af43877f159c5be298ed1db912c06680N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

af43877f159c5be298ed1db912c06680N.exe
Size

480KB
MD5

af43877f159c5be298ed1db912c06680
SHA1

28f9efd630a0140524c076938782513562ca0b58
SHA256

7fa52bb578179cac2fa86558e1deee3df3a2e3f2357e20a62f79eddd89aed830
SHA512

a1181b0939417732425bd8ab1dc27a31c5a564d7b10f999760fc74ebb7c48caf1ff884c5e714b22b74733e9f2f019e75271f920256ac6d22831040f65520a98c
SSDEEP

6144:Dn5w5svOpPVNEc7qvIe3Wt3SuF993h36WLZFHfl9:D5yZpP7mvIe3LM9CWNRfl9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af43877f159c5be298ed1db912c06680N.exe

Files

af43877f159c5be298ed1db912c06680N.exe
.exe windows:6 windows x86 arch:x86

afeb478e1c57ba16cc9beaacb6c8ff25

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\masnakano\Documents\Visual Studio 2013\Projects\FAccLogServer 1.78s FP102ULTベース\Release\FAccLogUltimate.pdb

Imports

kernel32

WideCharToMultiByte
Sleep
CreateEventA
GetFileAttributesA
LeaveCriticalSection
CreateProcessA
FileTimeToSystemTime
ReadFile
GetSystemDirectoryA
GetOverlappedResult
FlushFileBuffers
GetFileSizeEx
FindFirstFileA
GetLastError
SetLastError
EnterCriticalSection
FindClose
GetPrivateProfileStringA
GetLocalTime
WritePrivateProfileStringA
CreatePipe
GetModuleFileNameA
GetCurrentDirectoryA
CompareStringA
GetFileTime
DeleteCriticalSection
WinExec
CloseHandle
FileTimeToLocalFileTime
DeleteFileA
CreateThread
SetEnvironmentVariableA
CreateFileW
ReadConsoleW
GetPrivateProfileIntA
WriteConsoleW
SetStdHandle
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapReAlloc
HeapSize
OutputDebugStringW
SetFilePointerEx
WriteFile
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentThread
RaiseException
RtlUnwind
GetFileType
GetExitCodeProcess
GetConsoleMode
GetConsoleCP
GetProcessHeap
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LoadLibraryExW
FreeLibrary
SetConsoleCtrlHandler
GetModuleFileNameW
GetFileAttributesExW
InitializeCriticalSection
GetWindowsDirectoryA
GetFileAttributesExA
GetStdHandle
CreateSemaphoreW
GetModuleHandleW
GetTickCount
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
CreateEventW
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetEndOfFile
FatalAppExitA
GetTimeZoneInformation
GetCommandLineA
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcess
DuplicateHandle
HeapAlloc
HeapFree
MultiByteToWideChar
WaitForSingleObject
MoveFileExA
AreFileApisANSI
GetProcAddress
GetModuleHandleExW
ExitProcess
DecodePointer
EncodePointer
PeekNamedPipe
lstrlenA
SetFilePointer
lstrcmpA
GetFileSize
FreeEnvironmentStringsW
CreateFileA

user32

SetMenuItemInfoA
EnableWindow
UpdateWindow
LoadImageA
GetDlgItemTextA
PostMessageA
ShowWindow
GetMenuItemInfoA
GetCursorPos
SetWindowPos
DefWindowProcA
EndDialog
DialogBoxParamA
MoveWindow
SetWindowTextA
SetDlgItemTextA
LoadCursorA
SetTimer
RegisterClassExA
PostQuitMessage
SendDlgItemMessageA
TrackPopupMenu
IsIconic
KillTimer
GetSubMenu
SetForegroundWindow
LoadStringA
LoadMenuA
LoadIconA
GetClientRect
SetFocus
SendMessageA
RegisterWindowMessageA
GetMenu
MessageBoxA
CharUpperBuffA
CreateWindowExA
EnableMenuItem
GetDlgItem

gdi32

GetStockObject

comdlg32

GetOpenFileNameA

shell32

Shell_NotifyIconA
SHGetPathFromIDListA
ShellExecuteA
SHBrowseForFolderA

ole32

CoTaskMemFree

ws2_32

WSAGetLastError
WSASocketA
gethostbyname
gethostbyaddr
closesocket
bind
WSACleanup
shutdown
htons
inet_addr
WSAStartup
inet_ntoa
WSAIoctl

netapi32

NetSessionEnum
NetFileEnum
NetApiBufferFree
NetShareEnum

comctl32

ord17

imagehlp

MakeSureDirectoryPathExists

shlwapi

PathRemoveFileSpecA
PathRemoveExtensionA
PathFindExtensionA
PathFileExistsA
PathMatchSpecA
PathIsDirectoryA

rpcrt4

UuidCreate

falwpcapcon

FalWPcapConOpen
FalWPcapFilterSet
FalWPcapBufferSet
FalWPcapConClose
FalWPcapConRecv
FalWPcapConEnumAdapter

Sections

.text
Size: 346KB - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

afeb478e1c57ba16cc9beaacb6c8ff25

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

shell32

ole32

ws2_32

netapi32

comctl32

imagehlp

shlwapi

rpcrt4

falwpcapcon

Sections

.text Size: 346KB - Virtual size: 346KB

.rdata Size: 74KB - Virtual size: 73KB

.data Size: 22KB - Virtual size: 231KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 25KB - Virtual size: 24KB

.text
Size: 346KB - Virtual size: 346KB

.rdata
Size: 74KB - Virtual size: 73KB

.data
Size: 22KB - Virtual size: 231KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 25KB - Virtual size: 24KB