a5284ab850bbaf3cf65600b10b28dd80N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

a5284ab850bbaf3cf65600b10b28dd80N.exe
Size

162KB
MD5

a5284ab850bbaf3cf65600b10b28dd80
SHA1

1519e099b60bed25541f0bc2065dc16cb9552fa6
SHA256

12bdaba97ff07d8653ba6567424351e0f31cff6220d936c001ffe5f9e638edf7
SHA512

0130159b7fad213275f5efcea3933b02cca4aae1528197b764cb14e19ec2479959bdcdf81a50375b0e1525a39954221a81e30443c91873823d59abdc6ecc3444
SSDEEP

3072:vUExYGK0gAa3qpItZavuMBiJaM+9ukNEzXwC561:vUExVK0QawGBHM+ia

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a5284ab850bbaf3cf65600b10b28dd80N.exe

Files

a5284ab850bbaf3cf65600b10b28dd80N.exe
.dll windows:5 windows x86 arch:x86

e20380f09429955dd9aa816d035f2075

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\ld-dev\landesk\ManagementSuite\Release\httprequest.pdb

Imports

ws2_32

getnameinfo
freeaddrinfo
getaddrinfo
WSACleanup
WSAStartup
socket
shutdown
connect
closesocket
WSAGetLastError
setsockopt
send
select
recv

libeay32

ord465
ord1804
ord197
ord196
ord2415
ord2416
ord2412
ord1654
ord1653
ord84
ord2623
ord3050
ord363
ord364
ord3212
ord281
ord637
ord641
ord657
ord581
ord652
ord648
ord544
ord2201
ord227
ord248
ord2291
ord224
ord1186
ord1178
ord909

ssleay32

ord77
ord83
ord84
ord70
ord94
ord226
ord99
ord105
ord74
ord61
ord21
ord8
ord12
ord225
ord17
ord75
ord48
ord43
ord78
ord108
ord6
ord58
ord110
ord96
ord86
ord183
ord141
ord157
ord15

kernel32

GetConsoleCP
LCMapStringW
LoadLibraryW
LoadLibraryExW
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeW
ReadConsoleW
GetConsoleMode
SetFilePointerEx
SetFilePointer
DeleteCriticalSection
GetFileType
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
Sleep
AreFileApisANSI
GetModuleHandleExW
ExitProcess
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleFileNameW
GetStdHandle
GetCommandLineA
RaiseException
ReadFile
HeapSize
HeapReAlloc
HeapAlloc
HeapFree
RtlUnwind
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
FlushFileBuffers
WriteConsoleW
CreateFileW
SetEndOfFile
CreateFileA
LocalFree
LocalSize
LocalAlloc
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
FindResourceW
lstrlenA
GetProcAddress
GetCurrentProcessId
GetCurrentThreadId
GetLastError
InitializeCriticalSectionAndSpinCount
ReleaseMutex
WaitForSingleObject
WriteFile
CloseHandle
GetLocalTime
CreateMutexA
OpenMutexA
LoadLibraryA
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleExA
HeapDestroy
DeleteFileA
CopyFileA
GetSystemTimeAsFileTime
GetSystemInfo
GetComputerNameA
QueryPerformanceCounter
LockResource
FreeLibrary
LoadResource
SizeofResource

user32

CharNextA

advapi32

SetFileSecurityA
RegOpenKeyExA
RegQueryValueExA
GetUserNameA
RegCloseKey

oleaut32

SysFreeString
SysAllocStringLen

Exports

Exports

FreeResponse
HttpAuthRequest
HttpGetFileFromCore
HttpGetFromCore
HttpRequest
HttpRequestFile
HttpRequestViaProxy
SecureHttpAuthRequest
SecureHttpRequest
SecureHttpRequestViaProxy

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e20380f09429955dd9aa816d035f2075

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

libeay32

ssleay32

kernel32

user32

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 111KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 5KB - Virtual size: 14KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 112KB - Virtual size: 111KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB