1da8ad8125a5f45b6a238c6129612a10N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1da8ad8125a5f45b6a238c6129612a10N.exe
Size

451KB
MD5

1da8ad8125a5f45b6a238c6129612a10
SHA1

d988ba713098104355c4c31c2064c0d92b5658a0
SHA256

ba3ddb8d886d7be83aeeeab2e0ae084a1c0002c87c6ff8829c012bde904ea1f7
SHA512

cfc781c0d11db0fad2cdf1e4bf852b751562d1b51daa58a70097812bfa4c33790fd66904824ea3f7a8e043041fc3516a2ed6c0b9c2302c07c66f6329d0194e57
SSDEEP

12288:gyJHEAjvA3zlsBmOHmYdYuw68YqA4TdDMw4:gkkSvnmOHzYuw6w1Mw4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1da8ad8125a5f45b6a238c6129612a10N.exe

Files

1da8ad8125a5f45b6a238c6129612a10N.exe
.dll windows:4 windows x86 arch:x86

f838add7042f145385b6fe38f9e49e3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

t:\oms\x86\ship\0\omsxp32.pdb

Imports

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__clean_type_info_names_internal
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
free
_vsnwprintf
towlower
_encoded_null
_malloc_crt
_encode_pointer
fopen_s
fwprintf_s
fclose
vsprintf_s
wcscpy_s
wcsrchr
_vscwprintf
vswprintf_s
_CxxThrowException
memmove
__CxxFrameHandler3
memset
memcpy

advapi32

RegQueryValueExA
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegCloseKey
RegOpenKeyExA

mapi32

ord19
ord36
ord42
ord60
ord61
ord137
ord183
ord13
ord15
ord135
ord17
ord75
ord140
ord11

kernel32

GetSystemDirectoryW
LoadLibraryExW
LoadLibraryA
LocalAlloc
GetFileAttributesW
GetUserDefaultLangID
GetModuleFileNameW
WriteFile
GetLocalTime
CreateDirectoryW
GetTempPathW
GetUserDefaultLCID
TlsAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
HeapAlloc
HeapFree
GetTempPathA
GetTempFileNameA
CreateProcessA
GetProcessHeap
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetTimeFormatW
GetDateFormatW
WideCharToMultiByte
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LocalFree
GetProcAddress
GetModuleHandleW
LoadLibraryW
FreeLibrary
CompareFileTime
SetThreadPriority
GetThreadPriority
GetCurrentThread
MulDiv
GetLastError
RaiseException
GetCurrentProcessId
TlsFree
TlsGetValue
TlsSetValue
Sleep
CloseHandle
GetCurrentThreadId
VirtualProtect
QueryPerformanceCounter
GetTickCount

ole32

CoCreateInstance
StringFromGUID2
CoFileTimeNow
CLSIDFromString
CoGetClassObject

user32

GetForegroundWindow
GetActiveWindow
CopyRect

crypt32

CryptProtectData
CryptUnprotectData

Exports

Exports

ABProviderInit
OMSAbpServiceEntry
OMSTpServiceEntry
XPProviderInit

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 277KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f838add7042f145385b6fe38f9e49e3b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr80

advapi32

mapi32

kernel32

ole32

user32

crypt32

Exports

Exports

Sections

.text Size: 166KB - Virtual size: 165KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 277KB - Virtual size: 280KB

.text
Size: 166KB - Virtual size: 165KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 277KB - Virtual size: 280KB