FBBD4982E64C626523812A303142F931[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

FBBD4982E64C626523812A303142F931.exe
Size

2.5MB
MD5

fbbd4982e64c626523812a303142f931
SHA1

02a8ca25683c6bb8208023552c1ea351cbdc536c
SHA256

0d7652a249719f100427e9a2ebe16a703def870602183fc73b0fe33d623404f8
SHA512

81fced6cab4de2838ed8c9d2515c7ed9298c95de8abb2436f1d7fe56fedc8fa220fdd726507dc9fc54a4d735e0fc77e9ab3f4fdd3c1d0a075a70421f217bd131
SSDEEP

24576:gbzLCxGB+9p53eCDKNiSptPt5yByS9NM2zMApFgsFuwlS2Jt1O3PYkoUvgTCEfJg:+mveC0tj8Sid9Zs7ch2d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FBBD4982E64C626523812A303142F931.exe

Files

FBBD4982E64C626523812A303142F931.exe
.exe windows:4 windows x86 arch:x86

920d92eab9ca6793438ad70c3adb962f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
SystemFunction036

gdi32

ChoosePixelFormat
CreateBitmap
CreateDCW
CreateDIBSection
CreateRectRgn
DeleteDC
DeleteObject
DescribePixelFormat
GetDIBits
GetDeviceCaps
GetDeviceGammaRamp
GetObjectW
SetDeviceGammaRamp
SetPixelFormat
SwapBuffers

kernel32

AddVectoredExceptionHandler
AreFileApisANSI
BeginUpdateResourceW
CloseHandle
CreateEventA
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileW
CreateMutexA
CreateMutexW
CreateProcessW
CreateSemaphoreA
CreateSemaphoreW
CreateThread
DeleteCriticalSection
DeviceIoControl
DuplicateHandle
EndUpdateResourceW
EnterCriticalSection
FindFirstFileW
FindNextFileW
FindResourceW
FormatMessageW
FreeLibrary
FreeLibraryAndExitThread
GetConsoleTitleA
GetConsoleTitleW
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesW
GetFileSize
GetFullPathNameW
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessTimes
GetProcessWorkingSetSize
GetStartupInfoA
GetStartupInfoW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempFileNameW
GetTempPathW
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount64
GetTickCount
GetVersion
GetVersionExW
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalMemoryStatusEx
GlobalUnlock
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LoadResource
LocalFree
LockResource
MapViewOfFile
MultiByteToWideChar
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserAPC
RaiseException
ReadFile
ReleaseMutex
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetConsoleTitleA
SetConsoleTitleW
SetEvent
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
SetProcessAffinityMask
SetThreadAffinityMask
SetThreadContext
SetThreadExecutionState
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnmapViewOfFile
UpdateResourceW
VerSetConditionMask
VirtualAlloc
VirtualFree
VirtualLock
VirtualProtect
VirtualQuery
VirtualUnlock
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile
lstrlenW

msacm32

acmStreamClose
acmStreamConvert
acmStreamOpen
acmStreamPrepareHeader
acmStreamSize
acmStreamUnprepareHeader

msvcrt

_CIacos
_CIexp
_CIpow
__getmainargs
__initenv
__mb_cur_max
__p__acmdln
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_adjust_fdiv
_amsg_exit
_beginthreadex
_cexit
_close
_dup
_dup2
_endthreadex
_errno
_fdopen
_filelengthi64
_fileno
_fileno
_fstat64
_get_osfhandle
_initterm
_iob
_lock
_lrotr
_lseeki64
_onexit
_pipe
_setjmp3
_read
_strdup
_strdup
_stricmp
_stricmp
_strnicmp
_ultoa
_unlock
_vsnprintf
_waccess
_wcsdup
_wcslwr
_wfopen
_wmkdir
_wopen
_wremove
_wrename
_wrmdir
_write
abort
acos
atof
atoi
calloc
ceil
exit
fclose
fflush
fgetpos
floor
fopen
fprintf
fputc
fputs
fputwc
fread
free
fwprintf
fseek
fsetpos
ftell
fwrite
getc
gmtime
getwc
islower
isspace
isupper
iswctype
isxdigit
ldexp
localeconv
localtime
longjmp
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
printf
putc
putwc
qsort
realloc
setlocale
setvbuf
signal
sprintf
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtol
strtoul
strxfrm
tan
tolower
towlower
towupper
ungetc
ungetwc
vfprintf
wcschr
wcscmp
wcscoll
wcscpy
wcsftime
wcslen
wcsncmp
wcsrchr
wcsstr
wcsxfrm

ole32

CLSIDFromString
CoCreateInstance
CoInitialize
CoInitializeEx
CoTaskMemFree
CoUninitialize
PropVariantClear

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchStripToRoot

shell32

DragAcceptFiles
DragFinish
DragQueryFileW
DragQueryPoint
SHBrowseForFolderW
SHCreateDirectory
SHGetFolderPathW
SHGetKnownFolderPath
SHGetPathFromIDListW
ShellExecuteExW
ShellExecuteW

shlwapi

PathFileExistsW
PathRemoveFileSpecA

user32

AdjustWindowRectEx
BringWindowToTop
ChangeDisplaySettingsExW
CharToOemW
ClientToScreen
ClipCursor
CloseClipboard
CreateIconIndirect
CreateWindowExW
DefWindowProcW
DestroyIcon
DestroyWindow
DispatchMessageW
EmptyClipboard
EnumDisplayDevicesW
EnumDisplayMonitors
EnumDisplaySettingsExW
EnumDisplaySettingsW
ExitWindowsEx
FindWindowA
FlashWindow
GetActiveWindow
GetAsyncKeyState
GetCapture
GetCaretPos
GetClassLongW
GetClientRect
GetClipboardData
GetClipboardOwner
GetClipboardViewer
GetCursorPos
GetDC
GetDesktopWindow
GetFocus
GetIconInfo
GetInputState
GetKeyState
GetLayeredWindowAttributes
GetMessagePos
GetMessageTime
GetMonitorInfoW
GetOpenClipboardWindow
GetProcessWindowStation
GetPropW
GetRawInputData
GetRawInputDeviceInfoA
GetRawInputDeviceList
GetSystemMetrics
GetWindowLongW
GetWindowRect
IsIconic
IsWindowVisible
IsZoomed
LoadCursorW
LoadIconW
LoadImageW
MapVirtualKeyW
MessageBoxW
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
OemToCharW
OpenClipboard
PeekMessageW
PostMessageW
PtInRect
RedrawWindow
RegisterClassExW
RegisterDeviceNotificationW
RegisterRawInputDevices
ReleaseCapture
ReleaseDC
RemovePropW
ScreenToClient
SendMessageW
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetPropW
SetRect
SetWindowLongW
SetWindowPos
SetWindowTextW
ShowWindow
SystemParametersInfoW
ToUnicode
TrackMouseEvent
TranslateMessage
UnregisterClassW
UnregisterDeviceNotification
WaitMessage
WindowFromPoint

winmm

mixerClose
mixerGetControlDetailsA
mixerGetDevCapsA
mixerGetLineControlsA
mixerGetLineInfoA
mixerGetLineInfoW
mixerGetNumDevs
mixerOpen
mixerSetControlDetails
timeBeginPeriod
timeEndPeriod
timeGetTime

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 370KB - Virtual size: 369KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 348KB - Virtual size: 347KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 240KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

920d92eab9ca6793438ad70c3adb962f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

gdi32

kernel32

msacm32

msvcrt

ole32

api-ms-win-core-path-l1-1-0

shell32

shlwapi

user32

winmm

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.data Size: 145KB - Virtual size: 144KB

.rdata Size: 370KB - Virtual size: 369KB

.eh_fram Size: 348KB - Virtual size: 347KB

.bss Size: - Virtual size: 240KB

.idata Size: 12KB - Virtual size: 12KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 138KB - Virtual size: 137KB

.reloc Size: 48KB - Virtual size: 48KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 145KB - Virtual size: 144KB

.rdata
Size: 370KB - Virtual size: 369KB

.eh_fram
Size: 348KB - Virtual size: 347KB

.bss
Size: - Virtual size: 240KB

.idata
Size: 12KB - Virtual size: 12KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 138KB - Virtual size: 137KB

.reloc
Size: 48KB - Virtual size: 48KB