262ce7f42fbea88af7d2f0a26ddf5f20N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

262ce7f42fbea88af7d2f0a26ddf5f20N.exe
Size

172KB
MD5

262ce7f42fbea88af7d2f0a26ddf5f20
SHA1

7ed1362a9dccccd17a46c4c0c5274875b2084faa
SHA256

a9f1e2db92e43b30828012477e51d8717c0132d36641b207a879573bfad4490c
SHA512

c80bd24137cd24e881796882c0d0263df83fe4fc4711bd1674481361bd80e908f07d4fcbf6f357aa3fb181c7ab7621e038bbf8ed871e119d9d5ab447834a63ba
SSDEEP

3072:AMZGiOiOEtScGOKQQ62LJTis2VAa/Kx3dqalYh:LFYaqi0aaNqaCh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
262ce7f42fbea88af7d2f0a26ddf5f20N.exe

Files

262ce7f42fbea88af7d2f0a26ddf5f20N.exe
.exe windows:6 windows x86 arch:x86

f30a12e2d62e7744a8fa88ece4714d0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Devel\n-Track_EX\VSTSCAN\Release\vstscan.pdb

Imports

kernel32

GetModuleFileNameA
GetModuleHandleA
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
CreateFileA
GetFileSizeEx
ReadFile
SetFilePointerEx
OutputDebugStringA
CloseHandle
GetSystemTime
GetDateFormatA
GetTimeFormatA
GetVersionExA
GetCurrentProcess
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
WideCharToMultiByte
MultiByteToWideChar
WriteFile
FoldStringW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
TerminateProcess

user32

CharLowerA
CharUpperA
CharLowerW
CharUpperW

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

ole32

OleInitialize
CoCreateInstance
CoCreateGuid

msvcp140

??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPBD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ

vcruntime140

memset
__std_type_info_destroy_list
_except_handler4_common
memcpy
strstr
_CxxThrowException
__current_exception_context
memchr
__current_exception
__std_terminate
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
_purecall
wcsrchr
strrchr
memmove

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
free
realloc
malloc

api-ms-win-crt-string-l1-1-0

isalpha
strncmp
_wcsnicmp
_strnicmp
_wcsicmp
strncpy
toupper
isalnum
isspace
isdigit
_stricmp
iswalnum
iswalpha
iswdigit
iswspace

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
ungetc
setvbuf
_fseeki64
fsetpos
__stdio_common_vsprintf
fgetpos
fgetc
_set_fmode
fflush
_get_stream_buffer_pointers
__stdio_common_vfprintf
__acrt_iob_func
__stdio_common_vsscanf
__stdio_common_vswscanf
__p__commode
fwrite
ftell
fseek
fread
fopen
__stdio_common_vsprintf_s
fclose
fputc

api-ms-win-crt-runtime-l1-1-0

_c_exit
_fpreset
_register_thread_local_exe_atexit_callback
__p___argc
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_invalid_parameter_noinfo_noreturn
_set_app_type
_seh_filter_exe
_controlfp_s
_cexit
__p___argv
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f30a12e2d62e7744a8fa88ece4714d0c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 121KB - Virtual size: 120KB

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 512B - Virtual size: 248B

.text
Size: 121KB - Virtual size: 120KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 248B