1401d3610d242c3b672b74cffc68ee50N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1401d3610d242c3b672b74cffc68ee50N.exe
Size

80KB
MD5

1401d3610d242c3b672b74cffc68ee50
SHA1

27ba0a2697720779d0a10a0950f5cb803c61c7e2
SHA256

907a9fd3b9154a5f0a16be22cc5f527ba834796f0f3e4036a016bf43c3245970
SHA512

c9bc1768781f22fbe5f3530488d77734a788808535a96d828ca7c24df66ccb3fd0ccfdd3fbfa856b283cef666dec81d722805b4f89ff87e95d925ec948fab1b0
SSDEEP

768:PwZduHVlsipeDwQTGJuMQaM2Aqe/kh/HOnxTrU/jOK8FP5DNO9UhoDuKlpbK87sg:5Qwe847byNuxTrUaK89AWYnlpbmg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1401d3610d242c3b672b74cffc68ee50N.exe

Files

1401d3610d242c3b672b74cffc68ee50N.exe
.dll windows:4 windows x86 arch:x86

a24276986c04982623aad7ff9f9548fb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
InterlockedDecrement
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetModuleFileNameW
LoadLibraryW
CloseHandle
FlushFileBuffers
LCMapStringW
LCMapStringA
SetStdHandle
GetProcAddress
FreeLibrary
GetLastError
MultiByteToWideChar
lstrlenA
LocalFree
RtlUnwind
HeapFree
HeapReAlloc
HeapAlloc
GetCommandLineA
GetVersion
RaiseException
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetFilePointer
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA

user32

wsprintfW

advapi32

RegCloseKey
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW

ole32

CLSIDFromProgID
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
VariantInit
SysStringLen
SysAllocStringByteLen
SysAllocString
SysFreeString

fcresc

LoadFCString

Exports

Exports

EnableFortiVSAPI
RegFortiVSAPI
VirusScanAndClean2
VirusScanInit2
VirusScanTerm2

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a24276986c04982623aad7ff9f9548fb

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

fcresc

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 19KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB