21e6c0968c1ddfffad76c95b33e2f080N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

21e6c0968c1ddfffad76c95b33e2f080N.exe
Size

493KB
MD5

21e6c0968c1ddfffad76c95b33e2f080
SHA1

d310d8c2cc2b1795b5af767143f78840490b0216
SHA256

b12f35a779e97760005b1fccfcc8e0d911b24c6593fc11b45c88e0c10877d93e
SHA512

be86527a3eb78b6d9ef1f9ed86f29fc27dc77764e04dbc5537e17df91349c29029d30097ed6b3f50261c496855c60b9c9c21581dc7713265cf8e3e6f78710378
SSDEEP

12288:ULsAr1N5OPoi8EfBiibFQc1LHp8pGGQBQX+aMt0LKrPVw+Xk1QdV1w7:asAlOPoQ5zbpwQBQX+3pw+Xk1QzO7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21e6c0968c1ddfffad76c95b33e2f080N.exe

Files

21e6c0968c1ddfffad76c95b33e2f080N.exe
.exe windows:6 windows x86 arch:x86

900625b976b0fdc6d115cf3f616a4d1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sst\proj\motherlode\mc3\develop\Src\Release\DADispatcherService.pdb

Imports

advapi32

DeregisterEventSource
RegCloseKey
ReportEventA
RegSetValueExA
RegisterEventSourceA
RegCreateKeyA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA

ws2_32

getnameinfo
getservbyname
gethostbyaddr
gethostbyname
shutdown
inet_addr
getaddrinfo
freeaddrinfo
recvfrom
sendto
WSASend
bind
WSAIoctl
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
accept
listen
ioctlsocket
gethostname
htonl
ntohl
socket
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup
closesocket
send
select
WSASetLastError
recv

wldap32

ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord211
ord46
ord143
ord301

normaliz

IdnToAscii

kernel32

GetTickCount64
IsDebuggerPresent
InitializeSListHead
GetModuleHandleW
CreateEventW
GetComputerNameA
GetModuleFileNameA
GlobalFree
GlobalAlloc
TerminateProcess
GetCurrentThreadId
QueryPerformanceCounter
GetSystemTimeAsFileTime
CreateEventA
CreateSemaphoreA
TlsFree
TlsGetValue
GetCurrentProcessId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
ResetEvent
TlsAlloc
GetCurrentThread
GetFileAttributesW
GetCurrentDirectoryW
FileTimeToSystemTime
CreateFileW
GetFileTime
CloseHandle
lstrlenW
lstrcmpiW
GetTempPathW
GetLastError
SetFileAttributesW
SetLastError
LocalFree
FindFirstFileW
lstrcmpW
FindNextFileW
IsProcessorFeaturePresent
DeleteFileW
GetDiskFreeSpaceExW
GetFileSizeEx
VerSetConditionMask
FreeLibrary
GetProcAddress
LoadLibraryA
VerifyVersionInfoA
FindClose
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
Sleep
SleepEx
FormatMessageA
WaitForSingleObjectEx
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
MultiByteToWideChar
WideCharToMultiByte
GetACP
TryEnterCriticalSection
TlsSetValue
GetCurrentProcess
ReleaseSemaphore
InitializeCriticalSection
CreateMutexA
WaitForSingleObject
ReleaseMutex
SetEvent

shell32

SHCreateDirectoryExW
SHGetFolderLocation
SHGetFolderPathW
SHGetPathFromIDListW

ole32

CoTaskMemFree

msvcp140

?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_W@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AA_K@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
?_Xbad_function_call@std@@YAXXZ
?_Incref@facet@locale@std@@UAEXXZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
??1_Locinfo@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
_Wcsxfrm
_Wcscoll
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?id@?$collate@_W@std@@2V0locale@2@A
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?tolower@?$ctype@_W@std@@QBEPB_WPA_WPB_W@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?widen@?$ctype@_W@std@@QBE_WD@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_BADOFF@std@@3_JB
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?uncaught_exception@std@@YA_NXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z

shlwapi

PathAppendW
PathFindExtensionW
PathCanonicalizeW
PathIsRelativeW
PathFileExistsW
PathRemoveFileSpecW
PathFindFileNameW

vcruntime140

_purecall
strstr
strrchr
memcpy
memset
strchr
memmove
__std_exception_copy
__std_exception_destroy
__std_terminate
__CxxFrameHandler3
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__vcrt_InitializeCriticalSectionEx
_CxxThrowException
_except_handler4_common
memchr

api-ms-win-crt-runtime-l1-1-0

_errno
_invalid_parameter_noinfo
_exit
__p___argc
_initialize_onexit_table
_register_onexit_function
__p___wargv
abort
strerror_s
_crt_atexit
_c_exit
_cexit
_seh_filter_exe
_set_app_type
_register_thread_local_exe_atexit_callback
_controlfp_s
terminate
strerror
__sys_nerr
_beginthreadex
_configure_wide_argv
_initialize_wide_environment
_getpid
_get_initial_wide_environment
_initterm
exit
_invalid_parameter_noinfo_noreturn
_initterm_e

api-ms-win-crt-string-l1-1-0

strncpy
_stricmp
towlower
strncat
isgraph
isprint
islower
isupper
towupper
isalnum
_strdup
isspace
isdigit
_strnicmp
strpbrk
isxdigit
isalpha
tolower
wcstok_s
wcscat_s
strncmp
wcscpy_s
iswalpha

api-ms-win-crt-time-l1-1-0

_ftime64_s
_localtime64_s
_gmtime64
_time64
_mktime64

api-ms-win-crt-heap-l1-1-0

malloc
calloc
free
_set_new_mode
realloc
_callnewh

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfwprintf
_lseeki64
__stdio_common_vsprintf
_read
_write
_open
_close
fseek
fread
__stdio_common_vsscanf
_set_fmode
fputs
fopen
fgets
fclose
_get_stream_buffer_pointers
fwrite
fgetpos
_fseeki64
fsetpos
setvbuf
fflush
__stdio_common_vfprintf
__acrt_iob_func
ungetwc
ungetc
fputwc
fputc
fgetwc
fgetc
__p__commode

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_unlock_file
_lock_file
_stat64

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

strtol
atoi
strtoll
strtoul

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

__setusermatherr
_except1

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 322KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 81KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

900625b976b0fdc6d115cf3f616a4d1c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

ws2_32

wldap32

normaliz

kernel32

shell32

ole32

msvcp140

shlwapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 322KB - Virtual size: 321KB

.rdata Size: 70KB - Virtual size: 70KB

.data Size: 3KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 81KB - Virtual size: 84KB

.text
Size: 322KB - Virtual size: 321KB

.rdata
Size: 70KB - Virtual size: 70KB

.data
Size: 3KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 81KB - Virtual size: 84KB