1725960b297c0f63e22116b59ef82318[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

1725960b297c0f63e22116b59ef82318.exe
Size

2.0MB
MD5

1725960b297c0f63e22116b59ef82318
SHA1

e396260d65d63a5301f0d27880c0c2975d86ef57
SHA256

6ed72781933541771e93ebdc6aea9871416217713697b71dc3c0efa25b963931
SHA512

543691eb4f0fddf55e8d71a01c9228a5402df4a0f4290a889e8f96695c6263a4fb6ee4023b1fc8a24dbe1a2322a6aabb31cf925797731a8f16093a61fe83c5e2
SSDEEP

49152:R4ksnJqb9zj/ytT0AuPFRlPTKP/hgryw:R4roxz2tYAuPxbgh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1725960b297c0f63e22116b59ef82318.exe

Files

1725960b297c0f63e22116b59ef82318.exe
.exe windows:6 windows x86 arch:x86

fcf05964f585bd4c971e654ece5696f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\WORK\BSD2\dropper\Release\DROPPER2.pdb

Imports

kernel32

Sleep
MoveFileExA
WaitForSingleObjectEx
CompareFileTime
GetSystemTimeAsFileTime
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
VerSetConditionMask
VerifyVersionInfoA
GetEnvironmentVariableW
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
GetModuleHandleW
SwitchToFiber
DeleteFiber
CreateFiber
GetCurrentProcessId
GlobalMemoryStatus
ConvertFiberToThread
ConvertThreadToFiber
GetSystemTime
SystemTimeToFileTime
FindFirstFileW
LoadLibraryW
LoadLibraryA
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualProtect
GetTickCount
GetVersionExW
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
GetProcAddress
GetModuleHandleA
FreeLibrary
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
FormatMessageW
SetLastError
GetCurrentThreadId
FindClose
FindNextFileA
GetDriveTypeA
FindFirstFileA
SignalObjectAndWait
SetEvent
CreateTimerQueue
DecodePointer
WriteConsoleW
HeapSize
GetTimeZoneInformation
DeleteFileW
GetStringTypeW
VirtualAlloc
QueryPerformanceCounter
GetProcessHeap
SetEnvironmentVariableW
GetLogicalDrives
CloseHandle
WriteFile
GetLastError
WideCharToMultiByte
UnregisterWaitEx
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetFullPathNameW
GetCurrentDirectoryW
SetEndOfFile
SetStdHandle
GetFileAttributesExW
FlushFileBuffers
GetFileSizeEx
HeapReAlloc
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
GetConsoleCP
GetModuleFileNameW
ExitProcess
SetConsoleCtrlHandler
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
LoadLibraryExW
EncodePointer
InterlockedFlushSList
InterlockedPushEntrySList
RaiseException
RtlUnwind
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
TryEnterCriticalSection
DuplicateHandle
SwitchToThread
GetCurrentThread
InitializeCriticalSectionAndSpinCount
CreateEventW

user32

GetClientRect
TranslateMessage
PostMessageA
PostQuitMessage
UpdateWindow
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
GetWindowThreadProcessId
AttachThreadInput
GetForegroundWindow
DefWindowProcA
RegisterClassA
ShowWindow
GetSystemMetrics
LoadCursorA
DispatchMessageA
GetMessageA
InvalidateRect
GetMonitorInfoA
EnumDisplayMonitors
BringWindowToTop
CreateWindowExA

advapi32

CryptSignHashW
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptGenRandom
CryptEnumProvidersW
DeregisterEventSource
CryptDestroyHash
CryptCreateHash

shell32

ShellExecuteA

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

shlwapi

ord12
PathFindExtensionA

dwrite

DWriteCreateFactory

d2d1

ord1

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA
CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty

ws2_32

WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
WSAWaitForMultipleEvents
closesocket
WSAGetLastError
recv
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSAIoctl
WSAStartup
WSACleanup
__WSAFDIsSet
select
accept
htonl
listen
getaddrinfo
freeaddrinfo
recvfrom
sendto
ioctlsocket
gethostname
getnameinfo
shutdown
bind
WSASetLastError

wldap32

ord211
ord60
ord50
ord46
ord217
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord301
ord79
ord30
ord200
ord143

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 410KB - Virtual size: 410KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fcf05964f585bd4c971e654ece5696f8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

dwrite

d2d1

crypt32

ws2_32

wldap32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 410KB - Virtual size: 410KB

.data Size: 39KB - Virtual size: 71KB

.rsrc Size: 134KB - Virtual size: 133KB

.reloc Size: 67KB - Virtual size: 67KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 410KB - Virtual size: 410KB

.data
Size: 39KB - Virtual size: 71KB

.rsrc
Size: 134KB - Virtual size: 133KB

.reloc
Size: 67KB - Virtual size: 67KB