4ea9314793379be4bb48d6a221878706[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4ea9314793379be4bb48d6a221878706.exe
Size

30KB
MD5

4ea9314793379be4bb48d6a221878706
SHA1

84333a52cd0f96006ffab0048342b672cce9a903
SHA256

745c3a735f2898c2b7bba021e2a512e1eeac7900fa6b00a2fa06c4911882cd31
SHA512

b644f07be8b5947965b80b3aae7494d6f3196e99947ad802facaa677e99275d07946f27ca97f5ec39c028f76cb811231921787140cb49c21689c2ae1236e7f59
SSDEEP

768:24zK4TS1UOs1GRWUc0PJPmTEjSE3JEiiB2axfk8QPz9bglegG81:22KRlRWB0PJPmTEjX3JE9BpRrqVgv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ea9314793379be4bb48d6a221878706.exe

Files

4ea9314793379be4bb48d6a221878706.exe
.exe windows:5 windows x86 arch:x86

140a0805e9e26902399c61cfae24e10b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msasn1

ASN1BERDecUTF8String
ASN1_CreateModule
ASN1BERDecUTCTime
ASN1BERDecOctetString
ASN1BEREncU32
ASN1BERDecChar16String
ASN1CEREncUTCTime
ASN1BERDecMultibyteString
ASN1BERDecPeekTag
ASN1BERDecExplicitTag
ASN1_Encode
ASN1BEREoid_free
ASN1BEREncSX
ASN1BEREncBitString
ASN1BEREncExplicitTag
ASN1BEREncCharString
ASN1char32string_free
ASN1CEREncFlushBlkElement
ASN1BEREncMultibyteString
ASN1_CloseModule
ASN1BEREoid2DotVal
ASN1intx_free
ASN1BEREncEoid
ASN1BERDecZeroCharString
ASN1BERDecU32Val
ASN1BEREncOctetString
ASN1open_free
ASN1charstring_free
ASN1BERDecS32Val
ASN1BEREncChar32String
ASN1ztcharstring_free
ASN1Free
ASN1BEREncBool
ASN1DecRealloc
ASN1DecSetError
ASN1_FreeEncoded
ASN1_Decode
ASN1_SetEncoderOption
ASN1_FreeDecoded
ASN1BEREncUTF8String
ASN1BERDecBool
ASN1BERDotVal2Eoid
ASN1_CloseEncoder
ASN1_CreateDecoder
ASN1BERDecEndOfContents
ASN1BEREncEndOfContents
ASN1BERDecBitString2
ASN1CEREncEndBlk
ASN1BERDecGeneralizedTime
ASN1objectidentifier2_cmp
ASN1BEREncObjectIdentifier2
ASN1CEREncNewBlkElement
ASN1_CreateEncoder
ASN1BEREncOpenType
ASN1bitstring_free
ASN1BERDecOpenType
ASN1BERDecNotEndOfContents
ASN1BERDecObjectIdentifier2
ASN1BEREncChar16String
ASN1CEREncGeneralizedTime
ASN1BERDecChar32String
ASN1BEREncS32
ASN1BERDecBitString
ASN1BERDecSXVal
ASN1utf8string_free
ASN1_CloseDecoder
ASN1EncSetError
ASN1BERDecOpenType2
ASN1BERDecCharString
ASN1char16string_free
ASN1CEREncBeginBlk
ASN1BERDecEoid
ASN1BERDecOctetString2
ASN1octetstring_free

kernel32

InitializeCriticalSection
FindNextFileW
WriteFile
FreeLibrary
FindClose
InterlockedDecrement
GetDateFormatW
ExitThread
CompareFileTime
OpenMutexW
QueryPerformanceCounter
GetModuleHandleA
UnmapViewOfFile
ExpandEnvironmentStringsW
CompareStringW
OutputDebugStringA
InterlockedExchange
FindNextChangeNotification
LeaveCriticalSection
lstrcatA
GetACP
ReadFile
GetCurrentThread
GetSystemTime
GetCurrentProcess
VirtualAlloc
GetTimeFormatW
FormatMessageW
CompareStringA
FormatMessageA
UnhandledExceptionFilter
GetFileAttributesA
GetTickCount
DeleteFileA
FileTimeToLocalFileTime
LoadLibraryA
CreateMutexW
lstrcpyA
lstrcmpA
SetFilePointer
LoadLibraryExW
GetSystemTimeAsFileTime
SetFileAttributesA
lstrlenW
OpenEventA
GetSystemDefaultLangID
GetComputerNameA
TlsFree
GetFileAttributesExW
SetUnhandledExceptionFilter
GetTimeFormatA
FreeLibraryAndExitThread
SetFileAttributesW
EnterCriticalSection
LocalFree
FindFirstChangeNotificationW
DelayLoadFailureHook
lstrlenA
GetModuleFileNameA
CreateFileMappingA
GetModuleFileNameW
PulseEvent
CreateEventA
WideCharToMultiByte
CreateFileMappingW
DeleteCriticalSection
FindFirstFileA
ExpandEnvironmentStringsA
LoadLibraryExA
SetEvent
WaitForSingleObject
WaitForMultipleObjectsEx
CreateFileA
GetUserDefaultLCID
GetCurrentThreadId
FindCloseChangeNotification
MultiByteToWideChar
GetVersionExA
GetFileSize
Sleep
SetLastError
OpenFileMappingW
GetDateFormatA
GetTempFileNameA
TlsAlloc
SetEndOfFile
FindFirstChangeNotificationA
CreateDirectoryW
OpenMutexA
GetFileAttributesW
GetComputerNameW
LocalReAlloc
CreateMutexA
CreateDirectoryA
CreateFileW
CreateThread
MapViewOfFile
FindFirstFileW
TerminateProcess
GetProcAddress
GetTempPathA
GetLocalTime
LocalSize
DuplicateHandle
GetCurrentProcessId
FileTimeToSystemTime
GetLastError
InterlockedIncrement
DeleteFileW
SystemTimeToFileTime
FindNextFileA
LocalAlloc
ReleaseMutex
WaitForSingleObjectEx
CloseHandle
TlsGetValue
TlsSetValue
GetEnvironmentVariableA

user32

wsprintfW
LoadStringA
MessageBoxW
LoadStringW
wsprintfA
MessageBoxA
GetProcessDefaultLayout
GetSystemMetrics

rpcrt4

RpcStringBindingComposeW
UuidToStringA
RpcBindingFromStringBindingW
NdrClientCall2
RpcStringBindingComposeA
RpcStringFreeA
RpcBindingFromStringBindingA
RpcEpResolveBinding
RpcStringFreeW
RpcRevertToSelf
UuidCreate
RpcBindingSetAuthInfoExW
RpcImpersonateClient
RpcBindingFree

msvcrt

isdigit
wcscmp
_wcsnicmp
isxdigit
_ultoa
atol
__dllonexit
_ltow
memcpy
free
sprintf
wcschr
malloc
strncpy
_snwprintf
wcslen
_itow
_onexit
memmove
strtoul
_adjust_fdiv
_snprintf
_ltoa
_except_handler3
qsort
wcscat
_wcsicmp
wcscpy
isupper
bsearch
_initterm
strncmp

advapi32

RegEnumKeyA
ChangeServiceConfigA
RegEnumValueA
LsaNtStatusToWinError
OpenProcessToken
RegConnectRegistryW
UnlockServiceDatabase
RegGetKeySecurity
RegSetValueExW
CopySid
MD5Final
AddAccessAllowedAce
RegQueryValueExA
GetAce
IsValidSid
MD5Update
LookupAccountSidW
CryptGetUserKey
RegDeleteValueW
InitializeSecurityDescriptor
FreeSid
RegNotifyChangeKeyValue
RegCloseKey
GetSidIdentifierAuthority
RegSetValueExA
CryptEncrypt
RegQueryInfoKeyA
RegEnumKeyExW
ControlService
SetSecurityDescriptorOwner
CryptSetKeyParam
CryptHashData
MD5Init
RegCreateKeyExA
GetSecurityDescriptorDacl
CryptGetDefaultProviderW
RegEnumValueW
GetUserNameW
GetLengthSid
GetSidSubAuthority
CryptCreateHash
StartServiceA
CryptSetHashParam
RegDeleteKeyW
SetSecurityDescriptorGroup
EqualSid
LockServiceDatabase
SystemFunction041
CryptDeriveKey
CryptGenKey
CryptGetKeyParam
RegEnumKeyExA
GetSecurityDescriptorOwner
CryptSignHashA
GetUserNameA
CryptReleaseContext
GetSidSubAuthorityCount
RegConnectRegistryA
CryptDestroyHash
GetTokenInformation
RegCreateKeyExW
RegOpenKeyExW
SetSecurityDescriptorDacl
SystemFunction040
QueryServiceStatus
OpenSCManagerW
LookupPrivilegeValueA
InitializeAcl
RegOpenKeyExA
A_SHAUpdate
CryptSetProviderA
RegQueryInfoKeyW
RegDeleteKeyA
QueryServiceConfigA
OpenThreadToken
CloseServiceHandle
CryptGetProvParam
CryptDestroyKey
CryptSetProvParam
CryptVerifySignatureA
StartServiceW
CryptGetHashParam
AllocateAndInitializeSid
CryptExportKey
RegSetKeySecurity
CryptGenRandom
CryptDecrypt
OpenServiceW
AdjustTokenPrivileges
RegDeleteValueA
CryptAcquireContextA
CryptImportKey
A_SHAInit
A_SHAFinal
RegQueryValueExW

adsldpc

ADsFreeColumn

Sections

.textbss
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 28KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

140a0805e9e26902399c61cfae24e10b

Headers

DLL Characteristics

File Characteristics

Imports

msasn1

kernel32

user32

rpcrt4

msvcrt

advapi32

adsldpc

Sections

.textbss Size: - Virtual size: 80KB

.text Size: 512B - Virtual size: 412B

.rdata Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 196B

.idata Size: 28KB - Virtual size: 104KB

.textbss
Size: - Virtual size: 80KB

.text
Size: 512B - Virtual size: 412B

.rdata
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 196B

.idata
Size: 28KB - Virtual size: 104KB