e3636303c85406b854a592ad31c355a9f560b2c10a0a80bf6fc844b9b1196ca6[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

e3636303c85406b854a592ad31c355a9f560b2c10a0a80bf6fc844b9b1196ca6.exe
Size

1.8MB
MD5

e048c32b638aa6cb6fe0327d35989980
SHA1

b72e14081281515556e54a4447abfa2dd136258a
SHA256

e3636303c85406b854a592ad31c355a9f560b2c10a0a80bf6fc844b9b1196ca6
SHA512

c53737f5b21646e0cd928831921954b14e48c74339018cab56e65f6cb896190a310f7cdce4b18ce5864fe0a4f8af1a6e60c2be06c33c455d6a9875787ee2fc8f
SSDEEP

49152:eBhdhEdyqKVOcHonK7xEsitP6REScETkH8:eBhXevQoK7Wsi0KS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e3636303c85406b854a592ad31c355a9f560b2c10a0a80bf6fc844b9b1196ca6.exe

Files

e3636303c85406b854a592ad31c355a9f560b2c10a0a80bf6fc844b9b1196ca6.exe
.exe windows:6 windows x86 arch:x86

78a1829b465adb156d5a454c421c2627

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LocalFree
WTSGetActiveConsoleSessionId
GetCurrentProcessId
GetModuleHandleW
QueryFullProcessImageNameW
GetTickCount
FindFirstFileW
FindNextFileW
FindClose
lstrcmpW
GetCurrentProcess
LocalAlloc
GetCurrentThread
InitializeCriticalSectionEx
RaiseException
DecodePointer
GetVersionExW
GetStdHandle
GetEnvironmentVariableW
GetFileType
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
QueryPerformanceCounter
GetSystemTimeAsFileTime
DeleteFiber
WideCharToMultiByte
ConvertFiberToThread
FreeLibrary
LoadLibraryA
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
WriteConsoleW
LoadLibraryW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
Process32FirstW
Process32NextW
ProcessIdToSessionId
CreateToolhelp32Snapshot
OpenProcess
K32GetProcessImageFileNameW
K32GetModuleFileNameExW
TerminateProcess
CreateTimerQueue
CreateIoCompletionPort
lstrcmpiW
lstrcpyW
CreateThread
lstrcatW
PostQueuedCompletionStatus
ExitThread
GetQueuedCompletionStatus
DeleteTimerQueue
CreateTimerQueueTimer
CancelIo
GetProcessHeap
HeapAlloc
HeapFree
SetCurrentDirectoryW
Sleep
WaitForSingleObject
CreateMutexW
GetLocalTime
GetDriveTypeW
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
SetVolumeMountPointW
GetDiskFreeSpaceExW
lstrlenW
FindFirstVolumeW
GetLogicalDrives
GetVolumeInformationW
SetFileAttributesW
GetFileAttributesW
DeleteCriticalSection
ReadFile
GetFileInformationByHandle
CreateFileW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetFileSizeEx
CreateDirectoryW
GetTimeZoneInformation
HeapReAlloc
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleOutputCP
GetCommandLineW
GetCommandLineA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetModuleFileNameW
FlushFileBuffers
MoveFileW
SetFilePointerEx
CloseHandle
DeleteFileW
GetLastError
SetEndOfFile
SetConsoleCtrlHandler
ExitProcess
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
VirtualFree
VirtualProtect
VirtualAlloc
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
WriteFile
HeapSize
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
SetEvent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
GetStringTypeW
GetCurrentDirectoryW
FindFirstFileExW
GetFullPathNameW
TryEnterCriticalSection
CreateEventW
SwitchToThread
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter

user32

GetProcessWindowStation
GetUserObjectInformationW
wvsprintfW
wsprintfW
MessageBoxW

advapi32

CryptGetUserKey
QueryServiceStatusEx
DuplicateTokenEx
EnumServicesStatusW
OpenServiceW
ChangeServiceConfigW
StartServiceW
OpenProcessToken
EnumDependentServicesW
ControlService
OpenSCManagerW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
LookupPrivilegeNameW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegGetValueW
RegDeleteValueW
OpenThreadToken
RegEnumValueW
GetTokenInformation
RevertToSelf
SetThreadToken
CloseServiceHandle
InitiateSystemShutdownExW

shell32

SHCreateItemFromParsingName

ole32

CoTaskMemFree
CoUninitialize
CoInitialize

shlwapi

StrStrIA
PathFindExtensionW
PathRemoveFileSpecW
PathFileExistsW
StrStrIW

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertOpenStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertDuplicateCertificateContext

ws2_32

gethostbyname
WSAIoctl
WSASocketW
WSAStartup
socket
WSAAddressToStringW
inet_ntoa
gethostname
getsockopt
inet_ntop
htons
setsockopt
WSAGetLastError
bind
WSACleanup
recv
send
WSASetLastError
closesocket
shutdown

iphlpapi

GetIpNetTable

netapi32

NetApiBufferFree
NetShareEnum

mpr

WNetCloseEnum
WNetOpenEnumW
WNetEnumResourceW

bcrypt

BCryptGenRandom

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 426KB - Virtual size: 425KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78a1829b465adb156d5a454c421c2627

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

crypt32

ws2_32

iphlpapi

netapi32

mpr

bcrypt

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 426KB - Virtual size: 425KB

.data Size: 13KB - Virtual size: 30KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 59KB - Virtual size: 58KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 426KB - Virtual size: 425KB

.data
Size: 13KB - Virtual size: 30KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 59KB - Virtual size: 58KB