935ae3e305133eexeexeexeex[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

935ae3e305133eexeexeexeex.exe
Size

1.7MB
MD5

935ae3e305133e23e65d8aa88f577832
SHA1

d053a597e37ff83ce7cc92e0d338fcfd6c0ffa7f
SHA256

3345b1fd0b574ae7f611699efdc25f06fc9d534f1938bc1bfa2443acd2de4d25
SHA512

5d3e17502f1ef55eab6cc972cfbc697b1f3ee97073a45901ceee0da3c1001e18580102efa93952fcfdadf779305876d23efd718b9a193ecb8774ae8d2c669502
SSDEEP

24576:M5lnTXtv8dotUtsqjnhMgeiCl7G0nehbGZpbD:MXRv8StoDmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
935ae3e305133eexeexeexeex.exe

Files

935ae3e305133eexeexeexeex.exe
.exe windows x86

6400d462f148b269fef2bb4aae32d8a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindExtensionW
PathRemoveFileSpecW
PathFindFileNameW
PathIsFileSpecW

psapi

GetModuleFileNameExW
EnumProcesses
EnumProcessModules
GetModuleBaseNameW

kernel32

SearchPathW
FormatMessageW
LocalFree
CreateMutexW
WaitForSingleObject
CreateFileMappingW
MapViewOfFile
ReleaseMutex
UnmapViewOfFile
LoadLibraryW
GetProcAddress
FreeLibrary
QueryPerformanceFrequency
GetLocaleInfoW
GetUserDefaultUILanguage
CreateDirectoryW
GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
GetEnvironmentVariableW
GetPrivateProfileStringW
GetPrivateProfileStringA
WritePrivateProfileStringW
WritePrivateProfileStringA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
HeapSetInformation
GetStartupInfoW
HeapFree
GetSystemTimeAsFileTime
GetTimeFormatW
GetDateFormatW
RaiseException
RtlUnwind
HeapAlloc
LCMapStringW
GetCPInfo
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
GetModuleHandleW
ExitProcess
IsProcessorFeaturePresent
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
HeapCreate
GetTimeZoneInformation
GetACP
GetOEMCP
IsValidCodePage
GetLongPathNameW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
WriteConsoleW
SetStdHandle
CompareStringW
SetEnvironmentVariableA
GetTempFileNameW
GetCommandLineW
GetFileAttributesExW
OpenProcess
GetCurrentThreadId
GetLastError
OutputDebugStringW
CloseHandle
SetLastError
QueryPerformanceCounter
GetModuleFileNameW
WriteFile
SetFilePointer
Sleep
CreateFileW
GetTickCount
ExpandEnvironmentStringsW
ExitThread
VerifyVersionInfoW
SetFileAttributesW
CopyFileW
MoveFileExW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
GetCurrentProcessId
InitializeCriticalSection
GetVersionExW
CreateProcessW
GetTempPathW
GetDiskFreeSpaceExW
CreateThread
GetExitCodeThread
GetExitCodeProcess
TerminateThread
CreateEventW
OpenEventW
ResetEvent
SetEvent
GetLocalTime
GetSystemTime
OpenMutexW
GetShortPathNameW
GetFileSizeEx
PeekNamedPipe
TryEnterCriticalSection
WaitForMultipleObjects
CreatePipe
GlobalMemoryStatusEx
OpenFileMappingW
FlushViewOfFile
GetSystemDefaultLCID
GetSystemDefaultUILanguage
DeleteFileW
GetComputerNameExW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetUserDefaultLangID
LocalAlloc
GlobalAlloc
ProcessIdToSessionId
GlobalLock
GlobalUnlock
GlobalFree
FindResourceW
FindResourceExW
LoadResource
LockResource
SizeofResource
GetFileTime
DeviceIoControl
GetSystemDirectoryW

user32

DestroyIcon
RegisterWindowMessageW
SetTimer
GetMessageW
SendMessageCallbackW
GetKeyState
CloseDesktop
OpenDesktopW
LoadIconW
GetThreadDesktop
SetProcessWindowStation
GetProcessWindowStation
CloseWindowStation
OpenWindowStationW
GetAsyncKeyState
WaitForInputIdle
MsgWaitForMultipleObjectsEx
GetSystemMetrics
SystemParametersInfoW
MsgWaitForMultipleObjects
PeekMessageW
AllowSetForegroundWindow
SetThreadDesktop
ExitWindowsEx

advapi32

RegCreateKeyExW
CheckTokenMembership
OpenSCManagerW
OpenServiceW
GetUserNameW
CloseServiceHandle
QueryServiceStatus
StartServiceW
ControlService
QueryServiceConfigW
ChangeServiceConfigW
CreateProcessAsUserW
AllocateAndInitializeSid
FreeSid
OpenEventLogW
CloseEventLog
BackupEventLogW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
RegDeleteKeyW
RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
OpenProcessToken

shell32

CommandLineToArgvW
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW
SHGetFolderPathW
ExtractIconW

ole32

CoUninitialize
CoCreateInstance
CLSIDFromString
CoInitialize

oleaut32

SysFreeString
SysAllocString

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

secur32

GetUserNameExW

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6400d462f148b269fef2bb4aae32d8a7

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

psapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

version

secur32

Sections

.text Size: 152KB - Virtual size: 151KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 1.5MB - Virtual size: 1.5MB

.text
Size: 152KB - Virtual size: 151KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 1.5MB - Virtual size: 1.5MB