n[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

n.exe
Size

88KB
MD5

8f8b56a03ab72eb26d4b515176699ce9
SHA1

9a42c31c480bf62b813ea00a26f63d5d92c7d0ea
SHA256

585773958541b6ffe016a2d583ebcaddd6feea3557eee2ef62f64bb829cf9a82
SHA512

d6b04c2dee766b9e4e39ca747d757da525d785133d4a90e48604e64919e6473263eb829a5e1a54b0b7c7a8de5fa7e4d343a95a3a36fd98ecc3d424233e17e832
SSDEEP

1536:XHFuOWmK0PmQuw02VTZhRH7wdtKUJMpU02hlbw0npMmexQEK:3FuOFK0PmuxZhB7wdtZLk2pMmexQEK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
n.exe

Files

n.exe
.exe windows:4 windows x86

765c7504454b676a27570933141768d9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
_mbsnbicmp
wcschr
wcsncmp
_mbschr
_purecall
__p__fmode
__set_app_type
_controlfp
_except_handler3
_strlwr
_strnicmp
_memicmp
malloc
strrchr
_snprintf
free
_strcmpi
strchr
strtoul
??2@YAPAXI@Z
??3@YAXPAX@Z
_mbscmp
_mbsicmp
_itoa
strncat
sprintf
memcpy
memset
_CIlog

comctl32

ImageList_Create
ImageList_SetImageCount
CreateToolbarEx
ord6
ImageList_AddMasked
ord17
ImageList_ReplaceIcon

kernel32

ResumeThread
WriteProcessMemory
VirtualFreeEx
Process32Next
Process32First
VirtualAllocEx
WaitForSingleObject
CreateRemoteThread
EnumResourceTypesA
SizeofResource
LocalAlloc
GetStartupInfoA
GlobalUnlock
FreeLibrary
GetProcAddress
LoadLibraryA
WideCharToMultiByte
CloseHandle
FileTimeToLocalFileTime
CompareFileTime
FileTimeToSystemTime
GetTimeFormatA
FindResourceA
FindNextFileA
GetModuleHandleA
FindFirstFileA
LoadLibraryExA
GetLastError
GetFileAttributesA
FormatMessageA
LoadResource
GetTempFileNameA
GetWindowsDirectoryA
FindClose
GetDateFormatA
WriteFile
ReadFile
GetVersionExA
GetSystemDirectoryA
GetTempPathA
LockResource
GlobalAlloc
LocalFree
MultiByteToWideChar
GlobalLock
CreateFileA
GetFileSize
GetModuleFileNameA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
EnumResourceNamesA
DeleteFileA
GetCurrentProcessId
ExitProcess
GetCurrentProcess
ReadProcessMemory
OpenProcess
CreateToolhelp32Snapshot

user32

BeginDeferWindowPos
SetCursor
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
LoadCursorA
MessageBoxA
CreateWindowExA
PostQuitMessage
SetDlgItemInt
GetClientRect
SetDlgItemTextA
SendDlgItemMessageA
GetDlgItemTextA
GetWindowRect
SetWindowTextA
GetDlgItemInt
GetSystemMetrics
DeferWindowPos
EndDialog
GetDlgItem
PostMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
GetWindowPlacement
SendMessageA
RegisterClassA
UpdateWindow
LoadIconA
LoadImageA
GetWindowLongA
SetWindowLongA
SetFocus
GetMenuItemCount
GetMenuStringA
SetClipboardData
EnableWindow
MapWindowPoints
GetCursorPos
GetSysColor
GetClassNameA
CloseClipboard
OpenClipboard
GetMenu
MoveWindow
EmptyClipboard
GetSubMenu
GetDC
EnableMenuItem
ReleaseDC
CheckMenuItem
DialogBoxParamA
DestroyWindow
GetDlgCtrlID
DestroyMenu
EnumChildWindows
GetMenuItemInfoA
GetWindowTextA
LoadMenuA
GetParent
LoadStringA
CreateDialogParamA
ModifyMenuA
TranslateMessage
IsDialogMessageA
DispatchMessageA
GetMessageA
DrawTextExA
RegisterWindowMessageA
GetFocus
EndDeferWindowPos
TrackPopupMenu
InvalidateRect

gdi32

GetTextExtentPoint32A
SetBkColor
GetStockObject
SelectObject
GetDeviceCaps
SetTextColor
CreateFontIndirectA
SetBkMode
DeleteObject

comdlg32

FindTextA
GetSaveFileNameA

advapi32

RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RevertToSelf
ImpersonateLoggedOnUser
DuplicateTokenEx
RegDeleteValueA
OpenProcessToken

shell32

SHGetMalloc
SHBrowseForFolderA
ShellExecuteA
SHGetPathFromIDListA

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

765c7504454b676a27570933141768d9

Headers

File Characteristics

Imports

msvcrt

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 47KB

.rsrc Size: 17KB - Virtual size: 17KB

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 47KB

.rsrc
Size: 17KB - Virtual size: 17KB