125368feaae97084d5e5eaffacbbe950N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

125368feaae97084d5e5eaffacbbe950N.exe
Size

196KB
MD5

125368feaae97084d5e5eaffacbbe950
SHA1

9d29b4e02bef0f9685a958c91ad2a1f0706aee97
SHA256

088c951db9c29ce5d9d1f544129e0ea8c91a8b8aadb89a6c9bd4903111e45719
SHA512

351776334cb9da41c6372f59ffe56942c599549aa39efc39cb96518eff70ed51360961f04acb8156231c3fc971ad028c649e97abb6432fcda452e84edbc3648d
SSDEEP

3072:L+S/JEZq2K2upzRDpkWr4jPoRbSQPwqIN0YCmoWOihpcQcIkXBJi7cuQ:5y0l2ulnkWrmgZWWihpcHi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
125368feaae97084d5e5eaffacbbe950N.exe

Files

125368feaae97084d5e5eaffacbbe950N.exe
.dll windows:10 windows x86 arch:x86

adfa4ceb475544ed7a3c0fb8598bd5ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

olesvr32.pdb

Imports

msvcrt

_vsnwprintf
??3@YAXPAX@Z
_purecall
_errno
wcsncmp
memcpy
memcmp
memmove
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
_initterm
malloc
free
_amsg_exit
_XcptFilter
memset

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
lstrcmpA
GetCurrentThreadId
VirtualQuery
SetThreadStackGuarantee
GetSystemInfo
VirtualAlloc
VirtualProtect
IsDebuggerPresent
IsWow64Process
DebugBreak
GetModuleHandleW
GetProcessHeap
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
GetProcAddress
HeapAlloc
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitOnceComplete
GetCurrentThread
CloseThreadpoolTimer
OutputDebugStringW
ReleaseSRWLockExclusive
lstrcmpiA
GlobalSize
GlobalGetAtomNameA
GlobalUnlock
GlobalFindAtomA
GlobalLock
GlobalFree
GlobalAlloc
GlobalAddAtomA
Sleep
GetLastError
FormatMessageW
ReleaseMutex
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
LeaveCriticalSection
GlobalDeleteAtom
LocalUnlock
LocalFree
LocalAlloc
LocalLock
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
GetModuleFileNameA
InitOnceBeginInitialize
CreateSemaphoreExW
HeapFree
SetLastError

advapi32

SetThreadToken
RegOpenKeyExA
EventUnregister
OpenThreadToken
OpenProcessToken
RegOpenUserClassesRoot
EventSetInformation
EventRegister
RegQueryValueExA
EventWriteTransfer
RegCloseKey

user32

GetParent
GetWindowLongA
SetTimer
PostMessageA
UnpackDDElParam
PackDDElParam
SendMessageA
CreateWindowExA
DefWindowProcA
EnumPropsA
SetWindowLongA
IsWindow
RegisterClassA
RegisterClipboardFormatA
GetWindowThreadProcessId
SetPropA
GetClassNameA
KillTimer
GetDesktopWindow
RemovePropA
GetPropA
SetWindowWord
EnumChildWindows
FreeDDElParam
DestroyWindow
GetWindow

gdi32

CopyMetaFileA
CreateBitmap
GetBitmapBits
DeleteEnhMetaFile
DeleteObject
DeleteMetaFile
GetObjectA
SetBitmapBits
CopyEnhMetaFileA

ntdll

EtwTraceMessage

Exports

Exports

DeleteClientInfo
DocWndProc
EnumForTerminate
FindItemWnd
ItemCallBack
ItemWndProc
OleBlockServer
OleQueryServerVersion
OleRegisterServer
OleRegisterServerDoc
OleRenameServerDoc
OleRevertServerDoc
OleRevokeObject
OleRevokeServer
OleRevokeServerDoc
OleSavedServerDoc
OleUnblockServer
SendDataMsg
SendRenameMsg
SrvrWndProc
TerminateClients
TerminateDocClients
WEP

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

adfa4ceb475544ed7a3c0fb8598bd5ce

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

user32

gdi32

ntdll

Exports

Exports

Sections

.text Size: 46KB - Virtual size: 45KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 143KB - Virtual size: 142KB

.text
Size: 46KB - Virtual size: 45KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 143KB - Virtual size: 142KB