4a96efd6406543a044cfbd72cf7f1300N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4a96efd6406543a044cfbd72cf7f1300N.exe
Size

1.1MB
MD5

4a96efd6406543a044cfbd72cf7f1300
SHA1

66a3a0c6b49148a8a8f6d93240fbb79077f9df46
SHA256

149e5f9cae1deffd03fed1888f6936e2ee5a90c2562a169561a99a06f6d01fc0
SHA512

88c4ed53844e6271f311fcca311101bf9f21c13e12d85e864d95a9f6554cd29e246d99afd4ac5d5740b16b93284f7240523b1aceb40a3370514a9b9d69d9b5d0
SSDEEP

6144:YmwihUtq2WZTUVbaVfXKccMtAO9qUpuGViQid:YhihUFVbaVfXrXqU7iQid

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a96efd6406543a044cfbd72cf7f1300N.exe

Files

4a96efd6406543a044cfbd72cf7f1300N.exe
.exe windows:5 windows x86 arch:x86

09f49178b1a25c409e88defc8285590e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\nzx3r\Desktop\тут все\access\Release\access.pdb

Imports

kernel32

GlobalFree
CloseHandle
GlobalLock
CopyFileW
OpenMutexW
GlobalUnlock
HeapSize
WriteConsoleW
SetStdHandle
GlobalAlloc
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetLastError
CreateMutexW
GetModuleFileNameW
CreateDirectoryW
FindNextFileA
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetStdHandle
WriteFile
GetACP
HeapAlloc
HeapReAlloc
HeapFree
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
ReadConsoleW
SetFilePointerEx
FindClose
FindFirstFileExA
CreateFileW

user32

DefWindowProcW
SetClipboardViewer
CreateWindowExW
SendMessageW
OpenClipboard
DispatchMessageW
GetMessageW
CloseClipboard
EmptyClipboard
RegisterClassW
TranslateMessage
GetClipboardData
SetClipboardData
PostQuitMessage
ChangeClipboardChain

advapi32

RegSetValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetFolderPathW

Sections

.text
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09f49178b1a25c409e88defc8285590e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 178KB - Virtual size: 178KB

.rdata Size: 72KB - Virtual size: 72KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 92KB - Virtual size: 92KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 178KB - Virtual size: 178KB

.rdata
Size: 72KB - Virtual size: 72KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 92KB - Virtual size: 92KB

.reloc
Size: 10KB - Virtual size: 10KB