0a870e3235fe528ee9256e38df47e3e0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

0a870e3235fe528ee9256e38df47e3e0N.exe
Size

3.7MB
MD5

0a870e3235fe528ee9256e38df47e3e0
SHA1

f1fecea4571de019885316e3fde7517697da1ea6
SHA256

653c7b69b9786c7b660caf54a720ad5c8248d0ce00968b545aa29f511d455cd8
SHA512

4b4373c1cec41578238c41988406cd1c289942f4f1d829bffc974a078d0e22d5b98e8a937b33f72e172227358774b73cbfe5242174d47c1a8214086a92231b8d
SSDEEP

49152:Hyv+ibLAUBkrKfjSccsmhI/ztLppP21KYpqGIHinp3PPfqWf40DeTKHrQCBuYUbN:HygUGrqNztL/P28Yci3SWfReT2uH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a870e3235fe528ee9256e38df47e3e0N.exe

Files

0a870e3235fe528ee9256e38df47e3e0N.exe
.dll windows:6 windows x86 arch:x86

36000368c31936c75090b7cb76d5f52b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

H:\NSP\Loader_cmd_batch\Release_DBGServer\LoaderDll.pdb

Imports

kernel32

LocalFree
WritePrivateProfileStringA
GetModuleHandleExA
OutputDebugStringW
FlushFileBuffers
GetModuleHandleA
GetModuleHandleW
CreateProcessW
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
CreateToolhelp32Snapshot
WideCharToMultiByte
lstrcmpiW
Process32NextW
OpenEventA
CreateThread
LocalAlloc
MultiByteToWideChar
WriteFile
CreateFileA
FreeLibrary
GetProcAddress
LoadLibraryA
K32EnumProcesses
QueryFullProcessImageNameA
OpenProcess
GetCurrentProcess
TerminateProcess
FindResourceA
LoadResource
SizeofResource
LockResource
GetCurrentThreadId
DeleteCriticalSection
TerminateThread
WaitForMultipleObjects
SetEvent
WaitForSingleObject
ResetEvent
CreateEventW
InitializeCriticalSection
CloseHandle
GetLastError
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
GetFileAttributesA
Sleep
GlobalUnlock
GlobalLock
WriteConsoleW
SetEndOfFile
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
Process32FirstW
GlobalAlloc
GetACP
IsValidCodePage
FindFirstFileExW
GetFileAttributesExW
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
HeapSize
GetTimeZoneInformation
HeapReAlloc
MoveFileExW
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapFree
GetConsoleCP
ExitProcess
SetConsoleCtrlHandler
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
LoadLibraryExW
GetModuleFileNameW
FormatMessageW
TryEnterCriticalSection
EncodePointer
DecodePointer
RaiseException
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
QueryPerformanceCounter
QueryPerformanceFrequency
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
GetThreadTimes
SleepEx
ExpandEnvironmentStringsA
GetFileType
GetStdHandle
ReadFile
PeekNamedPipe
FormatMessageA
VerSetConditionMask
GetSystemDirectoryA
VerifyVersionInfoA
GetModuleHandleExW
GetEnvironmentVariableW
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
InterlockedExchangeAdd
InterlockedCompareExchange
GetVersion
CreateFiber
DeleteFiber
SwitchToFiber
GetCurrentProcessId
ConvertThreadToFiber
ConvertFiberToThread
LoadLibraryW
FindClose
FindFirstFileW
FindNextFileW
GetSystemTime
SystemTimeToFileTime
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
FreeLibraryAndExitThread

user32

MessageBoxW
GetProcessWindowStation
TranslateAcceleratorW
GetMessageW
GetUserObjectInformationW
DispatchMessageW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
MessageBoxA
FindWindowW
GetWindowThreadProcessId
wsprintfW
DefWindowProcW
BeginPaint
EndPaint
PostQuitMessage
LoadCursorW
RegisterClassExW
CreateWindowExW
ShowWindow
UpdateWindow
SetTimer
TranslateMessage

advapi32

CryptDestroyKey
CryptAcquireContextA
CryptReleaseContext
CryptSignHashW
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
CryptGenRandom
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptDestroyHash
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptEnumProvidersW

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
SHCreateDirectoryExA

oleaut32

BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
BSTR_UserSize
SysStringLen
SysAllocString

iphlpapi

GetAdaptersInfo

ws2_32

WSACloseEvent
closesocket
WSACleanup
inet_pton
htons
WSAStartup
WSASocketW
setsockopt
bind
listen
WSACreateEvent
__WSAFDIsSet
WSASetLastError
recv
send
connect
getpeername
getsockname
getsockopt
ntohs
socket
WSAIoctl
getaddrinfo
freeaddrinfo
accept
recvfrom
sendto
ioctlsocket
gethostname
getnameinfo
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAAccept
WSARecv
WSASend
WSAGetLastError
select
shutdown

wldap32

ord301
ord46
ord211
ord60
ord50
ord41
ord200
ord26
ord27
ord32
ord33
ord30
ord35
ord22
ord79
ord143

shlwapi

PathStripPathA
PathFileExistsA
PathFileExistsW
PathRemoveFileSpecA

rpcrt4

RpcServerRegisterIf
RpcServerListen
NdrServerCall2
RpcServerUseProtseqEpA

crypt32

CertGetCertificateContextProperty
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext

Exports

Exports

Start

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 629KB - Virtual size: 629KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 784KB - Virtual size: 784KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36000368c31936c75090b7cb76d5f52b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

oleaut32

iphlpapi

ws2_32

wldap32

shlwapi

rpcrt4

crypt32

Exports

Exports

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 629KB - Virtual size: 629KB

.data Size: 40KB - Virtual size: 60KB

.rsrc Size: 784KB - Virtual size: 784KB

.reloc Size: 107KB - Virtual size: 106KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 629KB - Virtual size: 629KB

.data
Size: 40KB - Virtual size: 60KB

.rsrc
Size: 784KB - Virtual size: 784KB

.reloc
Size: 107KB - Virtual size: 106KB