2c3fb397546974exeexeexeex[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2c3fb397546974exeexeexeex.exe
Size

1.4MB
MD5

2c3fb3975469743468656746e1802cb8
SHA1

b8bce6296ab88dc7070554faf0389b6460db6211
SHA256

a4e66b7601373b0a51f354e19dd5a636558c38d21036c6f35d657b0af40ad917
SHA512

3effcef3be9f34896205685ff2e84c4253b530e992c458ee7ec3857b5c35741c557a1d9011648acfe1087d63ac13c9480b64b1e2ed6101b54dbc315345144327
SSDEEP

24576:n6HV4nptbfxtwFnrBx34j+oEcarFeEsXyt5420inRduli9lmwMzRmlbBW8sRPEbN:n6HSptzUbx3ajPkL0URduliOwMzoFBUS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c3fb397546974exeexeexeex.exe

Files

2c3fb397546974exeexeexeex.exe
.exe windows x86

fbdaecdd3bbdbaa2697e5dd18c4672aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceExW
UnmapViewOfFile
CloseHandle
WaitForSingleObject
CancelIo
GetOverlappedResult
GetFileSize
OpenMutexW
OpenFileMappingW
ReleaseMutex
CreateMutexW
MapViewOfFile
GetLastError
CreateFileMappingW
LoadLibraryW
GetSystemDefaultLangID
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
Sleep
FreeResource
SetLastError
QueryPerformanceCounter
ExpandEnvironmentStringsW
GetCurrentProcessId
MultiByteToWideChar
GetTickCount
CreateFileW
SetFilePointer
WriteFile
OutputDebugStringW
GetCurrentThreadId
OpenProcess
GetFileAttributesExW
GetCommandLineW
GetTempFileNameW
GetLongPathNameW
SearchPathW
FormatMessageW
LocalFree
GetProcAddress
FreeLibrary
QueryPerformanceFrequency
GetVersionExW
CreateProcessW
GetTempPathW
GetDiskFreeSpaceExW
CreateThread
GetExitCodeThread
GetExitCodeProcess
GetCurrentProcess
TerminateThread
CreateEventW
OpenEventW
ResetEvent
SetEvent
GetLocalTime
GetSystemTime
GetFileAttributesW
CreateDirectoryW
GetShortPathNameW
GetFileSizeEx
PeekNamedPipe
LockResource
TryEnterCriticalSection
WaitForMultipleObjects
CreatePipe
GetStartupInfoW
GlobalMemoryStatusEx
FlushViewOfFile
GetSystemDefaultLCID
GetSystemDefaultUILanguage
GetUserDefaultLCID
GetLocaleInfoW
FindFirstFileW
FindNextFileW
FindClose
DeleteFileW
WideCharToMultiByte
GetComputerNameExW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetUserDefaultLangID
LocalAlloc
GlobalAlloc
ProcessIdToSessionId
GlobalLock
GlobalUnlock
GlobalFree
GetFileTime
DeviceIoControl
GetSystemDirectoryW
MoveFileExW
CopyFileW
SetFileAttributesW
GetFullPathNameW
RemoveDirectoryW
GetUserDefaultUILanguage
GetPrivateProfileStringW
GetPrivateProfileStringA
WritePrivateProfileStringW
WritePrivateProfileStringA
CreateSemaphoreW
ReleaseSemaphore
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
HeapAlloc
GetProcessHeap
HeapFree
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
HeapSetInformation
GetSystemTimeAsFileTime
GetTimeFormatW
GetDateFormatW
ExitThread
RtlUnwind
LCMapStringW
GetCPInfo
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
IsProcessorFeaturePresent
GetModuleHandleW
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
HeapCreate
GetConsoleCP
GetConsoleMode
ReadFile
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeZoneInformation
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetStdHandle
SetEndOfFile
CompareStringW
SetEnvironmentVariableA
SizeofResource
LoadResource
GetEnvironmentVariableW
FindResourceW

user32

GetMessageW
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
GetAsyncKeyState
WaitForInputIdle
MsgWaitForMultipleObjectsEx
GetLastActivePopup
IsWindowVisible
ShowWindow
SetForegroundWindow
SetTimer
SendMessageCallbackW
GetKeyState
DestroyIcon
LoadIconW
SystemParametersInfoW
GetSystemMetrics
AllowSetForegroundWindow
ExitWindowsEx
CloseDesktop
OpenDesktopW
SetThreadDesktop
RegisterWindowMessageW
GetThreadDesktop
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
CloseWindowStation

oleaut32

GetErrorInfo
SafeArrayLock
SafeArrayCreate
SafeArrayRedim
SafeArrayUnlock
SafeArrayDestroy
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCopy
SafeArrayGetVartype
DispCallFunc
VariantInit
SysStringLen
VariantCopy
SysAllocString
VariantClear
SysFreeString

shlwapi

PathIsFileSpecW
PathRemoveFileSpecW
PathFindFileNameW
PathFindExtensionW

ws2_32

WSAStartup
recv
accept
listen
bind
WSADuplicateSocketW
WSACloseEvent
closesocket
shutdown
WSAEnumNetworkEvents
WSAConnect
WSAEventSelect
WSACreateEvent
setsockopt
WSASocketW
WSACleanup
WSAStringToAddressW
WSAResetEvent
htons
WSAGetLastError
WSAAddressToStringW
freeaddrinfo
getaddrinfo
send

psapi

EnumProcesses
GetModuleFileNameExW
EnumProcessModules
GetModuleBaseNameW

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
GetUserNameW
RegCreateKeyExW
RegQueryValueExW
OpenProcessToken
CheckTokenMembership
RegDeleteKeyW
RegSetValueExW
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
CryptDestroyHash
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptReleaseContext

shell32

CommandLineToArgvW
ExtractIconW
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
SHGetFolderPathW

ole32

OleInitialize
CoInitializeEx
CoCreateGuid
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CLSIDFromString
CoCreateInstance
OleUninitialize
CoInitializeSecurity
PropVariantClear
OleRun
CLSIDFromProgID

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiSetClassInstallParamsW
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInfoW
CM_Set_DevNode_Registry_PropertyW
CM_Get_DevNode_Registry_PropertyW
CMP_WaitNoPendingInstallEvents
SetupCloseInfFile
SetupGetLineTextW
SetupFindFirstLineW
SetupOpenInfFileW
SetupDiCreateDeviceInfoW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
CM_Disable_DevNode
SetupDiGetDriverInfoDetailW
SetupDiGetSelectedDriverW
SetupDiRemoveDevice
SetupDiDestroyDriverInfoList
SetupDiBuildDriverInfoList
SetupDiOpenDevRegKey
SetupDiCreateDevRegKeyW
SetupDiOpenClassRegKey
SetupDiCallClassInstaller
SetupDiSetDeviceInstallParamsW
CM_Locate_DevNodeW
CM_Get_DevNode_Status
CM_Get_Device_IDW
SetupDiGetDeviceInstallParamsW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

crypt32

CryptUnprotectData
CertOpenStore
CertAddEncodedCertificateToStore
CertDeleteCertificateFromStore
CertCloseStore

secur32

GetUserNameExW

winspool.drv

FindFirstPrinterChangeNotification
FindClosePrinterChangeNotification
EndPagePrinter
WritePrinter
DocumentPropertiesW
EndDocPrinter
FindNextPrinterChangeNotification
StartPagePrinter
StartDocPrinterW
EnumPortsW
EnumMonitorsW
DeleteMonitorW
OpenPrinterW
ClosePrinter
AddPrinterW
DeletePrinter
EnumPrintersW
GetPrinterDataExW
SetPrinterDataExW
AddPrinterDriverW
GetPrinterDriverW
XcvDataW
GetPrinterW
DeletePrinterDriverExW
GetPrinterDriverDirectoryW
EnumPrinterDriversW
SetPrinterW
SetJobW
GetJobW
EnumJobsW
ord204
ord203
AddMonitorW

iphlpapi

IpRenewAddress
IpReleaseAddress
GetInterfaceInfo
AddIPAddress
GetAdaptersAddresses
GetAdaptersInfo
DeleteIPAddress
IcmpCreateFile
IcmpSendEcho
IcmpCloseHandle
NotifyAddrChange
GetIfEntry

Sections

.text
Size: 562KB - Virtual size: 562KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 616KB - Virtual size: 620KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fbdaecdd3bbdbaa2697e5dd18c4672aa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

oleaut32

shlwapi

ws2_32

psapi

advapi32

shell32

ole32

setupapi

version

crypt32

secur32

winspool.drv

iphlpapi

Sections

.text Size: 562KB - Virtual size: 562KB

.rdata Size: 199KB - Virtual size: 198KB

.data Size: 16KB - Virtual size: 37KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 616KB - Virtual size: 620KB

.text
Size: 562KB - Virtual size: 562KB

.rdata
Size: 199KB - Virtual size: 198KB

.data
Size: 16KB - Virtual size: 37KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 616KB - Virtual size: 620KB