9e1fc35f0936ced3899f74c75b984320N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

9e1fc35f0936ced3899f74c75b984320N.exe
Size

120KB
MD5

9e1fc35f0936ced3899f74c75b984320
SHA1

6071320432886a503b339aca4ec61b49968b7c20
SHA256

f3b9ab969c4dc48515de507f8d3da973e615b7d5d3d1077becc4cfc637b059f9
SHA512

64341050e157e115f5dae121fe4883628c839d9f6074bc0c2086b3aba3dcda022d309e07811754540f62fc825a09d783d6ae986433a9ed4b89f0afe678c7036a
SSDEEP

1536:JLttE6vtqf7VV7m7Js2+W1Zf+HLvuX0utail:JLttj849skyvuX0utFl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9e1fc35f0936ced3899f74c75b984320N.exe

Files

9e1fc35f0936ced3899f74c75b984320N.exe
.exe windows:6 windows x86 arch:x86

d38d9faec3f39e174eec60c85c3b3a63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Controller\Sources\Special\IRC SHM Provider\Release\Win32\IRC SHM Provider.pdb

Imports

kernel32

CloseHandle
WaitForSingleObject
OpenEventA
Sleep
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
GetCurrentProcess
SetPriorityClass
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetModuleHandleW

user32

SendNotifyMessageA
RegisterWindowMessageA

winmm

timeBeginPeriod
timeEndPeriod

msvcp140

?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bios_base@std@@QBE_NXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z

vcruntime140

__std_type_info_destroy_list
__current_exception_context
_except_handler4_common
memset
memcpy
memmove
__current_exception
strstr
__std_exception_copy
__CxxFrameHandler3
_CxxThrowException
__std_exception_destroy

api-ms-win-crt-string-l1-1-0

strncmp
strcspn

api-ms-win-crt-time-l1-1-0

_difftime64
_time64

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
exit
_exit
_set_app_type
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_exe
_get_initial_narrow_environment
_seh_filter_dll
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_controlfp_s
terminate
_register_onexit_function

api-ms-win-crt-convert-l1-1-0

atoi
_itoa
atof

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
ungetc
__p__commode
_get_stream_buffer_pointers
_set_fmode
__stdio_common_vsprintf
__stdio_common_vfprintf
fwrite
_fseeki64
fsetpos
fread
fputc
fgetpos
fgetc
fflush
fclose
setvbuf

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-math-l1-1-0

floor
roundf
__setusermatherr

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
_callnewh
free

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d38d9faec3f39e174eec60c85c3b3a63

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

winmm

msvcp140

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 1024B - Virtual size: 9KB

.rsrc Size: 67KB - Virtual size: 66KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 1024B - Virtual size: 9KB

.rsrc
Size: 67KB - Virtual size: 66KB

.reloc
Size: 3KB - Virtual size: 2KB