1ccd642776b2194bab6ecadc529ef210N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

1ccd642776b2194bab6ecadc529ef210N.exe
Size

1.2MB
MD5

1ccd642776b2194bab6ecadc529ef210
SHA1

aae4440e7e981f56eba0d1ab89adaa7519a1cad7
SHA256

62c687f799b53c4e1570bd7c6829aae20cf36a5f863c1f2b3ea7be9a48ebf484
SHA512

930e50c7a7b282bcfe1203fbd24dd1e9c7925bcab53c622f2710a7fe0d5b42af3441282a36b194d400b40fc0f603d7fd259208c3a3fec0fd2cb374019e7921bd
SSDEEP

24576:CGne32ZEIOLMCldIgbDsqjnhMgeiCl7G0nehbGZpbD:8GZizdIgbHDmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ccd642776b2194bab6ecadc529ef210N.exe

Files

1ccd642776b2194bab6ecadc529ef210N.exe
.exe windows:6 windows x64 arch:x64

fc5175d5fb7babac96aa09ff83a51a07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ehRecvr.pdb

Imports

advapi32

RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegDeleteKeyW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
CreateServiceW
ChangeServiceConfig2W
ControlService
DeleteService
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AddAccessAllowedAce
AddAce
GetAce
GetAclInformation
InitializeAcl
GetLengthSid
IsValidSid
LookupAccountNameW
CreateWellKnownSid
RegGetValueW
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
RegEnumValueW
RegEnumKeyW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
SetSecurityDescriptorGroup
GetTokenInformation
CopySid
LookupAccountSidW
SetSecurityDescriptorOwner
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetSecurityDescriptorDacl
OpenProcessToken

kernel32

LoadLibraryW
GetModuleHandleW
lstrcmpiW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
GetProcAddress
InitializeCriticalSection
SetEvent
Sleep
GetProfileIntW
SetPriorityClass
GetCurrentProcess
CreateEventW
ResetEvent
HeapSetInformation
GetCommandLineW
GetTempPathW
OutputDebugStringA
MoveFileExW
EnterCriticalSection
LeaveCriticalSection
GetTickCount
GetTickCount64
GetCurrentThreadId
QueueUserAPC
GetCurrentThread
SleepEx
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
DuplicateHandle
CreateThread
CreateWaitableTimerW
CancelWaitableTimer
CreateDirectoryW
SetWaitableTimer
WaitForSingleObject
GetExitCodeThread
K32GetModuleBaseNameW
GetCurrentProcessId
HeapReAlloc
OutputDebugStringW
WaitForMultipleObjects
ExitThread
GetFileAttributesW
SetFileAttributesW
OpenThread
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
WaitForMultipleObjectsEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SetThreadExecutionState
GetLocalTime
lstrlenA
GetLastError
lstrlenW
FreeLibrary
RaiseException
DeleteCriticalSection
GetProcessHeap
HeapFree
HeapAlloc
CloseHandle
GetVersionExA
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
EncodeSystemPointer
DecodeSystemPointer

user32

TranslateMessage
PostThreadMessageW
SetTimer
KillTimer
UnregisterDeviceNotification
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
RegisterDeviceNotificationW
CharNextW
LoadStringW
UnregisterClassA

msvcrt

_resetstkoflw
_purecall
_onexit
_wfopen
_wcsnicmp
_ui64tow
wcscat_s
memcpy_s
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
calloc
_initterm
_wcmdln
exit
_cexit
_exit
_XcptFilter
__wgetmainargs
__CxxFrameHandler3
_callnewh
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
__C_specific_handler
memset
_localtime64
wcsftime
_time64
wcscspn
_wcsicmp
realloc
_errno
??1type_info@@UEAA@XZ
memcpy
fputws
_amsg_exit
fflush
wcstok_s
??0exception@@QEAA@XZ
memmove_s
free
malloc
wcsncpy_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
wcsstr
_itow_s
wcsncmp
swprintf_s
_vsnwprintf
wcschr
fclose
iswalpha
wcscpy_s
floor

ole32

CoTaskMemFree
CoRevertToSelf
CoImpersonateClient
CoFreeUnusedLibrariesEx
CLSIDFromString
CoWaitForMultipleHandles
StringFromCLSID
CoCreateGuid
CoDisconnectObject
CoInitialize
CoRevokeClassObject
CoRegisterClassObject
CoUninitialize
CoInitializeEx
CoSuspendClassObjects
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeSecurity

oleaut32

SysAllocStringByteLen
VarUI4FromStr
SysStringLen
SysAllocString
VariantInit
VariantClear
SysAllocStringLen
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayCreate
DispCallFunc
SafeArrayRedim
VarBstrCat
SysFreeString
SysStringByteLen
VarBstrCmp
SafeArrayDestroy

shlwapi

PathFileExistsW

version

GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeW

ehtrace

ehTraceEvent
ehRegisterTraceGUIDs
ehFreeEventBuffer
ehUnregisterTraceGUIDs
ehAllocateEventBuffer

shell32

SHGetKnownFolderPath
SHCreateDirectoryExW

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

slc

SLGetWindowsInformationDWORD

Exports

Exports

CETWProvider_Initialize
CETWProvider_TraceCriticalCall
CETWProvider_TraceEHomeEvent
CETWProvider_TraceErrorEvent
CETWProvider_TraceErrorLevel
CETWProvider_TraceEventID
CETWProvider_TraceInfo
CETWProvider_TracePerfMarkerEnd
CETWProvider_TracePerfMarkerStart
CETWProvider_TraceTextLevel
CETWProvider_TraceVideoSize
CETWProvider_Uninitialize

Sections

.text
Size: 326KB - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 323KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fc5175d5fb7babac96aa09ff83a51a07

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

ole32

oleaut32

shlwapi

version

ehtrace

shell32

ntdll

slc

Exports

Exports

Sections

.text Size: 326KB - Virtual size: 325KB

.rdata Size: 323KB - Virtual size: 322KB

.data Size: 4KB - Virtual size: 5KB

.pdata Size: 19KB - Virtual size: 18KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 326KB - Virtual size: 325KB

.rdata
Size: 323KB - Virtual size: 322KB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 19KB - Virtual size: 18KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 568KB - Virtual size: 572KB