1771ae2a9625af76386b346e2da84300N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1771ae2a9625af76386b346e2da84300N.exe
Size

40KB
MD5

1771ae2a9625af76386b346e2da84300
SHA1

9031fb50b26b3f5fd3b32916ee1383cf733e4d26
SHA256

a5d453d4a88f8193c06141ee2e39779587691cbef54b13e5deebe43126766d88
SHA512

3517e6f869783c89854fae535ec24dd9d8ab37eefba35c687b9030a60e4af5f1d574bc3c1027ec5d0a8937b44404d5088e7bc09b9bf8f25f1e0c2c6e81ce739e
SSDEEP

768:W9Mquv32xA9D7pKs6FP94AY8QWLGGR0OJgterRmyeNRrbezmHK:UMzv3Z/0sOuAY8XrWtepeNRr2m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1771ae2a9625af76386b346e2da84300N.exe

Files

1771ae2a9625af76386b346e2da84300N.exe
.dll windows:6 windows x86 arch:x86

a981a22bcfcdcefd27db1be36d1accb8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\SOFTBASE\CEF\xFrame5Browser_x86\build\third_party\cef\cef_binary_79.1.29+ga5bf6d5+chromium-79.0.3945.117_windows32\tests\cefclient\Release\XPlusBrowserUdpComm.pdb

Imports

mfc140u

ord9139
ord11726
ord11725
ord5652
ord10288
ord10284
ord10286
ord10287
ord10285
ord14785
ord2761
ord8210
ord3302
ord3305
ord13756
ord6220
ord2439
ord7653
ord995
ord1472
ord7997
ord2303
ord6860
ord10250
ord5763
ord12928
ord12219
ord12251
ord10433
ord8217
ord4589
ord12247
ord12239
ord5918
ord3852
ord6349
ord14668
ord6350
ord14669
ord6348
ord14667
ord8000
ord12531
ord14466
ord11983
ord1770
ord2034
ord7941
ord12947
ord4090
ord4152
ord9398
ord14595
ord7922
ord14589
ord12542
ord12541
ord2486
ord5357
ord8324
ord12865
ord8386
ord8470
ord324
ord1052
ord963
ord1440
ord2897
ord2508
ord2563
ord3144
ord6940
ord13113
ord12488
ord11198
ord6828
ord1726
ord12487
ord13098
ord11310
ord11031
ord8890
ord9269
ord9172
ord3017
ord12490
ord13115
ord10751
ord12252
ord1756
ord12089
ord4936
ord5003
ord4948
ord4966
ord4960
ord4954
ord5013
ord4997
ord4942
ord5019
ord4974
ord4912
ord4927
ord4988
ord4502
ord9693
ord4494
ord3055
ord14590
ord7923
ord14596
ord6877
ord11717
ord13703
ord5935
ord2682
ord12124
ord3941
ord3372
ord3371
ord3265
ord12168
ord5249
ord5549
ord5760
ord9350
ord5525
ord5790
ord5252
ord5411
ord5228
ord6129
ord7722
ord7723
ord7712
ord5409
ord8219
ord10255
ord9209
ord6865
ord12693
ord8507
ord1703
ord1657
ord1511
ord12597
ord6177
ord1184
ord553
ord1476
ord1002
ord8757
ord5586
ord5583
ord4735
ord4715
ord1144
ord503
ord290
ord3849
ord3838
ord11936
ord14588
ord8965
ord12220
ord6978
ord11002
ord9256
ord3266
ord13878
ord12262
ord12258
ord286
ord4815
ord1045
ord296
ord5109
ord2385
ord2389
ord1525
ord1722
ord1777
ord1744
ord266
ord265
ord11982
ord1514
ord325
ord1053
ord2365
ord2246
ord2408
ord2411
ord2376
ord2410
ord485
ord2268
ord2374
ord2184
ord2300
ord2399
ord1513

kernel32

GetSystemTimeAsFileTime
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
FormatMessageW
GetLastError
GetModuleFileNameW
GetLocalTime
EnterCriticalSection
LeaveCriticalSection
CreateDirectoryW
DeleteFileW
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
GetProcAddress
LocalAlloc
LocalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
CloseHandle
CreateEventW
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
OutputDebugStringW
GetCurrentThreadId

user32

EnableWindow
PostMessageW
IsWindow

ole32

CoCreateGuid

ws2_32

WSAGetLastError
WSAStartup
inet_ntoa
gethostbyname
gethostname
socket
setsockopt

vcruntime140

__std_type_info_destroy_list
_except_handler4_common
memset
wcsstr
__std_terminate
__CxxFrameHandler3
memcpy

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s
__stdio_common_vfwprintf
fflush
_wfopen_s
fwrite
fclose

api-ms-win-crt-string-l1-1-0

wcsncmp
wcsncpy_s
wcscpy_s

api-ms-win-crt-time-l1-1-0

_localtime64_s
wcsftime
_time64

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-heap-l1-1-0

malloc
free

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_execute_onexit_table
_crt_atexit
_initialize_narrow_environment
_cexit
_initterm
_initterm_e
_configure_narrow_argv
_seh_filter_dll
_initialize_onexit_table

Exports

Exports

xuc_CloseSocket
xuc_Destroy
xuc_GetData
xuc_GetPortNo
xuc_InitXPlusUdpComm
xuc_OpenSocket
xuc_SendData
xuc_SetLogFlag
xuc_SetUtf8Flag

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a981a22bcfcdcefd27db1be36d1accb8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc140u

kernel32

user32

ole32

ws2_32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB