876c8aa63319b8c0ee3c9ee036955c2efd77084ce43bcd92393b19fcefa03ea6

Sharing

Copy URL

Twitter E-mail

General

Target

876c8aa63319b8c0ee3c9ee036955c2efd77084ce43bcd92393b19fcefa03ea6
Size

1.0MB
MD5

b1b8f20a1789d5b3f3251114b3c533e0
SHA1

b32da0e8d29178d74037e6100bdc8cc788ef477f
SHA256

876c8aa63319b8c0ee3c9ee036955c2efd77084ce43bcd92393b19fcefa03ea6
SHA512

4c11ef1ecbdf19ffb9ea94612ac51c0e0d8df709dada93c69010a90d3012316de9160e1aa29e449cda7263092de0d608d16fb8d8f8c65e7df897499c75a76c66
SSDEEP

12288:upLSYECE0ezC3CE3eZz7b7tiYaZ9gCyWJSA6L85gSGT+hlTr:ELJECVzYaZ9pyWJSQxN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
876c8aa63319b8c0ee3c9ee036955c2efd77084ce43bcd92393b19fcefa03ea6

Files

876c8aa63319b8c0ee3c9ee036955c2efd77084ce43bcd92393b19fcefa03ea6
.exe windows:4 windows x86 arch:x86

6ed6339d0603e5720a7d3ccc48741e45

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\work\N2F\N2F\output\win32\unlimited\Ntfs2Fat32.pdb

Imports

ntdll

ZwQueryVolumeInformationFile
_allmul
_wcslwr
RtlInitUnicodeString
NtUnloadDriver
_chkstk
memset
wcschr
sprintf
memcpy
ZwCreateFile
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ZwQueryDirectoryObject
ZwOpenDirectoryObject
vsprintf
NtLoadDriver
_strupr
_alldiv
wcstoul
wcsstr
wcsncpy
_strnicmp
atoi
strncpy
_wcsnicmp
_wtoi
wcstombs
wcsrchr
strstr
mbstowcs
strrchr
_wcsicmp

rpcrt4

UuidCreate

mfc80u

ord3995
ord2366
ord3155
ord2648
ord1894
ord762
ord3174
ord5715
ord5917
ord1270
ord5397
ord5410
ord5584
ord5519
ord5643
ord5723
ord6033
ord5884
ord6053
ord5633
ord4155
ord3298
ord730
ord2461
ord266
ord265
ord6700
ord282
ord1479
ord899
ord896
ord3189
ord620
ord4098
ord3756
ord5829
ord2159
ord2651
ord2155
ord3755
ord326
ord3198
ord3968
ord4854
ord4857
ord4373
ord4378
ord4375
ord4393
ord4395
ord4380
ord4770
ord4581
ord4172
ord4165
ord4974
ord4383
ord4775
ord4198
ord4784
ord410
ord4437
ord648
ord4438
ord3734
ord4908
ord4513
ord4514
ord4914
ord4553
ord5043
ord4433
ord4362
ord4495
ord4840
ord4964
ord4019
ord4523
ord4474
ord4965
ord4510
ord4667
ord4267
ord4942
ord2711
ord4788
ord1553
ord4281
ord5637
ord4370
ord1351
ord4371
ord3338
ord4957
ord2414
ord4790
ord4704
ord4358
ord2413
ord4799
ord5047
ord4958
ord2415
ord4643
ord4940
ord4501
ord2412
ord4955
ord4668
ord4125
ord2411
ord1293
ord1999
ord4126
ord5202
ord1610
ord5910
ord6763
ord3471
ord3644
ord6115
ord5609
ord4347
ord3824
ord4032
ord1049
ord1096
ord5971
ord2239
ord4535
ord3677
ord3327
ord4475
ord2832
ord566
ord5562
ord757
ord5209
ord5226
ord4562
ord3942
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord2460
ord5398
ord2365
ord3176
ord998
ord2264
ord444
ord677
ord6061
ord4112
ord3395
ord774
ord4230
ord1549
ord1628
ord2081
ord3467
ord642
ord502
ord4882
ord3331
ord1156
ord5981
ord5982
ord5618
ord4119
ord1416
ord563
ord1939
ord753
ord530
ord722
ord557
ord745
ord6001
ord6002
ord1472
ord1198
ord5711
ord1006
ord3990
ord4101
ord2713
ord4100
ord894
ord2260
ord2121
ord5485
ord772
ord860
ord4117
ord602
ord347
ord3281
ord4109
ord5638
ord3678
ord2255
ord2521
ord6058
ord5607
ord6056
ord2362
ord5604
ord5636
ord6050
ord280
ord709
ord501
ord3158
ord3873
ord4226
ord1536
ord2077
ord651
ord2364
ord416
ord658
ord1176
ord1079
ord1058
ord3224
ord6749
ord2952
ord4232
ord2083
ord6086
ord6751
ord587
ord1555
ord2379
ord760
ord2381
ord2399
ord1925
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord5178
ord1955
ord3311
ord4206
ord1647
ord4729
ord1646
ord4884
ord1590
ord2011
ord5196
ord4255
ord1662
ord2531
ord2985
ord1661
ord2725
ord5210
ord715
ord1542
ord2829
ord4234
ord4301
ord1393
ord2708
ord5911
ord6720
ord2856
ord1118
ord6721
ord5908
ord2534
ord1582
ord1611
ord2640
ord2086
ord1608
ord2527
ord3940
ord3712
ord577
ord1392
ord3713
ord4238
ord3703
ord5148
ord2638
ord283
ord293
ord1899
ord3943
ord5067
ord4480
ord4574
ord6271
ord4256
ord5199
ord4179
ord4536
ord3286
ord5727
ord4314
ord1572
ord1634
ord3397
ord4716
ord605
ord4276
ord354
ord1591
ord5956
ord5231
ord5229
ord3635
ord3435
ord920
ord925
ord929
ord3157
ord927
ord931
ord1785
ord2384
ord2404
ord6063
ord2388
ord2394
ord2392
ord1271
ord2390
ord2407
ord2311
ord2402
ord741
ord3204
ord2386
ord2409
ord776
ord2397
ord572
ord764
ord5162
ord5710

msvcr80

_unlock
?terminate@@YAXXZ
__set_app_type
__dllonexit
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_vscprintf
_vscwprintf
vsprintf_s
rand
srand
vswprintf_s
malloc
_vsnwprintf
wcscat_s
_itow
_vsnprintf
strncmp
wcsncmp
_CxxThrowException
wcsncpy_s
_vswprintf
__CxxFrameHandler3
_purecall
wcscpy_s
sprintf_s
free
calloc
memcpy_s
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
memmove_s
_invalid_parameter_noinfo
_swprintf
_beginthreadex
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_encode_pointer

kernel32

GetFileAttributesA
GetExitCodeThread
LocalFree
CreateMutexW
GetPrivateProfileIntA
OpenMutexW
GetPrivateProfileStringA
GetModuleFileNameA
GetCurrentThread
GetWindowsDirectoryW
GetSystemWindowsDirectoryW
ReleaseMutex
SetFilePointer
GetLogicalDrives
LockResource
GetVolumeInformationW
GetDriveTypeW
SetVolumeLabelW
SetUnhandledExceptionFilter
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
DeviceIoControl
CreateFileW
GetFileAttributesW
FindResourceW
GetVersionExW
WriteFile
ReadFile
SetHandleInformation
CreatePipe
CloseHandle
TerminateProcess
WideCharToMultiByte
CreateProcessW
GetExitCodeProcess
Sleep
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetLastError
SetLastError
FindFirstFileW
GetTickCount
WaitForSingleObject
TerminateThread
FindClose
FindNextFileW
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
lstrcpyW
WinExec
lstrlenW
FreeLibrary
FlushFileBuffers
SetVolumeMountPointW
DeleteVolumeMountPointW
GetVolumeNameForVolumeMountPointW
GlobalMemoryStatusEx
GetLocalTime
CreateFileA
CreateDirectoryA
OutputDebugStringA
UnmapViewOfFile
SetEvent
MapViewOfFile
OpenEventW
OpenFileMappingW
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringW
DeleteFileW
WritePrivateProfileStringW
GetPrivateProfileIntW
CreateDirectoryW
GetComputerNameW
RemoveDirectoryW
IsBadWritePtr
CopyFileW
IsBadReadPtr
SetFilePointerEx
GetFileSizeEx
GetSystemTime
SetFileAttributesW
FindResourceExW
lstrlenA
GetFileSize
InterlockedExchange
InterlockedCompareExchange
SizeofResource
GetModuleFileNameW
LoadResource
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetDiskFreeSpaceExW
QueryPerformanceCounter
GetStartupInfoW

user32

TabbedTextOutW
GetClientRect
DrawIconEx
DrawStateW
SetRect
PostMessageW
EnableWindow
UnregisterClassA
FillRect
DrawTextW
GetParent
DrawTextExW
GrayStringW
InvalidateRect
GetWindowTextW
InflateRect
GetSystemMetrics
SendMessageW
LoadIconW
wsprintfW
IsWindow
DestroyCursor
IsWindowVisible
CopyIcon
SetCursor
RedrawWindow
GetCursorPos
SetWindowLongW
GetFocus
PtInRect
LoadCursorW
GetSysColor
UpdateWindow
GetDC
ExitWindowsEx
ReleaseDC
DrawIcon
IsIconic
AppendMenuW
GetSystemMenu
GetWindowRect
KillTimer
SetTimer
LoadBitmapW
MessageBeep

gdi32

GetCurrentObject
DeleteDC
SetTextJustification
LineTo
MoveToEx
SetBkColor
SetBkMode
SetTextColor
DeleteObject
CreateFontIndirectW
GetDeviceCaps
CreateFontW
Rectangle
GetObjectW
GetStockObject
CreatePen
CreateCompatibleBitmap
LPtoDP
RoundRect
CreateCompatibleDC
Escape
SelectObject
ExtTextOutW
TextOutW
GetTextExtentPoint32W
BitBlt
RectVisible
GetBkColor
PtVisible
DPtoLP
CreateSolidBrush
GetTextMetricsW

advapi32

ConvertStringSidToSidW
SetNamedSecurityInfoW
RegOpenKeyA
RegQueryValueExA
RegOpenKeyW
RegQueryValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
EqualSid
GetTokenInformation
FreeSid
OpenProcessToken
OpenThreadToken
AllocateAndInitializeSid
RegOpenKeyExW
RegQueryValueExW
ConvertSecurityDescriptorToStringSecurityDescriptorW
RegQueryInfoKeyW
RegSetKeySecurity
RegEnumKeyExW
RegDeleteValueW
RegFlushKey
RegUnLoadKeyW
RegEnumValueW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
RegGetKeySecurity
RegLoadKeyW
SetEntriesInAclW
DecryptFileW
RegCloseKey
RegQueryMultipleValuesA
RegOpenKeyExA
BuildExplicitAccessWithNameW

shell32

SHGetFolderPathW
ShellExecuteW

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathFileExistsW

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IPB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

winhttp

WinHttpSetOption
WinHttpCloseHandle
WinHttpWriteData
WinHttpConnect
WinHttpSendRequest
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpOpen

Exports

Exports

GetObjGAHelp
GetObjGATrackingData
GetObjGoogleAnalytics

Sections

.text
Size: 384KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 556KB - Virtual size: 556KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6ed6339d0603e5720a7d3ccc48741e45

Headers

File Characteristics

PDB Paths

Imports

ntdll

rpcrt4

mfc80u

msvcr80

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

msvcp80

winhttp

Exports

Exports

Sections

.text Size: 384KB - Virtual size: 380KB

.rdata Size: 92KB - Virtual size: 91KB

.data Size: 16KB - Virtual size: 30KB

.rsrc Size: 556KB - Virtual size: 556KB

.text
Size: 384KB - Virtual size: 380KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 16KB - Virtual size: 30KB

.rsrc
Size: 556KB - Virtual size: 556KB