05610170ebbba95be52d6a204ccfa8f0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

05610170ebbba95be52d6a204ccfa8f0N.exe
Size

812KB
MD5

05610170ebbba95be52d6a204ccfa8f0
SHA1

ebe61a75b5b87e0e5c4a2c1b3b0f8e28b7a23d08
SHA256

df0aff53e957330a01adb6c928cd0f466716c666a25e5979ae14a81cac7528bd
SHA512

46d2b249e97a606f4a54f858b4c982bace69288348d467cfc20f7d2a759142361c85bd3e131584e6cb1b180a69f6ad257f5b9a93f6e9916f155ed28c0e370eb6
SSDEEP

12288:wF4NDCxEJWnBgDtqSyhPrdwk+Wf1+zYbPsfr5nF9PmrrZnF9dn:wFNxvnBg5qSyddwkh1+zYbP8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05610170ebbba95be52d6a204ccfa8f0N.exe

Files

05610170ebbba95be52d6a204ccfa8f0N.exe
.exe windows:4 windows x86 arch:x86

adb4e771dcb36deede112b51a615a187

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

fs1fdcm1

ord1

mfc42

ord2754
ord470
ord800
ord858
ord4129
ord4160
ord540
ord686
ord2453
ord2862
ord2097
ord384
ord2121
ord5655
ord4299
ord6880
ord6197
ord3092
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord641
ord860
ord324
ord2370
ord2299
ord4234
ord939
ord926
ord3317
ord2614
ord924
ord823
ord6334
ord6883
ord6282
ord537
ord2818
ord4710
ord3370
ord2582
ord4402
ord3640
ord693
ord4243
ord3996
ord2379
ord6905
ord6907
ord3998
ord801
ord6143
ord541
ord3301
ord922
ord536
ord4277
ord535
ord2784
ord6283
ord6876
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord1146
ord3663
ord2393
ord665
ord5442
ord3318
ord353
ord4224
ord5583
ord6385
ord1907
ord5161
ord5162
ord5160
ord4742
ord4976
ord4948
ord4358
ord4377
ord4854
ord4835
ord768
ord489
ord2302
ord4258
ord5981
ord2087
ord1168
ord5287
ord1175
ord6199
ord4905
ord6007
ord1105
ord2864
ord2642
ord4284
ord941
ord1138
ord6663
ord3874
ord1979
ord5186
ord352
ord354
ord1200
ord3790
ord5861
ord1147
ord1601
ord5710
ord2763
ord1622
ord802
ord542
ord5601
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord6597
ord6650
ord6591
ord6807
ord6857
ord6823
ord6855
ord6832
ord6859
ord6867
ord6846
ord6845
ord4589
ord4588
ord4899
ord4370
ord4892
ord6817
ord5076
ord4340
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord5240
ord5281
ord3748
ord1725
ord5260
ord6614
ord6691
ord4432
ord2841
ord6671
ord539
ord6699
ord6735
ord6800
ord4347
ord6808
ord5600
ord501
ord6835
ord6815
ord6816
ord5856
ord6814
ord6215
ord4216
ord6812
ord6856
ord6858
ord6847
ord6839
ord3447
ord3196
ord6805
ord6674
ord861
ord2107
ord923
ord1083
ord5450
ord5440
ord6383
ord6394
ord2764
ord4204
ord1858
ord4245
ord5101
ord2101
ord2723
ord2390
ord3059
ord5100
ord5104
ord4467
ord4303
ord3351
ord5012
ord755
ord5472
ord3403
ord2879
ord2878
ord4152
ord4077
ord5237
ord2382
ord5283
ord2649
ord1665
ord4436
ord2445
ord401
ord674
ord1233
ord5254
ord4995
ord4427
ord4413
ord5031
ord3742
ord818
ord4275
ord4274
ord6375
ord4486
ord2554
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5714
ord4622
ord3738
ord815
ord561
ord5683
ord2512
ord986
ord411
ord2621
ord1134
ord2725
ord5289
ord1205
ord2455
ord3089
ord1228
ord1158
ord940
ord1574
ord3402
ord3721
ord795
ord773
ord2086
ord1085
ord3287
ord6008
ord3499
ord2515
ord5651
ord3127
ord3616
ord2915
ord6648
ord5572
ord6756
ord1834
ord5067
ord4635
ord4607
ord4716
ord4750
ord5016
ord4375
ord4852
ord4834
ord355
ord4229
ord4496
ord3733
ord810
ord4271
ord2149
ord3914
ord3303
ord4000
ord6877
ord1259
ord1572
ord4278
ord2652
ord798
ord603
ord700
ord398
ord273
ord532
ord1669
ord6404
ord1148
ord5461
ord6569
ord6407
ord5465
ord5194
ord533
ord2765
ord913
ord5594
ord4189
ord6605
ord6662
ord6453
ord3286
ord3910
ord2096
ord1642
ord6696
ord2100
ord3398
ord3296
ord2123
ord4076
ord4720
ord6478
ord6514
ord690
ord1988
ord5356
ord5207
ord6059
ord389
ord2847
ord2135
ord1997
ord4287
ord3138
ord1859
ord4246
ord3869
ord2127
ord2391
ord5102
ord5105
ord4468
ord3350
ord975
ord2880
ord4153
ord2383
ord5284
ord4437
ord4428
ord6209
ord5032
ord609
ord616
ord656
ord2528
ord1099
ord2777
ord5805
ord807
ord796
ord554
ord529
ord402
ord2494
ord2627
ord2626
ord6000
ord2117
ord4163
ord6625
ord4457
ord5255
ord6626
ord2917
ord2803
ord958
ord6312
ord4177
ord6010
ord5773
ord2601
ord3180
ord3183
ord3176
ord3507
ord3614
ord1567
ord268
ord6930
ord6928
ord5849
ord1908
ord1690
ord5288
ord4439
ord2054
ord4431
ord771
ord497
ord4259
ord1008
ord4715
ord3698
ord765
ord3571
ord3626
ord2414
ord2152
ord1641
ord1768
ord640
ord5785
ord1640
ord323
ord3610
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord2575
ord4396
ord3574
ord3876
ord1949
ord4034
ord4235
ord808
ord825
ord327
ord567
ord642
ord3731
ord4424
ord4627
ord4080
ord3079

msvcrt

localtime
strftime
__CxxFrameHandler
time
_setmbcp
_CxxThrowException
strncpy
isspace
_strnicmp
strncmp
memmove
strlen
memset
memcpy
memcmp
rand
srand
??1type_info@@UAE@XZ
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_ftol
memchr
strchr
atoi
remove
_mbscmp
strrchr
_purecall
_ftime
_mbsicmp
freopen
_iob
_mkdir
_stat
_mbsicoll
_mbctype
_errno
_controlfp
_makepath
_splitpath
rename
strtok

kernel32

lstrcpynA
lstrlenA
CreateFileA
CreateDirectoryA
CopyFileA
MultiByteToWideChar
lstrcpyA
RemoveDirectoryA
GetVersionExA
lstrcmpiA
LoadLibraryA
FormatMessageA
GlobalMemoryStatus
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
CompareFileTime
GlobalFree
GetModuleHandleA
GetStartupInfoA
GetProcessHeap
HeapAlloc
HeapFree
FindFirstFileA
lstrlenW
DeleteFileA
FindNextFileA
FindClose
CreateWaitableTimerA
GlobalUnlock
GlobalLock
GlobalAlloc
GetTempPathA
AllocConsole
GetLastError
CreateMutexA
FreeLibrary
Sleep
CloseHandle
GetProcAddress
LocalFree
WaitForSingleObject

user32

DrawMenuBar
GetSystemMenu
GetCursorPos
EnableMenuItem
GetFocus
CallNextHookEx
GetMenuItemCount
WindowFromPoint
ReleaseCapture
ClientToScreen
SetCapture
GetKeyState
MessageBoxA
LoadIconA
IsWindowVisible
GetClassNameA
DispatchMessageA
PeekMessageA
TranslateMessage
DeleteMenu
ModifyMenuA
CheckMenuItem
SetWindowsHookExA
UnhookWindowsHookEx
GetForegroundWindow
LoadBitmapA
GetDesktopWindow
GetLastActivePopup
SetForegroundWindow
GetPropA
IsIconic
SetPropA
KillTimer
SetTimer
UpdateWindow
GetCursor
LoadCursorA
SetCursor
GetWindow
IsWindow
PostMessageA
InvalidateRect
GetParent
GetSysColor
EnableWindow
DestroyAcceleratorTable
TranslateAcceleratorA
LoadAcceleratorsA
LoadMenuA
GetSubMenu
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetWindowRect
OffsetRect
SendMessageA
GetClientRect
RegisterWindowMessageA
wsprintfA
SetMenu
GetMenu
ScreenToClient

gdi32

BitBlt
GetObjectA
GetBkColor
CreateCompatibleDC

comdlg32

GetOpenFileNameA

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA

shell32

ShellExecuteA

comctl32

ImageList_BeginDrag
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragEnter
ImageList_ReplaceIcon
ImageList_EndDrag
ImageList_DragLeave

oleaut32

VariantInit
SysFreeString
VariantClear
SysAllocString

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

msvcirt

??6ostream@@QAEAAV0@J@Z
??1fstream@@UAE@XZ
?endl@@YAAAVostream@@AAV1@@Z
??6ostream@@QAEAAV0@PBD@Z
?doallocate@streambuf@@MAEHXZ
?pbackfail@streambuf@@UAEHH@Z
?underflow@filebuf@@UAEHXZ
?overflow@filebuf@@UAEHH@Z
?xsgetn@streambuf@@UAEHPADH@Z
?xsputn@streambuf@@UAEHPBDH@Z
?seekpos@streambuf@@UAEJJH@Z
?seekoff@filebuf@@UAEJJW4seek_dir@ios@@H@Z
?setbuf@filebuf@@UAEPAVstreambuf@@PADH@Z
?sync@filebuf@@UAEHXZ
?open@fstream@@QAEXPBDHH@Z
??0fstream@@QAE@XZ
?open@filebuf@@QAEPAV1@PBDHH@Z
?openprot@filebuf@@2HB
??0ostream@@QAE@PAVstreambuf@@@Z
??0filebuf@@QAE@XZ
?close@fstream@@QAEXXZ
?close@filebuf@@QAEPAV1@XZ
??1filebuf@@UAE@XZ
??1ios@@UAE@XZ
??1ostream@@UAE@XZ

Exports

Exports

_WASConvertName@12
_WASCreateSupportData@24

Sections

.text
Size: 448KB - Virtual size: 446KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

adb4e771dcb36deede112b51a615a187

Headers

File Characteristics

Imports

fs1fdcm1

mfc42

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

oleaut32

msvcp60

msvcirt

Exports

Exports

Sections

.text Size: 448KB - Virtual size: 446KB

.rdata Size: 92KB - Virtual size: 90KB

.data Size: 20KB - Virtual size: 19KB

.rsrc Size: 248KB - Virtual size: 247KB

.text
Size: 448KB - Virtual size: 446KB

.rdata
Size: 92KB - Virtual size: 90KB

.data
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 248KB - Virtual size: 247KB