1e567e801406427827e509bf37646d52[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

1e567e801406427827e509bf37646d52.exe
Size

424KB
MD5

1e567e801406427827e509bf37646d52
SHA1

726221e2a319c2e6ce28117519239740d79dc04f
SHA256

6c74e50ceaa637126b99063629235109343c9d26a47b5600b8ab0d89d7718b8e
SHA512

ce2e4d5aa6dbe95a4f7729c5467cb6a639542e057c29aa7a0b28dc932d1076d52519739fe16097e69af195f2871b247aa226b6014c53ca633ea18f64483911ca
SSDEEP

12288:+isrem3UQJ50J8HCpiz71c2E1GvGc62e:+isrDo8iM15Gca

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1e567e801406427827e509bf37646d52.exe

Files

1e567e801406427827e509bf37646d52.exe
.exe windows:5 windows x86 arch:x86

4efe32be66a497a3e88c810e40cbd989

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

ungetc
_isatty
_write
_lseeki64
_fileno
_read
__pioinfo
__badioinfo
wcstombs
iswctype
ferror
wctomb
_itoa
_snprintf
_iob
localeconv
isleadbyte
__mb_cur_max
mbtowc
isxdigit
isdigit
calloc
_onexit
_lock
__dllonexit
_unlock
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
memmove
wcschr
fopen
srand
fprintf
atof
wcstod
iswspace
towlower
_vsnwprintf
wcsncpy
isalnum
wcspbrk
wcsstr
iswalpha
wcsspn
_wtol
_CIlog10
swscanf
wcsrchr
_wfopen
fclose
fwrite
_strnicmp
_CIpow
_ftol
_CIsqrt
ceil
floor
_vsnprintf
_wtoi
_CxxThrowException
time
??1type_info@@UAE@XZ
__CxxFrameHandler
printf
perror
rand
_wcsnicmp
_itow
_wcsicmp
??_U@YAPAXI@Z
_CIcos
??_V@YAXPAX@Z
memcpy
??2@YAPAXI@Z
realloc
??3@YAXPAX@Z
free
malloc
memset
_wcslwr
_errno
_CIsin

rpcrt4

NdrDllUnregisterProxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
NdrStubForwardingFunction
NdrStubCall2
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate

kernel32

GetTempFileNameW
CreateDirectoryW
WideCharToMultiByte
GetFileSize
WriteFile
GetTempPathW
GetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
GetLocaleInfoW
MulDiv
LockResource
GetSystemTime
FormatMessageW
CompareStringW
lstrcmpW
GlobalAlloc
GlobalUnlock
GetCurrentThread
GetThreadPriority
LocalAlloc
GetUserDefaultLCID
OutputDebugStringW
ReleaseMutex
CreateMutexW
GetVersionExW
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
MultiByteToWideChar
lstrlenW
lstrcpyW
GetLastError
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
SetEvent
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
HeapFree
GetProcessHeap
CreateEventW
RaiseException
lstrcpynW
GlobalLock
FreeLibrary
GetProcAddress
LoadLibraryW
DisableThreadLibraryCalls
DeleteFileW
lstrlenA
lstrcatW
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
WaitForSingleObject
CloseHandle
CreateThread
WaitForSingleObjectEx
SetThreadPriority
ResetEvent
ReadFile
GetFileType
CreateFileW
ResumeThread
Sleep
GetFileSizeEx
WaitForMultipleObjects
SetFileAttributesW
CopyFileExW
MoveFileExW
LocalFree
ReleaseSemaphore
CreateSemaphoreW
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
SetLastError
TerminateThread
HeapAlloc
LoadLibraryA
VirtualFree
InterlockedExchange
InterlockedCompareExchange
OutputDebugStringA
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersion
GetModuleHandleA
GetModuleHandleW
GetVersionExA
DeviceIoControl
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetDiskFreeSpaceA
GlobalMemoryStatus
GetLocalTime
GlobalHandle
GlobalFree
FreeResource
SignalObjectAndWait
InterlockedExchangeAdd
GetProcessAffinityMask
SetThreadAffinityMask
GetModuleFileNameW

user32

wsprintfW
RegisterClassExW
KillTimer
SetTimer
DestroyWindow
GetMessageW
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageW
PeekMessageW
PostThreadMessageW
PostMessageW
WinHelpW
CharPrevW
SetWindowLongW
LoadCursorW
IsDialogMessageW
MoveWindow
ShowWindow
DestroyIcon
CharNextW
GetWindowLongW
CallWindowProcW
DefWindowProcW
CreateWindowExW
SendDlgItemMessageW
CreateAcceleratorTableW
GetClassInfoExW
GetDesktopWindow
IsRectEmpty
SetRect
LoadStringW
GetWindowTextW
GetWindowTextLengthW
GetDlgItem
FillRect
EndPaint
GetFocus
SetFocus
ReleaseCapture
GetClassNameW
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
GetSysColor
DialogBoxIndirectParamW
GetWindow
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
GetParent
GetSystemMetrics
DialogBoxParamW
LoadImageW
EnableWindow
IsWindowEnabled
GetWindowRect
SetWindowTextW
EndDialog
GetActiveWindow
CreateDialogParamW
GetDC
GetDialogBaseUnits
ReleaseDC
SetDlgItemTextW
GetDlgItemTextW
SendMessageW
MessageBoxW
RegisterWindowMessageW
IsWindow
BeginPaint

advapi32

RegQueryInfoKeyW
RegQueryValueW
RegCreateKeyExW
RegSetValueW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegEnumValueW
RegEnumKeyExW
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryValueExW
RegOpenKeyExA
RegEnumKeyW
RegOpenKeyExW
RegOpenKeyW

ole32

StgOpenStorage
CoGetTreatAsClass
OleLockRunning
OleUninitialize
OleInitialize
CoInitialize
CoUnmarshalInterface
CreateStreamOnHGlobal
CoMarshalInterface
CoReleaseMarshalData
IIDFromString
CoCreateGuid
HWND_UserSize
HWND_UserMarshal
HWND_UserUnmarshal
HWND_UserFree
CLSIDFromProgID
CLSIDFromString
StringFromCLSID
CoInitializeEx
CoUninitialize
CoCreateFreeThreadedMarshaler
CoCreateInstance
ProgIDFromCLSID
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
StgCreateDocfile

oleaut32

VariantInit
LoadRegTypeLi
VarUI4FromStr
VariantChangeType
RegisterTypeLi
LoadTypeLi
CreateErrorInfo
SetErrorInfo
SysAllocStringLen
SysStringLen
VariantCopy
VariantClear
SysFreeString
SysAllocString
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
VARIANT_UserFree
VARIANT_UserUnmarshal
VARIANT_UserMarshal
VARIANT_UserSize
SysAllocStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayDestroy
SysStringByteLen
SafeArrayPutElement
SafeArrayCreate
GetErrorInfo
OleCreateFontIndirect
OleCreatePropertyFrame
DispCallFunc

winmm

GetDriverModuleHandle
CloseDriver
mixerGetNumDevs
timeGetTime
waveInGetNumDevs
waveInGetDevCapsA
mixerGetID
mixerSetControlDetails
mixerGetDevCapsW
mixerOpen
mixerGetLineInfoW
mixerGetLineControlsW
mixerClose
mixerGetControlDetailsW
OpenDriver

shlwapi

wnsprintfW

crypt32

CryptUnprotectData
CryptProtectData

msdmo

MoDeleteMediaType
MoCreateMediaType
MoInitMediaType
MoCopyMediaType
DMOEnum
MoDuplicateMediaType
MoFreeMediaType

avifil32

AVIStreamRelease
AVIFileRelease
AVIStreamInfoW
AVIStreamReadFormat
AVIFileGetStream
AVIStreamRead
AVIStreamTimeToSample
AVIStreamLength
AVIStreamStart
AVIStreamSampleToTime
AVIFileExit
AVIFileOpenW
AVIFileInit

gdi32

GetSystemPaletteEntries
GetStockObject
GetObjectW
CreateSolidBrush
DeleteObject
GetTextExtentPointW
GetTextMetricsW
SelectObject
CreateFontIndirectW
GetDeviceCaps
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 274B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vdata
Size: 512B - Virtual size: 75B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kpack
Size: 512B - Virtual size: 39B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mpack
Size: 512B - Virtual size: 33B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4efe32be66a497a3e88c810e40cbd989

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

rpcrt4

kernel32

user32

advapi32

ole32

oleaut32

winmm

shlwapi

crypt32

msdmo

avifil32

gdi32

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 106KB - Virtual size: 106KB

.data Size: 95KB - Virtual size: 95KB

.xdata Size: 95KB - Virtual size: 95KB

.tls Size: 95KB - Virtual size: 95KB

.pdata Size: 512B - Virtual size: 274B

.vdata Size: 512B - Virtual size: 75B

.kpack Size: 512B - Virtual size: 39B

.mpack Size: 512B - Virtual size: 33B

.CRT Size: 512B - Virtual size: 12B

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 512B - Virtual size: 470B

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 106KB - Virtual size: 106KB

.data
Size: 95KB - Virtual size: 95KB

.xdata
Size: 95KB - Virtual size: 95KB

.tls
Size: 95KB - Virtual size: 95KB

.pdata
Size: 512B - Virtual size: 274B

.vdata
Size: 512B - Virtual size: 75B

.kpack
Size: 512B - Virtual size: 39B

.mpack
Size: 512B - Virtual size: 33B

.CRT
Size: 512B - Virtual size: 12B

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 512B - Virtual size: 470B