65477955eaf9d9aff5a1d197b1e3dd90N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

65477955eaf9d9aff5a1d197b1e3dd90N.exe
Size

1.7MB
MD5

65477955eaf9d9aff5a1d197b1e3dd90
SHA1

6867af1408740827104f85b367fae05a476ba5f6
SHA256

aeccc35caf289fa8195b0789336cfc4412235b19a3535dd168a685f9e93d5e72
SHA512

c9804b95cee944c05ba3d5c7c65e31d852913448a14b0c8d1c4ecccb911ac1b33d03e4f3df1180b1a25bd3184e78a4c75cebf6d03ec258630d6e6bf6d4bdffb2
SSDEEP

49152:34L9I40Lb+327yIilaHVJvyQUCrUzCMKs/kQ/qoLEw:Yt0LaeszHqo4w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
65477955eaf9d9aff5a1d197b1e3dd90N.exe

Files

65477955eaf9d9aff5a1d197b1e3dd90N.exe
.exe windows:10 windows x64 arch:x64

6a840264af48ca7007fb34628adce302

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WMPNetwk.pdb

Imports

advapi32

EventRegister
EventUnregister
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
EventWrite
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegCloseKey
CreateServiceW
RegOpenKeyExW
ChangeServiceConfig2W
QueryServiceStatusEx
ControlService
DeleteService
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
CopySid
GetLengthSid
IsValidSid
InitializeAcl
AddAce
GetAclInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorControl
MakeAbsoluteSD
InitializeSecurityDescriptor
GetNamedSecurityInfoW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegNotifyChangeKeyValue
ConvertStringSidToSidW
RegCreateKeyExW
RegSetKeySecurity
RegEnumKeyExW
RegGetValueW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
SetEntriesInAclW
ConvertSidToStringSidW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
LsaOpenPolicy
LsaLookupNames2
LsaFreeMemory
LsaClose
SetSecurityDescriptorControl
GetAce
EqualSid
StartServiceW
ChangeServiceConfigW
SetSecurityInfo
LookupAccountSidW
GetSecurityInfo

kernel32

EnterCriticalSection
LeaveCriticalSection
GetProcessHeap
HeapFree
IsDebuggerPresent
CompareStringOrdinal
SetProcessWorkingSetSize
ResetEvent
IsWow64Process
lstrcmpW
GetModuleFileNameW
DeleteTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueue
ChangeTimerQueueTimer
CreateTimerQueueTimer
FindResourceW
CompareStringA
GetFullPathNameW
MultiByteToWideChar
MulDiv
RegisterWaitForSingleObject
UnregisterWaitEx
FormatMessageW
CreateThread
WaitForMultipleObjects
GetStringTypeExW
IsProcessorFeaturePresent
lstrcmpiW
GetComputerNameW
GetDynamicTimeZoneInformation
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesExW
TzSpecificLocalTimeToSystemTime
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
WideCharToMultiByte
LocalAlloc
GetVersionExW
GetCurrentProcess
GetTempPathW
LocalFree
PowerClearRequest
RaiseException
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
HeapSetInformation
SizeofResource
GetProcessMitigationPolicy
GetModuleHandleExW
GetVersionExA
LoadLibraryExW
FreeLibrary
GetProcAddress
LoadLibraryW
RegQueryInfoKeyW
RegGetKeySecurity
OutputDebugStringA
GetModuleHandleW
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
PowerSetRequest
GetTickCount64
WaitForSingleObject
CreateEventW
GetTickCount
Sleep
PowerCreateRequest
SetLastError
FindResourceExW
LockResource
LoadResource
ResolveDelayLoadedAPI
DelayLoadFailureHook
GetLastError
SetEvent
OpenEventW
GetProductInfo
CompareStringW

msvcrt

??1type_info@@UEAA@XZ
realloc
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
_initterm
wcsrchr
strchr
__setusermatherr
memcmp
_i64tow_s
_ltow_s
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memcpy
_ui64tow_s
iswalpha
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
floor
ceil
memmove
_callnewh
memset
_time64
strncpy_s
strcpy_s
wcschr
_strlwr_s
strncmp
_ultoa_s
_ultow_s
_wtol
_wtoi
_wcsicmp
_vsnwprintf
swscanf
wcsstr
wcstol
_wcslwr_s
_wcsnicmp
wcsncmp
iswdigit
towupper
_wcstoui64
wcstoul
_errno
_purecall
qsort_s
calloc
bsearch
malloc
wcscpy_s
free
_wputenv
memmove_s
memcpy_s
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler3
??3@YAXPEAX@Z
_CxxThrowException
wcscmp

user32

RegisterPowerSettingNotification
wvsprintfW
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
CharUpperW
CharUpperBuffW
wvsprintfA
UnregisterClassA
UnregisterPowerSettingNotification

oleaut32

VariantClear
LoadRegTypeLi
SafeArrayCreate
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
SysAllocString
SysAllocStringLen
SafeArrayCopy
SysStringLen
SafeArrayDestroy
SysFreeString
VarBstrCmp
VariantChangeTypeEx
VariantInit
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayUnlock
SafeArrayPtrOfIndex
SafeArrayLock
SetErrorInfo
CreateErrorInfo

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
IIDFromString
CoSetProxyBlanket
CoCreateGuid
StringFromGUID2
CLSIDFromProgID
CoTaskMemAlloc
CoUnmarshalInterface
CoReleaseMarshalData
CoMarshalInterface
CreateStreamOnHGlobal
PropVariantClear
CoInitializeSecurity
CoInitializeEx

wsock32

WSAGetLastError
inet_addr
ntohs
htons

shell32

SHCreateItemFromParsingName
SHGetKnownFolderPath
SHCreateItemWithParent

iphlpapi

GetAdaptersAddresses
GetBestInterfaceEx
ResolveIpNetEntry2
NotifyIpInterfaceChange
GetIpNetEntry2
CancelIPChangeNotify
NotifyAddrChange
CancelMibChangeNotify2
SendARP
GetIpForwardTable
GetIpAddrTable

shlwapi

PathRemoveExtensionW
ord219
ord437
ord168
PathFindFileNameW
PathFindExtensionW
PathCreateFromUrlW
StrChrW

ntdll

RtlNtStatusToDosError
RtlInitUnicodeString
RtlInitString
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlFreeUnicodeString
NtAllocateLocallyUniqueId
RtlIpv4StringToAddressExW

userenv

UnregisterGPNotification
RegisterGPNotification

netapi32

NetApiBufferFree
NetGetJoinInformation
NetShareGetInfo

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsW

propsys

PSGetPropertyDescriptionByName
InitPropVariantFromCLSID
PSGetPropertyKeyFromName
PropVariantToString
PropVariantToStringAlloc

gdi32

DeleteObject

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 846KB - Virtual size: 845KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6a840264af48ca7007fb34628adce302

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

user32

oleaut32

ole32

wsock32

shell32

iphlpapi

shlwapi

ntdll

userenv

netapi32

wtsapi32

propsys

gdi32

api-ms-win-core-apiquery-l1-1-0

Sections

.text Size: 846KB - Virtual size: 845KB

.rdata Size: 194KB - Virtual size: 193KB

.data Size: 14KB - Virtual size: 23KB

.pdata Size: 23KB - Virtual size: 22KB

.didat Size: 512B - Virtual size: 368B

.rsrc Size: 73KB - Virtual size: 73KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 846KB - Virtual size: 845KB

.rdata
Size: 194KB - Virtual size: 193KB

.data
Size: 14KB - Virtual size: 23KB

.pdata
Size: 23KB - Virtual size: 22KB

.didat
Size: 512B - Virtual size: 368B

.rsrc
Size: 73KB - Virtual size: 73KB

.reloc
Size: 572KB - Virtual size: 576KB