65d3799373b07a91a34afaba03e21870N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

65d3799373b07a91a34afaba03e21870N.exe
Size

3.9MB
MD5

65d3799373b07a91a34afaba03e21870
SHA1

689cd5598e57482fe065be6310bbf8fe945bd469
SHA256

d794fab3fdac5b64b6d6c410ca2b53260e212b1a3a8675b31bb43f9a297bf95b
SHA512

64915e80d17cfb336c243f05854216e974042552c3d1198a083fe1a58b3c8ad01947694c2684777f36a396bb5fd3a7c4a955dfc31b1e2a801ce91515236533a2
SSDEEP

49152:QzABo7h1wxnxRZV+3IPNY93kuJb2EzgAuyRYfR9D6Et:Q0y7IxnxRhPNEkF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
65d3799373b07a91a34afaba03e21870N.exe

Files

65d3799373b07a91a34afaba03e21870N.exe
.exe windows:4 windows x86 arch:x86

6b5506f42dbf6f1abd03f3bc468f66be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dsound

ord1

kernel32

DeleteFileA
GetModuleHandleA
InitializeCriticalSection
Module32Next
ReadFile
CreateFileA
FindFirstFileA
CloseHandle
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
GetFileSize
GetSystemDirectoryA
FindNextFileA
FindClose
GetComputerNameA
WriteFile
SetFilePointer
GetLocalTime
SuspendThread
ResumeThread
GetCurrentThreadId
CreateDirectoryA
CopyFileA
DeleteCriticalSection
TerminateThread
GetExitCodeThread
WaitForSingleObject
SetThreadPriority
_lwrite
_lclose
_lcreat
CompareFileTime
GlobalFree
GlobalAlloc
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
IsDBCSLeadByte
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
TerminateProcess
LocalFree
LocalAlloc
InterlockedIncrement
InterlockedDecrement
GetProcAddress
GetLastError
LoadLibraryA
OutputDebugStringA
GetModuleFileNameA
GetCurrentProcess
SetUnhandledExceptionFilter
SetEnvironmentVariableA
VirtualQuery
GetSystemInfo
VirtualProtect
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
GetFileType
GetStdHandle
SetHandleCount
HeapSize
TlsAlloc
TlsGetValue
TlsSetValue
SetLastError
TlsFree
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwind
HeapAlloc
RaiseException
HeapFree
ExitProcess
lstrcmpA
lstrcpyA
lstrcatA
CreateThread
GetCurrentThread
GetTickCount
Sleep
EnterCriticalSection
LeaveCriticalSection
ExitThread
lstrlenA
lstrcmpiA
CompareStringW
CompareStringA
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange
SetEndOfFile
CreateEventA
SetEvent
ResetEvent
GetSystemDefaultLangID
FreeLibrary

user32

CallWindowProcA
DrawTextA
wsprintfA
CharLowerA
SetPropA
RemovePropA
SetRectEmpty
SendMessageA
GetPropA
PostMessageA
DefWindowProcA
PostQuitMessage
SetFocus
GetForegroundWindow
ReleaseDC
LoadBitmapA
GetDC
DispatchMessageA
TranslateMessage
PeekMessageA
SetForegroundWindow
SetWindowPos
SetTimer
SetWindowLongA
GetWindowRect
GetDesktopWindow
ShowCursor
UpdateWindow
ShowWindow
CreateWindowExA
RegisterClassA
SetWindowTextA
LoadCursorA
LoadIconA
GetClassNameA
EnumWindows
FindWindowA
OffsetRect
ClientToScreen
CopyRect
GetClassInfoA
UnregisterClassA
GetSystemMetrics
GetClientRect
GetWindowTextA
MessageBoxA
GetKeyState

gdi32

GetTextExtentPoint32A
GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
TextOutA
DeleteObject
CreateFontA
SelectObject
SetTextColor
GetDIBits
GetObjectA
CreateDCA
BitBlt
SetBkMode

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA

shell32

ShellExecuteA

ole32

CoCreateInstance
CoUninitialize
CLSIDFromString
CoInitialize

oleaut32

VariantInit
VariantClear
SysAllocString

ddraw

DirectDrawCreate

winmm

mixerSetControlDetails
timeEndPeriod
timeKillEvent
timeSetEvent
timeBeginPeriod
mmioClose
mmioAscend
mmioRead
mmioDescend
mmioOpenA
mmioSeek
mmioSetInfo
mmioAdvance
mmioGetInfo
mixerClose
mixerOpen
mixerGetDevCapsA
mixerGetControlDetailsA
mixerGetLineControlsA
mixerGetLineInfoA
timeGetTime

shlwapi

PathFileExistsA

wininet

HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetQueryDataAvailable

imm32

ImmSetConversionStatus
ImmGetContext
ImmSetOpenStatus

wsock32

setsockopt
accept
WSACleanup
select
inet_addr
closesocket
WSAGetLastError
recv
inet_ntoa
htons
send
WSAAsyncSelect
connect
ioctlsocket
socket
WSAStartup
getsockname
gethostbyname

Exports

Exports

SetExtChangeZip
UnZipData
UnZipDataToDirectory
UnZipDataToFile
UnZipFile
ZipData
ZipFile
_CloseD3d@0
_InitD3D@4
_smPlayD3D@24
fcEXP

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 62.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b5506f42dbf6f1abd03f3bc468f66be

Headers

File Characteristics

Imports

dsound

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ddraw

winmm

shlwapi

wininet

imm32

wsock32

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 220KB - Virtual size: 216KB

.data Size: 1.1MB - Virtual size: 62.3MB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 220KB - Virtual size: 216KB

.data
Size: 1.1MB - Virtual size: 62.3MB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB