3297e53097cf5cfc304822b80460ec30N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

3297e53097cf5cfc304822b80460ec30N.exe
Size

1.3MB
MD5

3297e53097cf5cfc304822b80460ec30
SHA1

bab7e52c768928f7b3d579c4e86a934112915213
SHA256

1ac1a909bc057481a44b00dc8a202ca3738f5678004533cb41ac83ff1cf12a31
SHA512

a8f8887de903f5b6bbca6b0c65dfc2d4b2a3048e5b9e290e08dfc8c0b2d0888332603ee5d6d5cc8c6b00646d708e125362cd822cca3d4fe9fd58856cd8019694
SSDEEP

24576:D4oTPkCgwCbae/Fk6OvgcBe+bKCdqbSXyeQg7FAZjxiz7bOlt:MoTcwSFkeiluWXygahxiz7bu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3297e53097cf5cfc304822b80460ec30N.exe

Files

3297e53097cf5cfc304822b80460ec30N.exe
.exe windows:4 windows x86 arch:x86

58bf17dce8ec446d2eda40e985282a1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

t:\cag\x86\ship\0\mstordb.pdb

Imports

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
_crt_debugger_hook
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
fopen_s
fwprintf_s
fclose
vsprintf_s
vswprintf_s
wcsncpy_s
_beginthreadex
_wtol
_resetstkoflw
wcscpy_s
swscanf_s
_wcsdup
_setjmp3
longjmp
wcsstr
strncmp
_wsplitpath_s
_wcsnicmp
_CIsqrt
realloc
_vsnwprintf
_wtoi64
_wtoi
wcstod
_wcsicmp
_recalloc
wcstoul
wcsncmp
memmove
_CIpow
strtod
__iob_func
fprintf
fread
fflush
fwrite
strncpy
abort
sprintf
_CxxThrowException
memmove_s
free
malloc
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_invalid_parameter_noinfo
memcpy_s
wcsrchr
wcschr
memset
__CxxFrameHandler3
calloc
memcpy

msvcp80

?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?_Xlen@_String_base@std@@SAXXZ
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHIIPB_W@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W0@Z
?_Copy_s@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPA_WIII@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IABV12@@Z
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IPB_W@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHIIABV12@II@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHIIABV12@@Z
?_Xran@_String_base@std@@SAXXZ
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHABV12@@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

kernel32

lstrcmpiW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
GetTempPathA
GetTempFileNameA
CreateProcessA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualProtect
LoadLibraryA
FormatMessageA
LocalFree
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
LockFile
LockFileEx
UnlockFileEx
UnlockFile
GetFileInformationByHandle
SetEndOfFile
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
FreeLibrary
ExitProcess
GetCommandLineW
GetCurrentThreadId
Sleep
CreateThread
RaiseException
WaitForSingleObject
SetEvent
CreateEventW
CompareStringW
FlushFileBuffers
GetDiskFreeSpaceExW
GlobalAlloc
GlobalFree
LocalAlloc
MultiByteToWideChar
SystemTimeToFileTime
HeapCreate
HeapAlloc
HeapReAlloc
GetProcessHeap
HeapFree
WriteFile
GetTempPathW
GetTempFileNameW
GlobalLock
GlobalUnlock
MoveFileW
DeleteFileW
SetFilePointer
ReadFile
CloseHandle
GetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
lstrlenA
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
GetUserDefaultLCID
LCMapStringW
GetLastError

user32

UnregisterClassA
MessageBoxA
ReleaseDC
GetDC
GetDesktopWindow
LoadImageW
FindWindowA
LoadStringW
PostThreadMessageW
CharNextW
DispatchMessageW
GetMessageW
SetTimer

advapi32

RegQueryValueExW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateGuid
StringFromGUID2
CreateStreamOnHGlobal
CoUninitialize
CoInitializeEx
CoRevokeClassObject
CoRegisterClassObject
CoCreateInstance
CoTaskMemFree
CLSIDFromString

gdi32

GetDIBits
GetObjectW
DeleteObject

oleaut32

VarUI4FromStr
SafeArrayDestroy
VarBstrCmp
VariantCopy
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
VariantInit
SysAllocStringLen
SysStringLen
SysFreeString

wininet

InternetGetConnectedState
InternetErrorDlg
HttpQueryInfoW
InternetOpenUrlW
InternetCloseHandle
InternetOpenW

Sections

.text
Size: 713KB - Virtual size: 712KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 612KB - Virtual size: 616KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

58bf17dce8ec446d2eda40e985282a1c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr80

msvcp80

kernel32

user32

advapi32

ole32

gdi32

oleaut32

wininet

Sections

.text Size: 713KB - Virtual size: 712KB

.data Size: 34KB - Virtual size: 40KB

.rsrc Size: 13KB - Virtual size: 13KB

.reloc Size: 612KB - Virtual size: 616KB

.text
Size: 713KB - Virtual size: 712KB

.data
Size: 34KB - Virtual size: 40KB

.rsrc
Size: 13KB - Virtual size: 13KB

.reloc
Size: 612KB - Virtual size: 616KB