a542c1209886c9exeexeexeex[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

a542c1209886c9exeexeexeex.exe
Size

179KB
MD5

a542c1209886c9751a51f7266934f386
SHA1

dfa04160a21b061e1c28d57a3195d65dc94a8e76
SHA256

e63067986126c56eedd55b0bde4121d68b047c7919ecd23d96eae402b8dd4d70
SHA512

1dea9ef9b0e6be3c5a1a5080c9281581e888bf107efa30c4bca7b4562d317a78316faa75a5a21a1bc79be6876d99e3a3ac7a50ac8d3aa5a777a2c7391ab422a7
SSDEEP

3072:by2jabqv/3+5PdGhIcGgDXBpbsiK3QyxxzcdbgDHx5RKGfBHJviqaztj4R+R7:by8ab+/+5odGmBpbU3QKY8Hx5UetJKk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a542c1209886c9exeexeexeex.exe

Files

a542c1209886c9exeexeexeex.exe
.exe windows x86

1421bc626eff9500258f48dfb36dccf4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptBinaryToStringA
CryptStringToBinaryA
CryptDecodeObjectEx

shlwapi

StrStrIW
PathSkipRootW
StrCpyNW
StrStrA
StrCmpNA
PathMatchSpecW
StrPBrkA
StrSpnA
StrToInt64ExA
StrToIntA
PathCombineW
PathFindFileNameW
StrChrA
StrCmpNIA
PathFindFileNameA
StrChrW
StrCmpNIW
StrCmpNW

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

ws2_32

sendto
htons
closesocket
inet_ntoa
gethostbyname
inet_addr
htonl
socket
shutdown
WSAStartup

kernel32

RtlUnwind
lstrcmpiA
GetCommandLineW
CreateMutexW
SetErrorMode
GetCurrentProcess
ExitProcess
GetCurrentThread
WaitForMultipleObjects
TerminateProcess
GetModuleFileNameW
GetCurrentThreadId
SetThreadPriority
GetTempPathW
GetLastError
OutputDebugStringA
SetProcessShutdownParameters
IsBadStringPtrA
SetFilePointer
lstrlenA
LocalFree
UnmapViewOfFile
CreateFileMappingW
IsBadWritePtr
IsBadReadPtr
IsBadStringPtrW
lstrcpyA
PeekNamedPipe
SystemTimeToFileTime
MoveFileExW
SetFileTime
lstrlenW
CreateFileW
CreateProcessA
GetSystemDirectoryA
GetLocalTime
CreatePipe
GetTickCount
ReadFile
FileTimeToSystemTime
OpenEventW
GetFileAttributesW
GetProcAddress
FlushFileBuffers
GetModuleHandleW
TlsAlloc
MulDiv
CreateThread
lstrcpyW
FileTimeToLocalFileTime
DeleteCriticalSection
GetFileTime
GetFileSizeEx
CreateEventW
EnterCriticalSection
MapViewOfFile
SearchPathW
GetTempFileNameW
FindFirstFileW
GetNativeSystemInfo
GetDriveTypeW
GetLogicalDrives
VirtualFree
VirtualAlloc
FindClose
QueryDosDeviceW
GetTimeFormatW
lstrcatW
FindNextFileW
SetFileAttributesW
HeapReAlloc
HeapAlloc
HeapFree
HeapCreate
HeapValidate
SetLastError
GetProcessHeaps
HeapSetInformation
GetCurrentProcessId
CreateDirectoryW
GetComputerNameA
LeaveCriticalSection
Sleep
InitializeCriticalSection
WriteFile
MoveFileW
OutputDebugStringW
SetEvent
lstrcpynW
WaitForSingleObject
lstrcpynA
OpenProcess
SetFilePointerEx
MultiByteToWideChar
GetVersionExW
GetFileSize
WideCharToMultiByte
GetDateFormatW
GetHandleInformation
CloseHandle
CreateToolhelp32Snapshot
VirtualProtect
GetModuleHandleA
lstrcmpiW
Process32FirstW
Process32NextW
GetSystemInfo

user32

wsprintfW
GetForegroundWindow
DispatchMessageW
DefWindowProcW
RegisterClassExW
UnregisterClassW
RegisterClassW
CreateWindowExW
FillRect
DrawTextA
GetDC
SystemParametersInfoW
PeekMessageW
GetKeyboardLayoutList
GetSystemMetrics
CharLowerBuffA
TranslateMessage
wsprintfA
ReleaseDC

advapi32

CryptAcquireContextW
CryptGetKeyParam
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExW
CreateWellKnownSid
CheckTokenMembership
DuplicateToken
CryptGenRandom
CryptReleaseContext
AdjustTokenPrivileges
FreeSid
AllocateAndInitializeSid
LookupPrivilegeValueW
GetTokenInformation
RegOpenKeyW
OpenProcessToken
RegOpenKeyExW
RegCloseKey
CryptDestroyKey

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize
CoInitialize

shell32

SHChangeNotify
CommandLineToArgvW
SHGetFolderPathW
ShellExecuteExW
ShellExecuteW

gdi32

SetTextColor
DeleteDC
GetDeviceCaps
GetDIBits
SetBkColor
SetPixel
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontW
GetObjectW
GetStockObject

ntdll

memcpy
isspace
RtlDosPathNameToNtPathName_U
NtDeleteFile
RtlFreeUnicodeString
tolower
memmove
ZwOpenProcess
_allmul
_alldiv
ZwQuerySystemInformation
memset
_aulldvrm
NtQueryVirtualMemory

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 105KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1421bc626eff9500258f48dfb36dccf4

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

shlwapi

mpr

ws2_32

kernel32

user32

advapi32

ole32

shell32

gdi32

ntdll

version

Sections

.text Size: 61KB - Virtual size: 60KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 105KB - Virtual size: 108KB

.CRT Size: 512B - Virtual size: 12B

.text
Size: 61KB - Virtual size: 60KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 105KB - Virtual size: 108KB

.CRT
Size: 512B - Virtual size: 12B