

wininet

psapi

version

shlwapi

comctl32

pdh

rasapi32

rasdlg

ntdsapi

tapi32

comsvcs

Sections

.text Size: 173KB - Virtual size: 173KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 4KB - Virtual size: 11KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 91KB - Virtual size: 91KB

.text
Size: 173KB - Virtual size: 173KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 4KB - Virtual size: 11KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 91KB - Virtual size: 91KB