23cd5b366cc70348e84b94e0b8f9d520N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

23cd5b366cc70348e84b94e0b8f9d520N.exe
Size

101KB
MD5

23cd5b366cc70348e84b94e0b8f9d520
SHA1

e7420953cb6eafaf39fb164b2e65c7acefb21af6
SHA256

7220d93e7feb065ce10f7bb498fdcfc881d02f4c898596ef9ba6138a389ac700
SHA512

29c6360b3dd155e8ffbe3b35ea808dcb1da53840b65f289bc0aae19de3c80f32be0332c1890ca3c33171caf6574191983b6c9877ffa20379a27b34961fd1e0ea
SSDEEP

3072:znlndwnJsq/E5wePjxskLnwIG1kTPMDCRemXuqL+OmOoF:znlndwnJsq/E5wePjykLnwIacMDCRemY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23cd5b366cc70348e84b94e0b8f9d520N.exe

Files

23cd5b366cc70348e84b94e0b8f9d520N.exe
.exe windows:4 windows x86 arch:x86

678052182df767e8112585e5809c7f34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

gdi32

GetStockObject

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCommandLineW
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

__getmainargs
__initenv
__p__acmdln
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_exit
_initterm
_iob
_ismbblead
_onexit
_snwprintf
abort
calloc
exit
fprintf
free
fwrite
iswctype
malloc
memcpy
memset
signal
strcmp
strlen
strncmp
vfprintf
wcschr
wcscmp
wcslen
wcsncpy

libwinpthread-1

pthread_attr_init
pthread_create
pthread_getclean

user32

CreateWindowExW
DefWindowProcW
DestroyWindow
LoadIconW
PostMessageW
RegisterClassW

libswipl

PL_action
PL_atom_chars
PL_atom_generator_w
PL_call_predicate
PL_cons_list
PL_copy_term_ref
PL_discard_foreign_frame
PL_domain_error
PL_exception
PL_get_arg_sz
PL_get_atom_ex
PL_get_bool_ex
PL_get_chars
PL_get_integer_ex
PL_get_list
PL_get_name_arity_sz
PL_get_nil_ex
PL_get_wchars
PL_halt
PL_handle_signals
PL_initialise
PL_is_functor
PL_malloc
PL_new_atom
PL_new_functor_sz
PL_new_module
PL_new_term_ref
PL_on_halt
PL_open_foreign_frame
PL_predicate
PL_prompt_next
PL_query
PL_realloc
PL_register_atom
PL_register_extensions_in_module
PL_register_foreign_in_module
PL_reset_term_refs
PL_set_prolog_flag
PL_thread_attach_engine
PL_thread_destroy_engine
PL_toplevel
PL_ttymode
PL_type_error
PL_unify
PL_unify_nil
PL_unify_stream
PL_unify_wchars
PL_unregister_atom
PL_w32thread_raise
PL_win_message_proc
PL_write_prompt
S__iob
Sclose
Sdprintf
Snew
Sset_exception
_PL_get_arg_sz
_PL_streams

plterm

getkey
rlc_add_history
rlc_close
rlc_color
rlc_complete_hook
rlc_create_console
rlc_for_history
rlc_get
rlc_hinstance
rlc_hwnd
rlc_init_history
rlc_insert_menu
rlc_insert_menu_item
rlc_interrupt_hook
rlc_main
rlc_menu_hook
rlc_message_hook
rlc_read
rlc_set
rlc_title
rlc_window_pos
rlc_write

Exports

Exports

PL_current_console
PL_set_menu_thread

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 412B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

678052182df767e8112585e5809c7f34

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

kernel32

msvcrt

libwinpthread-1

user32

libswipl

plterm

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 160B

.rdata Size: 3KB - Virtual size: 3KB

/4 Size: 4KB - Virtual size: 4KB

.bss Size: - Virtual size: 412B

.edata Size: 512B - Virtual size: 112B

.idata Size: 4KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 48B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 68KB - Virtual size: 68KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 160B

.rdata
Size: 3KB - Virtual size: 3KB

/4
Size: 4KB - Virtual size: 4KB

.bss
Size: - Virtual size: 412B

.edata
Size: 512B - Virtual size: 112B

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 48B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 68KB - Virtual size: 68KB

.reloc
Size: 1KB - Virtual size: 1KB