086ebb8a504543e577940784a7195c90N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

086ebb8a504543e577940784a7195c90N.exe
Size

1.7MB
MD5

086ebb8a504543e577940784a7195c90
SHA1

394f8c4fe3ca79222bd8ff0f09f1d1b66da14055
SHA256

8aff32fa8ac865563c2811da63b3a3a2bf27ee07e64727aa32c518ed8e7342c7
SHA512

a60bff5ad967c289533d4defd125ee530f3f312fb2cf669815310a7d0afe8a11b831dc10f35338e0741086654e27e625b1bf8bfb2e703577db1f717038284632
SSDEEP

24576:B+ieOZoZO/wYcsPJK40AaP4U++32PXy5iNleef:BJpZoZO/wYcsPJ50QH+30Xy5iNl/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
086ebb8a504543e577940784a7195c90N.exe

Files

086ebb8a504543e577940784a7195c90N.exe
.exe windows:5 windows x86 arch:x86

07124dd05504cd8d18cc917fd65465e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

GetWindowRect
GetWindow
GetWindowThreadProcessId
EnumThreadWindows
InternalGetWindowText
GetForegroundWindow
GetLastInputInfo
GetDesktopWindow

ole32

CoTaskMemFree
CoCreateInstance
CoInitializeEx

oleaut32

SysAllocStringLen
SysFreeString

kernel32

MultiByteToWideChar
WideCharToMultiByte
OpenProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetStdHandle
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
GetFileAttributesW
GetFileAttributesExW
GetFileSize
GetFullPathNameW
GetLongPathNameW
SetFileTime
WriteFile
GetTempPathW
MoveFileExW
SetFilePointer
GetLogicalDriveStringsW
QueryDosDeviceW
CreateProcessW
GetLocalTime
GetSystemDirectoryW
GetWindowsDirectoryW
GetVersionExW
UnmapViewOfFile
FreeLibrary
GetModuleFileNameW
LocalAlloc
LoadLibraryA
GetSystemWow64DirectoryW
GetVolumeInformationA
FileTimeToSystemTime
SystemTimeToFileTime
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Thread32First
Thread32Next
Module32FirstW
CreateEventA
LocalFree
VirtualAlloc
VirtualFree
GetLocaleInfoW
CreateFileW
ReadFile
GetEnvironmentVariableW
GetCommandLineW
CreateMutexW
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapSize
SetStdHandle
WaitForSingleObjectEx
LCMapStringW
GetFileType
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapFree
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
HeapReAlloc
HeapAlloc
MapViewOfFile
GetTickCount
DuplicateHandle
CloseHandle
Sleep
WaitForSingleObject
ReleaseMutex
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
ExitProcess
GetCurrentProcess
GetProcAddress
GetModuleHandleA
GetCPInfo
OutputDebugStringW
RtlUnwind
SetEvent
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
GetACP
GetNativeSystemInfo
ResetEvent
TlsAlloc
CreateEventW
SetLastError
LeaveCriticalSection
EnterCriticalSection
GetStringTypeW

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

getaddrinfo
WSAEventSelect
WSAStartup
gethostname
gethostbyname
socket
shutdown
send
freeaddrinfo
recv
htonl
ntohl
listen
inet_addr
htons
getpeername
connect
closesocket
bind
accept
WSAGetLastError
select
ntohs

shell32

SHGetFolderPathW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA
SetEntriesInAclW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
GetUserNameW
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetSecurityDescriptorSacl
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
OpenProcessToken
CryptGenRandom
CryptAcquireContextW

Sections

.text
Size: 633KB - Virtual size: 632KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 960KB - Virtual size: 966KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07124dd05504cd8d18cc917fd65465e1

Headers

DLL Characteristics

File Characteristics

Imports

user32

ole32

oleaut32

kernel32

iphlpapi

version

ws2_32

shell32

advapi32

Sections

.text Size: 633KB - Virtual size: 632KB

.rdata Size: 125KB - Virtual size: 124KB

.data Size: 960KB - Virtual size: 966KB

.reloc Size: 29KB - Virtual size: 29KB

.text
Size: 633KB - Virtual size: 632KB

.rdata
Size: 125KB - Virtual size: 124KB

.data
Size: 960KB - Virtual size: 966KB

.reloc
Size: 29KB - Virtual size: 29KB