Malicious_a19723ebc64f2dba1502721b3a385b90211269eaa8c290f200fbb1d3def23bf9[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Malicious_a19723ebc64f2dba1502721b3a385b90211269eaa8c290f200fbb1d3def23bf9.exe
Size

7.9MB
MD5

118ba9e51183415d0e9b1772f0445456
SHA1

5bdecf3db4d4552b4e4ddd5fddcbd1345fce7851
SHA256

1de1ecf159ff6dd4ebee239fbed582eb9cd925f81745b7cd4b9195b982de7e51
SHA512

735382ed069b32f6e747d633fdb319311f6aed1f0ba51cbe404246eb88d625b338cb58c35d4af33cd8bc5358afde385f39e237550fa595125e9b8cca7470aab6
SSDEEP

196608:xNvnmgEfichZoZysRXy6d80a5JRMtheLIA0Rdkgf8:x1Efi2o75X+MtheLIA0Rdf8

Score

1^/10

Malware Config

Signatures

Files

Malicious_a19723ebc64f2dba1502721b3a385b90211269eaa8c290f200fbb1d3def23bf9.exe
.exe windows x64

398c536005cff23e01893524ba9554ff

Code Sign

cb:07:e7:10:24:d3:2c:fc:ce:84:1a:c6:e9:78:d4:1a:d6:58:4a:8b:fc:e2:2b:9c:02:f8:86:e7:c5:37:28:d6
Signer

Actual PE Digest

cb:07:e7:10:24:d3:2c:fc:ce:84:1a:c6:e9:78:d4:1a:d6:58:4a:8b:fc:e2:2b:9c:02:f8:86:e7:c5:37:28:d6

Digest Algorithm

sha256

PE Digest Matches

false

9e:89:5e:c3:cf:92:81:09:63:68:21:73:d2:92:a4:f6:79:8f:28:21
Signer

Actual PE Digest

9e:89:5e:c3:cf:92:81:09:63:68:21:73:d2:92:a4:f6:79:8f:28:21

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

rpcrt4

UuidToStringA
RpcStringFreeA

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

kernel32

lstrcmpiA
CreateMutexA
GetModuleFileNameA
GetModuleHandleW
LocalFree
SetEvent
GetCurrentProcess
WTSGetActiveConsoleSessionId
CreateToolhelp32Snapshot
Process32First
ProcessIdToSessionId
Process32Next
OpenProcess
OpenEventW
CreateThread
GetSystemPowerStatus
CreateDirectoryA
CreateFileA
SetFilePointer
WriteFile
DeleteFileA
ReadFile
CreateProcessA
GetSystemTimes
CreateEventW
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
VirtualAlloc
GetModuleFileNameW
GetProcessId
TerminateProcess
LoadLibraryW
CopyFileA
GetFileSize
ResetEvent
SetLastError
VirtualProtect
IsBadReadPtr
VirtualFree
GetNativeSystemInfo
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
DeleteCriticalSection
GetTempPathA
GetTempFileNameA
RtlVirtualUnwind
GetStdHandle
GetFileType
GetCurrentThreadId
FlushConsoleInputBuffer
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
FormatMessageW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
Sleep
GetTickCount
CloseHandle
WaitForSingleObject
GetLastError
FindResourceA
GetModuleHandleA
lstrlenA
FreeLibrary
GetProcAddress
LoadLibraryA
GetVolumeInformationW
MultiByteToWideChar
FindFirstVolumeW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetDriveTypeW
WriteConsoleW
DeleteFileW
RtlUnwindEx
RtlPcToFileHeader
GetFileAttributesExW
GetCurrentDirectoryW
SetEndOfFile
SetStdHandle
GetTimeZoneInformation
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
VerSetConditionMask
VerifyVersionInfoW
GetFullPathNameW
IsValidLocale
GetConsoleCP
ReadConsoleW
GetACP
GetCommandLineW
GetCommandLineA
SetFilePointerEx
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
GetModuleHandleExW
ExitProcess
GetTempPathW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
InitializeCriticalSection
LocalAlloc
GetSystemDirectoryW
GetFileAttributesW
CreateFileW
LoadLibraryExW
PeekNamedPipe

user32

GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW

advapi32

RegCreateKeyA
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CreateProcessAsUserA
DuplicateTokenEx
RegCreateKeyExA
RegDeleteKeyA
ConvertSidToStringSidA
GetTokenInformation
SetServiceObjectSecurity
QueryServiceObjectSecurity
ChangeServiceConfig2A
CloseServiceHandle
OpenServiceA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegOpenKeyA
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupAccountSidA
ConvertStringSidToSidA
GetSecurityDescriptorDacl
StartServiceCtrlDispatcherA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoCreateGuid

oleaut32

VariantClear
SysFreeString
SysAllocString

shlwapi

PathFileExistsA
StrToIntA
PathRemoveExtensionA
PathFindFileNameA
PathAppendA
PathRemoveFileSpecA
SHGetValueA
SHSetValueA

wtsapi32

WTSEnumerateSessionsA
WTSQueryUserToken

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 543KB - Virtual size: 542KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 145KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

398c536005cff23e01893524ba9554ff

Code Sign

cb:07:e7:10:24:d3:2c:fc:ce:84:1a:c6:e9:78:d4:1a:d6:58:4a:8b:fc:e2:2b:9c:02:f8:86:e7:c5:37:28:d6Signer

9e:89:5e:c3:cf:92:81:09:63:68:21:73:d2:92:a4:f6:79:8f:28:21Signer

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

setupapi

userenv

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wtsapi32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 543KB - Virtual size: 542KB

.data Size: 145KB - Virtual size: 168KB

.pdata Size: 66KB - Virtual size: 66KB

.gfids Size: 1024B - Virtual size: 768B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 5.9MB - Virtual size: 5.9MB

cb:07:e7:10:24:d3:2c:fc:ce:84:1a:c6:e9:78:d4:1a:d6:58:4a:8b:fc:e2:2b:9c:02:f8:86:e7:c5:37:28:d6
Signer

9e:89:5e:c3:cf:92:81:09:63:68:21:73:d2:92:a4:f6:79:8f:28:21
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 543KB - Virtual size: 542KB

.data
Size: 145KB - Virtual size: 168KB

.pdata
Size: 66KB - Virtual size: 66KB

.gfids
Size: 1024B - Virtual size: 768B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 5.9MB - Virtual size: 5.9MB