15ef28dd5be5acfa85b133f812ac3e4d[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

15ef28dd5be5acfa85b133f812ac3e4d.exe
Size

778KB
MD5

15ef28dd5be5acfa85b133f812ac3e4d
SHA1

ddfdca80b483e2019090d03b5f8343add325c08a
SHA256

bdd751544c3e16ae0d4606061dc703549fdf98bef14160fe13b8a5719b6217f4
SHA512

fcbf351893aff0f625bfdd0e30c4cfdf590ebc608316fb010a94133bf03804ed871666e306891687a8160d6fa1f569656ff8f827a85150578866e2e11a86537b
SSDEEP

24576:kogBkoMNVdp0+WO5mehvrrc4EnQ0VcP3zy1QN0Qqx:rgeUGtrc3UP21QN0Qqx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15ef28dd5be5acfa85b133f812ac3e4d.exe

Files

15ef28dd5be5acfa85b133f812ac3e4d.exe
.exe windows:4 windows x86 arch:x86

e70fa11baca858daaadcacea1b6a501d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
SetConsoleCtrlHandler
LoadLibraryA
GetEnvironmentStringsW
GetModuleFileNameW
VirtualProtect
InterlockedCompareExchange
TerminateProcess
GetModuleFileNameA
CreateProcessW
GetVersionExA
lstrcpynW
CompareStringW
CloseHandle
GetVersion
GetModuleHandleA
HeapReAlloc
GetProcAddress
CreateThread
SetFileTime
ExitProcess
CreateFileA
EnterCriticalSection
GetSystemTimeAsFileTime
GetEnvironmentStrings
RaiseException
lstrcatW
GetFileTime
lstrlenA
HeapAlloc
TlsAlloc
LCMapStringA
lstrcpyA
GetShortPathNameW
VirtualAlloc
GetSystemTime
FindNextFileW
SetLastError
FindFirstFileW
GetWindowsDirectoryA
GetFileAttributesA
GetVolumeInformationW
GetCPInfo
GetStringTypeA
GetCurrentProcessId
CopyFileW
UnmapViewOfFile
TlsSetValue
MultiByteToWideChar
GetLastError
GetStdHandle
HeapDestroy
LoadResource
lstrcmpiW
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
GetAtomNameW
GetFileAttributesW
GetTickCount
lstrcmpiA
ResetEvent
WideCharToMultiByte

user32

MsgWaitForMultipleObjects
GetKeyboardState
UnregisterClassA
SetActiveWindow
SetFocus
DestroyIcon
GetCursorPos
ValidateRect
SetProcessWindowStation
IntersectRect
GetWindowLongA
GetWindow
GetKeyState
GetWindowThreadProcessId
GetDlgItemTextA
GetWindowTextA
DispatchMessageA
IsIconic
GetWindowDC
SendMessageA
InvalidateRect
GetForegroundWindow
CheckRadioButton
GetClientRect
SetThreadDesktop
TrackPopupMenu
PeekMessageA
DefWindowProcA
LoadMenuW
OpenDesktopA
CheckMenuItem
UpdateWindow
CloseDesktop

msvcrt

_vsnwprintf
malloc
__set_app_type
?terminate@@YAXXZ
fprintf
_initterm
_adjust_fdiv
_wcsnicmp
memmove

shlwapi

wnsprintfW
PathRemoveFileSpecW
PathMatchSpecW
SHDeleteKeyA
PathCombineW
PathFileExistsW
PathFindFileNameW
wvnsprintfW
StrCmpNIW
StrCmpNIA

advapi32

RegCloseKey
CryptHashData
RegEnumKeyExA
CryptCreateHash
AllocateAndInitializeSid
RegQueryValueExA
CryptDestroyHash
RegDeleteValueA
CryptGetHashParam
RegCreateKeyExA
CryptReleaseContext
SetSecurityDescriptorDacl
RegQueryInfoKeyW
CryptAcquireContextW
DuplicateTokenEx

aclui

CreateSecurityPage

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e70fa11baca858daaadcacea1b6a501d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcrt

shlwapi

advapi32

aclui

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 18KB - Virtual size: 47KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 18KB - Virtual size: 47KB

.rsrc
Size: 2KB - Virtual size: 1KB