28783b8e70c8b44c6e6badb297e45380N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

28783b8e70c8b44c6e6badb297e45380N.exe
Size

2.7MB
MD5

28783b8e70c8b44c6e6badb297e45380
SHA1

7f294a1a954dfa57c71b974f7d8716b203325e2b
SHA256

1e42ac0ff000cb32ae91b37b15f7bc40c06fa409f2e4b830220441273d471f70
SHA512

112a9aaaea791c4d1febe67842229657b643cec1874dc66e6e0d85266f13df641d230d9367d2b4093d74316fb8a2a181905adebbb56aadaac8f730f1f90ec107
SSDEEP

49152:YIOZodgcrzpKMBAgoQ0gaW/xRk6GOsQ6EY8VaARAh7cGnXbLpN:YrQDvxBAgva6UTETVa1h7z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28783b8e70c8b44c6e6badb297e45380N.exe

Files

28783b8e70c8b44c6e6badb297e45380N.exe
.dll windows:5 windows x86 arch:x86

44eb2cafbc53768e35065511a207208d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

VerFindFileW

shell32

DragQueryFileA
SHOpenFolderAndSelectItems

msvcrt

vfwprintf
memset
wcscoll

oleaut32

SafeArrayCreate
LoadTypeLibEx

comctl32

ImageList_GetIconSize

kernel32

FindNextChangeNotification
ActivateActCtx
WinExec
DisconnectNamedPipe
SetFilePointer
GetSystemWow64DirectoryW
SetProcessWorkingSetSize
SetTimerQueueTimer
GetFileSize
OutputDebugStringA
GetModuleFileNameA
LoadLibraryW
ResumeThread
GetThreadPriority

winspool.drv

AddPortW

shlwapi

UrlCombineA

mprapi

MprConfigInterfaceCreate
MprAdminTransportSetInfo

clusapi

ClusterRegDeleteValue

wintrust

WintrustLoadFunctionPointers

pdh

PdhAddCounterW

user32

WindowFromPoint
GetTitleBarInfo
HideCaret
DrawIconEx
DestroyAcceleratorTable
SetWindowPlacement
IsWindowVisible
SetKeyboardState

rpcrt4

UuidCompare
NdrInterfacePointerUnmarshall

ole32

WriteFmtUserTypeStg
OleSetContainedObject
CoFreeLibrary
StgIsStorageILockBytes

advapi32

CopySid
GetServiceDisplayNameW

netapi32

NetServerTransportAddEx

winmm

midiInReset

setupapi

CM_Locate_DevNode_ExW
SetupScanFileQueueW
SetupGetSourceFileLocationW
CM_Get_Device_ID_List_Size_ExW

gdi32

EnumFontFamiliesA
SetWindowOrgEx

ntdsapi

DsBindWithCredA

Exports

Exports

VzhhoaeEnwsasio

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.crt
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 900KB - Virtual size: 898KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44eb2cafbc53768e35065511a207208d

Headers

File Characteristics

Imports

version

shell32

msvcrt

oleaut32

comctl32

kernel32

winspool.drv

shlwapi

mprapi

clusapi

wintrust

pdh

user32

rpcrt4

ole32

advapi32

netapi32

winmm

setupapi

gdi32

ntdsapi

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.crt Size: 4KB - Virtual size: 1KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 44KB - Virtual size: 44KB

.CRT Size: 900KB - Virtual size: 898KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 16KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.crt
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 44KB - Virtual size: 44KB

.CRT
Size: 900KB - Virtual size: 898KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 16KB