0fc8831a7da2f3e7b39708db0fe58e50N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

0fc8831a7da2f3e7b39708db0fe58e50N.exe
Size

2.0MB
MD5

0fc8831a7da2f3e7b39708db0fe58e50
SHA1

47c55e2b17bc01699f252b821cc2271bd6dd5b74
SHA256

0645d4472a82ae1edebd2fdabefe2e30b5b9f7cce40408f44c723d82aecb54b3
SHA512

58d7a82c1afb38cb062b3ef6c297f520616339ca8792faadee5db9f3862443c04c09dce23a7c0ec978339e68b34d3d96cf3f66afbb2f63ccbec24b638dd54e1e
SSDEEP

49152:6KvQJORZAlHWmEVx5a4IUVSWdUUMV6TMiYtsS:6oR/hIQdMsS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fc8831a7da2f3e7b39708db0fe58e50N.exe

Files

0fc8831a7da2f3e7b39708db0fe58e50N.exe
.dll windows:5 windows x86 arch:x86

83abeaa41c1bea06ba92d8b0fbf6ef22

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

waveInGetPosition

netapi32

NetServerTransportDel

msvcrt

wcscoll
iswspace

comctl32

ImageList_SetBkColor

oleaut32

SafeArrayCreateVector
SafeArrayCreate
LoadTypeLibEx

crypt32

CertVerifyCertificateChainPolicy

rpcrt4

NdrUserMarshalUnmarshall

gdi32

GetCharacterPlacementA
AbortDoc

shell32

ExtractIconExA

pdh

PdhGetFormattedCounterArrayW

kernel32

OutputDebugStringA
OpenJobObjectW
GetNumberFormatA
LoadLibraryW
GetModuleFileNameA
GetFileSize
ReleaseSemaphore
WaitNamedPipeA
GetLastError

mprapi

MprAdminMIBEntryGetFirst
MprAdminMIBEntryGet

clusapi

ClusterResourceCloseEnum

user32

ReleaseCapture
EnumDisplayDevicesA
TrackPopupMenu
GetDC
SetScrollPos

shlwapi

PathCombineA
PathFindNextComponentW

ole32

PropVariantCopy
StgOpenStorageOnILockBytes
CLSIDFromString
CLIPFORMAT_UserFree

version

VerFindFileW

advapi32

ImpersonateNamedPipeClient
RemoveUsersFromEncryptedFile
GetFileSecurityW

ntdsapi

DsFreeNameResultW

setupapi

SetupDiClassNameFromGuidExW
CMP_WaitNoPendingInstallEvents
CM_Get_Device_IDW
SetupDiGetDriverInstallParamsW

winspool.drv

DeviceCapabilitiesW

Exports

Exports

VzhhoaeEnwsasio

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.crt
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83abeaa41c1bea06ba92d8b0fbf6ef22

Headers

File Characteristics

Imports

winmm

netapi32

msvcrt

comctl32

oleaut32

crypt32

rpcrt4

gdi32

shell32

pdh

kernel32

mprapi

clusapi

user32

shlwapi

ole32

version

advapi32

ntdsapi

setupapi

winspool.drv

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.crt Size: 4KB - Virtual size: 1KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 32KB - Virtual size: 34KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 12KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.crt
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 32KB - Virtual size: 34KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 12KB