32bf1f70d92613ae7fbd6cae2b145a20N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

32bf1f70d92613ae7fbd6cae2b145a20N.exe
Size

67KB
MD5

32bf1f70d92613ae7fbd6cae2b145a20
SHA1

6ec4fd58b9bc6f69f58efba42c1aa68a5e25d122
SHA256

411238f54d3ab90746f0a325dd27e69408399cd29c18c1ab5dcdec33139fe34a
SHA512

f3e57c806ecfdc3b06b3bfa25fa90bb1737a2ae1461ab17499e2d39b8044a074862033884f973cdde8bce9d1bde095b54cfb58300efc3b631085773b50e0db00
SSDEEP

1536:JbpeLe06eX3gZELNyT1QgFaURLa6KgqZx21:JbpeLepeX3ge5yT1QgFDA6KgqZu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32bf1f70d92613ae7fbd6cae2b145a20N.exe

Files

32bf1f70d92613ae7fbd6cae2b145a20N.exe
.sys windows:6 windows x86 arch:x86

46ae9c0afff5cb23be4fbab8cdc42f2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

p:\src\3\360qpesv\objfre_win7_x86\i386\360qpesv.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
ExGetPreviousMode
IofCallDriver
ObfDereferenceObject
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoGetDeviceObjectPointer
SeReleaseSubjectContext
SeTokenIsAdmin
SeCaptureSubjectContext
PsGetCurrentProcessId
ExAllocatePoolWithTag
ExFreePoolWithTag
IoCreateSymbolicLink
IoCreateDevice
RtlGetVersion
memset
memcpy
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
ZwClose
ZwQueryInformationFile
ZwOpenFile
ZwReadFile
wcsstr
towlower
strstr
tolower
IoDeleteSymbolicLink
ZwQuerySystemInformation
RtlImageDirectoryEntryToData
MmIsAddressValid
MmGetSystemRoutineAddress
ObReferenceObjectByName
IoDriverObjectType
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
IoUnregisterShutdownNotification
IoEnumerateDeviceObjectList
ZwMapViewOfSection
ZwCreateSection
IoCreateFile
ZwUnmapViewOfSection
ZwQueryValueKey
ExAllocatePool
ZwQueryKey
RtlCompareMemory
ZwCreateFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
strrchr
RtlFreeUnicodeString
NtClose
RtlCopyUnicodeString
_vsnwprintf
ZwFlushKey
_wcsnicmp
strncmp
KeSetEvent
KeWaitForSingleObject
KeTickCount
KeBugCheckEx
RtlUnwind
IoDeleteDevice
IofCompleteRequest
ObReferenceObjectByHandle
ObOpenObjectByName
ProbeForRead
MmUserProbeAddress
ZwDuplicateObject
ZwOpenProcess
ZwOpenKey
ExAllocatePoolWithQuotaTag
ProbeForWrite
SeDeleteObjectAuditAlarm
RtlCompareUnicodeString
ObQueryNameString
_stricmp

hal

KeReleaseQueuedSpinLock
KeAcquireQueuedSpinLock

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46ae9c0afff5cb23be4fbab8cdc42f2c

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 3KB - Virtual size: 5KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 992B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 3KB - Virtual size: 5KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 3KB - Virtual size: 3KB