42f1f12db2a67129411fd58f9caaed80N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

42f1f12db2a67129411fd58f9caaed80N.exe
Size

1.2MB
MD5

42f1f12db2a67129411fd58f9caaed80
SHA1

6c6b0f537eedac2feb77437b2594dbb33ce2dff2
SHA256

1af58de7032506924a40b946766a07c14a43a759b525469e6ffd67bfa7763f0d
SHA512

a3091628a72466e694e248c8d8ec7e2cd3f1cf617245e61a7c724b0473cf3079daca45ba9ec3cfeec07f92a95ea29836d9b8d861fa13d442907c2cee0eea00dd
SSDEEP

24576:gtn5P9Ae+ZRnvhnhnYcQcQxO4dYPiBszGKCGOyqKgON5n+PKSy3CHiP0+LX1LOJ1:8n5P9AewRnZnhnYQyO4dYPiBszGKCGOd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42f1f12db2a67129411fd58f9caaed80N.exe

Files

42f1f12db2a67129411fd58f9caaed80N.exe
.exe windows:5 windows x64 arch:x64

ac25b4820efdbb303a89ed268547fd11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ws2_32

select
WSAEventSelect
WSAEnumNetworkEvents
WSACleanup
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyaddr
gethostbyname
gethostname
getpeername
getprotobyname
getprotobynumber
getservbyname
getservbyport
getsockname
getsockopt
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohs
recvfrom
sendto
setsockopt
shutdown
socket
send
recv
WSAGetLastError

shell32

CommandLineToArgvW

msvcr90

_fstat64
_gmtime64
_localtime64
_mktime64
_mkdir
_environ
strerror
realloc
_stat64
isprint
setlocale
_isnan
atoi
_finite
strtod
frexp
ldexp
modf
_stat64i32
rename
getenv
clock
signal
_findclose
_findnext64i32
_findfirst64i32
sscanf
_execv
__getmainargs
__C_specific_handler
_XcptFilter
_exit
_cexit
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
_encode_pointer
__set_app_type
__crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_utime64
_flushall
system
_errno
_time64
longjmp
_access
_chdir
_chmod
_close
_dup2
_get_osfhandle
_getcwd
_lseeki64
_open
_open_osfhandle
_read
_setjmp
_setmode
_unlink
_write
acos
asin
atan
atan2
ceil
cos
cosh
exp
floor
fmod
log
log10
pow
sin
sinh
sqrt
tan
tanh
_wstat64
wprintf
memmove
memset
memcmp
free
sprintf
_putenv_s
malloc
strcmp
bsearch
strlen
memcpy
__iob_func
fflush
exit
fprintf
printf
_rmdir
_putenv
_execvp
_execve
calloc
_amsg_exit

kernel32

CreateMutexA
ResetEvent
SignalObjectAndWait
SetFilePointer
GetTickCount
GetCurrentThreadId
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
SetConsoleCtrlHandler
SearchPathA
GetModuleHandleA
UnlockFileEx
LockFileEx
CreatePipe
MoveFileA
MoveFileExA
GetFileType
GetConsoleMode
PeekNamedPipe
WaitForMultipleObjects
PeekConsoleInputA
ReadConsoleInputA
GetProcessTimes
CreateProcessA
CreateFileA
FindNextFileA
FindFirstFileA
SetHandleInformation
GetExitCodeProcess
CreateEventA
WaitForSingleObject
SetEvent
TryEnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
TlsSetValue
Sleep
TerminateThread
ExitThread
TlsGetValue
CreateThread
TlsAlloc
DeleteFileW
GetVersionExA
MoveFileW
MoveFileExW
FindClose
FindNextFileW
FindFirstFileW
CreateFileW
GetCommandLineW
GetACP
WideCharToMultiByte
MultiByteToWideChar
SetConsoleOutputCP
GetFileTime
SetFileTime
GetExitCodeThread
DuplicateHandle
GetCurrentProcess
SetPriorityClass
GetCurrentThread
SetThreadPriority
QueryPerformanceCounter
QueryPerformanceFrequency
WriteFile
ReadFile
FlushViewOfFile
GetFileSizeEx
CreateFileMappingA
MapViewOfFile
CloseHandle
VirtualQuery
VirtualAlloc
VirtualFree
UnmapViewOfFile
FreeLibrary
GetProcAddress
LoadLibraryExA
LoadLibraryA
GetLastError
FormatMessageA
GetSystemInfo
VirtualProtect
ReleaseMutex

Sections

.text
Size: 612KB - Virtual size: 612KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 390KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.exptbl
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ac25b4820efdbb303a89ed268547fd11

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

shell32

msvcr90

kernel32

Sections

.text Size: 612KB - Virtual size: 612KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 390KB - Virtual size: 444KB

.pdata Size: 11KB - Virtual size: 11KB

.exptbl Size: 192KB - Virtual size: 191KB

.rsrc Size: 1024B - Virtual size: 688B

.text
Size: 612KB - Virtual size: 612KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 390KB - Virtual size: 444KB

.pdata
Size: 11KB - Virtual size: 11KB

.exptbl
Size: 192KB - Virtual size: 191KB

.rsrc
Size: 1024B - Virtual size: 688B