692210b500e0af3eb8ac952c38e5e7d0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

692210b500e0af3eb8ac952c38e5e7d0N.exe
Size

2.0MB
MD5

692210b500e0af3eb8ac952c38e5e7d0
SHA1

f29549e5a401c7f24c69cb11dd8153568dc665cf
SHA256

5451b320596e8561b3cebad270c08febc23828fe26edaa248af3ba1137dde9e6
SHA512

54092f88bdaaa38629640176f52586adbd07716207254175a9a14bbc826ff053d816a01d006db51ee922c213b523e35385e79020e68ff935f36d43d4e765f790
SSDEEP

49152:q4VZ6gcJH746YY7E2roBpbcrydnXRri35ajVC:HVZ6vJH746YY7EgoBpbcrQnXw35ajV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
692210b500e0af3eb8ac952c38e5e7d0N.exe

Files

692210b500e0af3eb8ac952c38e5e7d0N.exe
.dll regsvr32 windows:6 windows x86 arch:x86

8a7a927b9aac4429488566a6d12dead8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\workarea\14.50\apps\ccc2\Source\Utilities\MMPreview\MMCCCPreview\MMACEFilters\build\B_rel\MMACEFilters.pdb

Imports

kernel32

DisableThreadLibraryCalls
InterlockedIncrement
FreeLibrary
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CloseHandle
CreateEventA
SetEvent
ResetEvent
WaitForSingleObject
GetCurrentProcess
GetCurrentThreadId
InterlockedExchange
Sleep
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
GetACP
GetVersionExA
CreateThread
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapSize
GetStringTypeW
HeapReAlloc
LCMapStringW
LoadLibraryW
LoadLibraryExW
OutputDebugStringW
GetCPInfo
GetOEMCP
IsValidCodePage
GetModuleFileNameA
GetLastError
MultiByteToWideChar
lstrlenA
SetFilePointerEx
CreateFileW
WriteConsoleW
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
RtlUnwind
EncodePointer
DecodePointer
GetCommandLineA
HeapAlloc
RaiseException
HeapFree
IsDebuggerPresent
IsProcessorFeaturePresent
SetLastError
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetProcessHeap
GetFileType
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

SetRect
SendDlgItemMessageA
wsprintfA
GetWindowLongA
SetWindowLongA
CreateDialogParamA
MoveWindow
InvalidateRect
GetDesktopWindow
GetWindowRect
LoadStringW
LoadStringA
DefWindowProcA
DestroyWindow
ShowWindow

advapi32

RegSetValueA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA

ole32

CoCreateInstance
CoUninitialize
CoTaskMemFree
StringFromGUID2
CoInitialize
CoFreeUnusedLibraries
CoTaskMemAlloc

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a7a927b9aac4429488566a6d12dead8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

Exports

Exports

Sections

.text Size: 91KB - Virtual size: 91KB

.rdata Size: 69KB - Virtual size: 68KB

.data Size: 1.9MB - Virtual size: 1.9MB

.rsrc Size: 1024B - Virtual size: 848B

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 91KB - Virtual size: 91KB

.rdata
Size: 69KB - Virtual size: 68KB

.data
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 1024B - Virtual size: 848B

.reloc
Size: 17KB - Virtual size: 16KB