aa5da9a485ab007472349bf982d20820N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

aa5da9a485ab007472349bf982d20820N.exe
Size

376KB
MD5

aa5da9a485ab007472349bf982d20820
SHA1

29bbfc16923b76c63cc50089dbdcbd5a9adce9ae
SHA256

9133827e2edf8819ab60f6aa8a7405a81b4d90f467aa61b85afeda70fee01202
SHA512

2829ca6aa85afcf698c28184aaa379e603b0b5280eacc3ab6c0a9370c281d43557c8047befd338b17a97c37b7e594afeb697d0af24e9841ec8fdca4dd0745d68
SSDEEP

3072:9HxRM2+wU9HjTB/EPnyeqCzNGrMxYivuOwAqAqrYQf7qUa4dbANZmHOgDRmdW14y:Z+B93o9z4iGfq9mHTDBCTd3TBJTJyXo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa5da9a485ab007472349bf982d20820N.exe

Files

aa5da9a485ab007472349bf982d20820N.exe
.dll windows:4 windows x86 arch:x86

ca9b31f94cba2e46ad45fc6091372c42

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wsock32

WSAStartup
gethostbyname
inet_addr
WSACleanup
ioctlsocket
WSAGetLastError
sendto
recvfrom
ntohl
bind
htonl
htons
closesocket
setsockopt
socket
inet_ntoa
select
gethostname

ltimg90n

ord104
ord126
ord118
ord122
ord106
ord123

ltkrn90n

ord111
ord213
ord112
ord130
ord198
ord110
ord134
ord125
ord115
ord218

kernel32

MultiByteToWideChar
SetLastError
lstrcpynA
lstrcmpA
ResumeThread
SuspendThread
DuplicateHandle
GetCurrentProcess
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
MulDiv
LocalFree
GetCurrentThread
LocalAlloc
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
TlsFree
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
SetErrorMode
GlobalFlags
GetProcessVersion
GetCPInfo
GetOEMCP
GetFileSize
GetFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
RtlUnwind
HeapAlloc
HeapFree
GetFileType
GetCommandLineA
RaiseException
ExitThread
ExitProcess
TerminateProcess
HeapSize
HeapReAlloc
GetACP
GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
SetStdHandle
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetCurrentThreadId
GlobalGetAtomNameA
GetVersion
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LockResource
FindResourceA
LoadResource
CopyFileA
GetFileAttributesA
SetFileAttributesA
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
OpenProcess
GetProcessWorkingSetSize
SetProcessWorkingSetSize
DeviceIoControl
GetVersionExA
WideCharToMultiByte
OpenMutexA
lstrlenA
_lcreat
InterlockedDecrement
_lwrite
GetPrivateProfileStringA
GetModuleFileNameA
GetPrivateProfileIntA
lstrcpyA
GlobalLock
GlobalFree
GlobalUnlock
GlobalAlloc
SetThreadPriority
GetProcAddress
LoadLibraryA
FreeLibrary
GlobalHandle
WritePrivateProfileStringA
InterlockedIncrement
GetTickCount
GetTempPathA
CloseHandle
SetFilePointer
ReadFile
CreateFileA
WriteFile
Sleep
GetLocalTime
GetSystemDefaultLangID
CreateEventA
CreateThread
WaitForSingleObject
SetEvent
GetDiskFreeSpaceA
GetModuleHandleA
ReleaseMutex
_lclose
GetLastError
CreateMutexA
DeleteFileA
TerminateThread
GetExitCodeThread
_lopen
lstrcatA
WinExec
GetSystemTime

user32

IsWindowVisible
AdjustWindowRectEx
SetFocus
GetFocus
MapWindowPoints
SendDlgItemMessageA
PostMessageA
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
GetMenuCheckMarkDimensions
LoadStringA
ValidateRect
GetMessageA
CharUpperA
BeginPaint
EndPaint
TabbedTextOutA
GrayStringA
WindowFromPoint
DestroyMenu
PostQuitMessage
GetClassNameA
GetSysColorBrush
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
LoadAcceleratorsA
TranslateAcceleratorA
FindWindowA
GetWindowThreadProcessId
GetSystemMenu
AppendMenuA
GetSystemMetrics
GetCursorPos
ClientToScreen
GetDesktopWindow
LoadIconA
GetKeyboardLayoutNameA
DrawTextA
UnregisterClassA
RegisterClassA
CopyRect
CreateWindowExA
KillTimer
SetTimer
SetCapture
PeekMessageA
ScreenToClient
TranslateMessage
ReleaseCapture
InvalidateRect
PtInRect
SetCursor
FrameRect
SetRect
GetClientRect
ScrollDC
GetDC
ReleaseDC
IsWindow
GetWindowRect
SetForegroundWindow
UpdateWindow
MessageBoxA
GetSysColor
FillRect
IntersectRect
UnionRect
OffsetRect
EnableWindow
wsprintfA
SendMessageA
GetParent
DefWindowProcA
DispatchMessageA
LoadCursorA
LoadBitmapA

gdi32

Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
LineTo
MoveToEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetROP2
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
GetObjectA
GetStockObject
CreateFontA
CreatePen
CreatePolygonRgn
OffsetRgn
PtInRegion
CombineRgn
GetRgnBox
CreatePenIndirect
FrameRgn
CreateBitmap
CreatePatternBrush
SetDIBitsToDevice
BitBlt
CreateRectRgn
SelectClipRgn
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateSolidBrush
DeleteDC
GetDeviceCaps
DeleteObject
CreatePalette
SelectPalette
RealizePalette
ScaleWindowExtEx

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA

shell32

ExtractIconA

comctl32

ord17

iphlpapi

GetAdaptersAddresses

ws2_32

connect
WSAAsyncSelect
send
recv
accept
WSASetLastError
WSASocketA
freeaddrinfo
WSAAddressToStringA
getaddrinfo

Exports

Exports

uiBeginDialog
uiDisable
uiEndDialog
uiEndXfer
uiGetInfo
uiGetPendingImageCount
uiIsADFDocLoaded
uiIsADFOn
uiNativeRead
uiRead
uiReadFile
uiisScannerOnLine

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca9b31f94cba2e46ad45fc6091372c42

Headers

File Characteristics

Imports

version

wsock32

ltimg90n

ltkrn90n

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

iphlpapi

ws2_32

Exports

Exports

Sections

.text Size: 264KB - Virtual size: 263KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 12KB - Virtual size: 155KB

.rsrc Size: 28KB - Virtual size: 24KB

.reloc Size: 32KB - Virtual size: 30KB

.text
Size: 264KB - Virtual size: 263KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 12KB - Virtual size: 155KB

.rsrc
Size: 28KB - Virtual size: 24KB

.reloc
Size: 32KB - Virtual size: 30KB