1981cdd4ddcd89d57388595de8d8c7c0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1981cdd4ddcd89d57388595de8d8c7c0N.exe
Size

28KB
MD5

1981cdd4ddcd89d57388595de8d8c7c0
SHA1

b5926f14d593e71679b4a31d51110b55c4e1887b
SHA256

ff94ec8de8e404b8e0152181e913c941815a9880b9303655461ca05e2909a086
SHA512

3a206e1f355141583a78822a878274453479e12dfc83c93015ac77897ac52045f553c0a5d5218e1df659a9d8529a63dc8474d7aa905f1bf363327de5c1ebb6ec
SSDEEP

384:WuEp6c/Ci3eiyemCI7hs5mB74VgfmjGgl2lMm+bh3UYbL6r4DxtmXnWOTst0Yvrb:WnaBjC4xsgez5Xh31bmsjgsKP4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1981cdd4ddcd89d57388595de8d8c7c0N.exe

Files

1981cdd4ddcd89d57388595de8d8c7c0N.exe
.dll windows:5 windows x86 arch:x86

384f74b0aff817ba94c17c8b0ddf05d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

utildll.pdb

Imports

msvcrt

wcsstr
wcscmp
_wcsicmp
wcsrchr
wcscat
strncpy
strstr
_initterm
_adjust_fdiv
free
wcscpy
malloc
_snwprintf
_wcslwr
fprintf
_iob
wcsncpy
_wcsnicmp
_except_handler3
wcslen

ntdll

RtlEnterCriticalSection
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlExtendedLargeIntegerDivide
RtlAllocateAndInitializeSid
RtlFreeSid
NtQueryVolumeInformationFile

winsta

WinStationQueryInformationW

kernel32

DisableThreadLibraryCalls
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LocalFree
lstrcatW
FreeLibrary
LocalAlloc
FormatMessageW
GetModuleHandleW
LoadLibraryW
lstrlenW
SetLastError
lstrcpyW
lstrcmpiW
SetDefaultCommConfigW
CommConfigDialogW
GetDefaultCommConfigW
CloseHandle
CreateFileW
MultiByteToWideChar
GetLastError
GetTimeFormatW
GlobalFree
GlobalAlloc
GetDateFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLocalTime
WideCharToMultiByte
SystemTimeToFileTime
QueryDosDeviceW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime

advapi32

GetLengthSid
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExA
RegOpenKeyExA
LookupAccountSidW
CheckTokenMembership
LsaFreeMemory
RegEnumValueW
LsaOpenPolicy
LsaQueryInformationPolicy
LsaClose
RegCloseKey

user32

LoadStringW
wsprintfW
SetCursor
LoadCursorW
MessageBoxW
wvsprintfW
LoadStringA

tapi32

lineGetDevCapsA
lineInitializeExA
lineNegotiateAPIVersion
lineShutdown

setupapi

SetupDiCreateDeviceInfoList
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsW

shlwapi

wnsprintfW

netapi32

NetGetAnyDCName
NetLocalGroupGetMembers
NetApiBufferFree
NetServerGetInfo
NetServerEnum

Exports

Exports

AsyncDeviceEnumerate
CachedGetUserFromSid
CalculateDiffTime
CalculateElapsedTime
CompareElapsedTime
ConfigureModem
CtxGetAnyDCName
CurrentDateTimeString
DateTimeString
ElapsedTimeString
EnumerateMultiUserServers
FormDecoratedAsyncDeviceName
GetAssociatedPortName
GetSystemMessageA
GetSystemMessageW
GetUnknownString
GetUserFromSid
HaveAnonymousUsersChanged
InitializeAnonymousUserCompareList
InstallModem
IsPartOfDomain
NetBIOSDeviceEnumerate
NetworkDeviceEnumerate
ParseDecoratedAsyncDeviceName
QueryCurrentWinStation
RegGetNetworkDeviceName
RegGetNetworkServiceName
SetupAsyncCdConfig
StandardErrorMessage
StrAsyncConnectState
StrConnectState
StrProcessState
StrSdClass
StrSystemWaitReason
TestUserForAdmin
WinEnumerateDevices

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

384f74b0aff817ba94c17c8b0ddf05d3

Headers

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

winsta

kernel32

advapi32

user32

tapi32

setupapi

shlwapi

netapi32

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 19KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 19KB - Virtual size: 19KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 1KB - Virtual size: 1KB