d813d8baa556e129d5ea98857f6e2680N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

d813d8baa556e129d5ea98857f6e2680N.exe
Size

1.8MB
MD5

d813d8baa556e129d5ea98857f6e2680
SHA1

0072501799c009bae79aecd0f1cc4492e58ae8a3
SHA256

653c52a9fc89bc86bf1b6f3001dffa2bcfd38884dd981d93515ffcfc9a0d4a6d
SHA512

d65ca6f0ce923ac9adae3ac2fb01e586b8c001b73a9a888815336f0cda19b8207f0c7f6ee3171eda546daa6f4bacaea6d8778952f3cb75d38fabf0134be7baf9
SSDEEP

49152:Fp9pEpzmpD9pLG3puoupF4xpR9iK2ajVmM2ox1yk:Fp9pEpKpD9pLspuvpexpnj2a32onyk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d813d8baa556e129d5ea98857f6e2680N.exe

Files

d813d8baa556e129d5ea98857f6e2680N.exe
.exe windows:4 windows x86 arch:x86

41a2af92d6e4ee7b245c8671219d254f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetCloseEnum

kernel32

GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameW
GetProcessHeap
GetStartupInfoW
GetTempPathW
GetUserDefaultLangID
GetVersionExA
GetVersionExW
HeapAlloc
HeapFree
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchangeAdd
InterlockedIncrement
IsProcessorFeaturePresent
LoadLibraryExW
LoadLibraryW
LoadResource
LocalFree
lstrcmpiA
lstrcmpiW
lstrlenW
MultiByteToWideChar
OpenMutexW
OpenProcess
OutputDebugStringW
RaiseException
SetLastError
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
VirtualAlloc
VirtualFree
WaitForSingleObject
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetExitCodeProcess
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
HeapReAlloc
GetOEMCP
GetACP
GetCPInfo
WriteFile
HeapCreate
HeapDestroy
GetEnvironmentVariableA
TlsGetValue
TlsAlloc
TlsSetValue
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
ExitProcess
GetVersion
GetStartupInfoA
GetModuleHandleA
RtlUnwind
GetCurrentDirectoryW
FreeLibrary
FlushInstructionCache
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
DeleteCriticalSection
CreateProcessW
CreateMutexW
CreateDirectoryW
CloseHandle
GetCommandLineA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
LoadLibraryA
GetModuleHandleW
GetProcAddress
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter

user32

TranslateAcceleratorW
TranslateMessage
UnionRect
UnregisterClassA
UpdateWindow
wsprintfW
ShowScrollBar
SetWindowTextW
SetWindowRgn
SetWindowPos
SetWindowLongW
SetTimer
SetPropW
SetMenuItemInfoW
SetMenuDefaultItem
SetFocus
SetCursor
SetClassLongW
TrackPopupMenuEx
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
RegisterClassExW
AdjustWindowRectEx
AppendMenuW
BeginPaint
CallWindowProcW
CharNextW
PtInRect
PostQuitMessage
PostMessageW
PeekMessageW
MoveWindow
MessageBoxW
MessageBeep
LoadStringW
LoadStringA
LoadMenuW
SystemParametersInfoW
SendMessageW
ShowWindow
LoadImageW
LoadCursorW
LoadAcceleratorsW
KillTimer
IsWindowVisible
InvalidateRect
GetWindowTextW
GetWindowTextLengthW
GetWindowRect
GetWindowLongW
GetSystemMetrics
GetPropW
GetParent
GetMessageW
GetMenuItemInfoW
GetMenuItemCount
GetMenu
GetDlgItem
GetDC
GetClientRect
GetClassInfoExW
GetActiveWindow
FillRect
EndPaint
EndDialog
EnableWindow
DrawTextW
DispatchMessageW
DialogBoxParamW
DestroyWindow
DestroyMenu
DefWindowProcW
CreateWindowExW
CreatePopupMenu
CreateDialogParamW
CopyRect
ClientToScreen
CheckMenuRadioItem
MapWindowPoints

gdi32

SelectObject
SetBkColor
SetBkMode
Rectangle
SetViewportOrgEx
MoveToEx
LineTo
GetTextExtentPoint32W
GetStockObject
GetDeviceCaps
ExtTextOutW
DeleteObject
CreateSolidBrush
CreateRoundRectRgn
SetTextColor
CreatePen
DeleteDC

winspool.drv

DocumentPropertiesW
OpenPrinterW
EnumPrintersW
ClosePrinter

advapi32

RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExA
RegCloseKey
RegSetValueExW

shell32

CommandLineToArgvW
ShellExecuteExW

Sections

.text
Size: 756KB - Virtual size: 752KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pump9
Size: 926KB - Virtual size: 928KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

41a2af92d6e4ee7b245c8671219d254f

Headers

File Characteristics

Imports

mpr

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

Sections

.text Size: 756KB - Virtual size: 752KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 12KB - Virtual size: 21KB

.rsrc Size: 152KB - Virtual size: 152KB

.pump9 Size: 926KB - Virtual size: 928KB

.text
Size: 756KB - Virtual size: 752KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 12KB - Virtual size: 21KB

.rsrc
Size: 152KB - Virtual size: 152KB

.pump9
Size: 926KB - Virtual size: 928KB