PROFORMA INVOICE - - CNWES073 (25-6-24)[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

PROFORMA INVOICE - - CNWES073 (25-6-24).exe
Size

1.9MB
MD5

83a4038d2f875d6e6ef8648d6a9e22b6
SHA1

56452775610aa2c727ab00b1dfa57d7ef3c7b62c
SHA256

049acac7133fea86393fc7ee9d20f84d680b71243126c9c63465c8b13cf6d547
SHA512

42975c4edee1c7fe26e6306aee2de803ff92ff3bd0df4868e59699a8ae72e6c7f354526ee6240cc9c49424e7cb9becc946a547ecab482faa476048dca7a51c5e
SSDEEP

49152:zOD+bTI6YTDml4HJPHDQkOBU0f9iygcrxZ3aU5Z5IrRo2ht171vvkXziEIw03s:qv85yEz03

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PROFORMA INVOICE - - CNWES073 (25-6-24).exe

Files

PROFORMA INVOICE - - CNWES073 (25-6-24).exe
.exe windows:6 windows x64 arch:x64

8f2ed59ffaf0389477f5411c8b4c37fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Imports

advapi32

AdjustTokenPrivileges
CreateWellKnownSid
DeregisterEventSource
DuplicateTokenEx
GetSecurityDescriptorLength
GetTokenInformation
GetWindowsAccountDomainSid
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyExW
RegDeleteTreeW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExA
RegSetValueExW
RegisterEventSourceW
ReportEventW
RevertToSelf
SetThreadToken

bcrypt

BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptDecrypt
BCryptDestroyKey
BCryptGenRandom

kernel32

TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
AllocConsole
CancelThreadpoolIo
CloseHandle
CloseThreadpoolIo
CopyFileExW
CreateDirectoryW
CreateEventExW
CreateFileW
CreateProcessA
CreateSymbolicLinkW
CreateThreadpoolIo
DeleteCriticalSection
DeleteFileW
DeleteVolumeMountPointW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNextFileW
FormatMessageW
FreeConsole
FreeLibrary
GetCPInfo
GetConsoleOutputCP
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumberEx
GetCurrentThread
GetDynamicTimeZoneInformation
GetEnvironmentVariableW
GetFileAttributesExW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetLogicalDrives
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetOverlappedResult
GetProcAddress
GetStdHandle
GetSystemTime
GetThreadPriority
GetTickCount64
GetTimeZoneInformation
GetVolumeInformationW
InitializeConditionVariable
InitializeCriticalSection
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryExW
LocalAlloc
LocalFree
MoveFileExW
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseFailFastException
ReadFile
RemoveDirectoryW
ReplaceFileW
ResetEvent
ResumeThread
SetEvent
SetFileAttributesW
SetFileInformationByHandle
SetLastError
SetThreadErrorMode
SetThreadPriority
Sleep
SleepConditionVariableCS
StartThreadpoolIo
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
VirtualAlloc
VirtualFree
WaitForMultipleObjectsEx
WakeConditionVariable
WideCharToMultiByte
WriteFile
FlushProcessWriteBuffers
WaitForSingleObjectEx
RtlVirtualUnwind
RtlCaptureContext
RtlRestoreContext
VerSetConditionMask
AddVectoredExceptionHandler
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
SwitchToThread
CreateThread
GetCurrentThreadId
SuspendThread
GetThreadContext
SetThreadContext
QueryInformationJobObject
GetModuleHandleW
GetModuleHandleExW
GetProcessAffinityMask
VerifyVersionInfoW
InitializeContext
GetEnabledXStateFeatures
SetXStateFeaturesMask
VirtualQuery
GetSystemTimeAsFileTime
InitializeCriticalSectionEx
DebugBreak
WaitForSingleObject
SleepEx
GlobalMemoryStatusEx
GetSystemInfo
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
K32GetProcessMemoryInfo
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry

ole32

CoWaitForMultipleHandles
CoGetApartmentType
CoCreateGuid
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc

api-ms-win-crt-math-l1-1-0

__setusermatherr
modf
ceil

api-ms-win-crt-heap-l1-1-0

_callnewh
free
_set_new_mode
calloc
malloc

api-ms-win-crt-string-l1-1-0

strcmp
wcsncmp
_stricmp
strcpy_s

api-ms-win-crt-convert-l1-1-0

strtoull

api-ms-win-crt-runtime-l1-1-0

abort
_c_exit
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_seh_filter_exe
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_register_thread_local_exe_atexit_callback
_initterm_e
exit
_exit
_initterm
__p___argc
__p___wargv
_cexit

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

DotNetRuntimeDebugHeader

Sections

.text
Size: 405KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.managed
Size: 711KB - Virtual size: 711KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

hydrated
Size: - Virtual size: 252KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 446KB - Virtual size: 446KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f2ed59ffaf0389477f5411c8b4c37fd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

bcrypt

kernel32

ole32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 405KB - Virtual size: 405KB

.managed Size: 711KB - Virtual size: 711KB

hydrated Size: - Virtual size: 252KB

.rdata Size: 446KB - Virtual size: 446KB

.data Size: 6KB - Virtual size: 53KB

.pdata Size: 66KB - Virtual size: 65KB

.rsrc Size: 269KB - Virtual size: 268KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 405KB - Virtual size: 405KB

.managed
Size: 711KB - Virtual size: 711KB

hydrated
Size: - Virtual size: 252KB

.rdata
Size: 446KB - Virtual size: 446KB

.data
Size: 6KB - Virtual size: 53KB

.pdata
Size: 66KB - Virtual size: 65KB

.rsrc
Size: 269KB - Virtual size: 268KB

.reloc
Size: 1KB - Virtual size: 1KB