303a012c3341e82ba1ef14026f9e36f0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

303a012c3341e82ba1ef14026f9e36f0N.exe
Size

3.7MB
MD5

303a012c3341e82ba1ef14026f9e36f0
SHA1

6967a5476411503b49bcb435b191e3bf5b0dae2d
SHA256

42298b20db9c2216074ddef08501a37e8c2107ac10ed5309c829755f4da44fea
SHA512

82e411f00d34af8411cc2f301dcd2842e2e04244321006bffdb6ce3ac93dbcddc710a3de918e76939cac78e68d15d8f08c51c7bf17731dac3bb6e5c9a6df28cb
SSDEEP

98304:libKtbtzxtD2L0Tc55Fo1cHR6ngm3tj8WGz:l7btzxjTc1o15R2F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
303a012c3341e82ba1ef14026f9e36f0N.exe

Files

303a012c3341e82ba1ef14026f9e36f0N.exe
.dll windows:6 windows x86 arch:x86

b184d5ef3c2cdc093fe0ea94caeac625

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

iertutil.pdb

Imports

msvcrt

_itow
_XcptFilter
_initterm
_amsg_exit
_adjust_fdiv
_unlock
__dllonexit
_lock
_onexit
_vsnwprintf
_wtoi64
iswspace
free
_wcsnicmp
malloc
wcstok
bsearch
wcsncmp
wcsstr
wcstol
_wcsicmp
wcsrchr
wcschr
memmove
memcpy
memset
strncat
_wcslwr
_strlwr
_errno

ntdll

RtlUnwind

kernel32

UnmapViewOfFile
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleExW
MapViewOfFileEx
GetCurrentThreadId
SetLastError
LocalFree
GetTickCount
RaiseException
SystemTimeToFileTime
GetSystemTime
HeapReAlloc
lstrlenW
lstrlenA
InterlockedExchange
GetDriveTypeW
GetVolumePathNameW
GetLastError
CreateFileW
SetFileAttributesW
GetFileAttributesW
GetTempPathW
GetCurrentProcess
GetProcAddress
GetModuleHandleW
LocalAlloc
CloseHandle
GetCurrentProcessId
GetModuleFileNameW
GetCurrentThread
FreeLibrary
LoadLibraryW
InterlockedCompareExchange
GetSystemTimeAsFileTime
CompareFileTime
CompareStringW
GetVersionExW
IsWow64Process
ExpandEnvironmentStringsW
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
QueryPerformanceCounter
QueryPerformanceFrequency
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
WaitForSingleObject
OpenEventW
GetVersionExA
CreateMutexW
DuplicateHandle
OpenMutexW
CreateEventW
lstrcmpA
MultiByteToWideChar
WideCharToMultiByte
InterlockedExchangeAdd
SetEvent
DecodePointer
EncodePointer
InitializeCriticalSection
ReleaseMutex
ResumeThread
CreateThread
TerminateThread
TerminateProcess
InitializeSListHead
InterlockedFlushSList
Sleep
InterlockedPushEntrySList
UnregisterWaitEx
WaitForMultipleObjects
RegisterWaitForSingleObject
OpenThread
CreateProcessW
GetCurrentDirectoryW
IsProcessInJob
AssignProcessToJobObject
SetInformationJobObject
CreateJobObjectW
GetProcessId
IsDebuggerPresent
ProcessIdToSessionId
OutputDebugStringA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DisableThreadLibraryCalls
GetThreadLocale
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LoadLibraryA
OpenProcess

advapi32

InitializeSid
GetSidSubAuthority
GetKernelObjectSecurity
GetSecurityDescriptorSacl
GetAce
CopySid
IsValidSid
GetLengthSid
InitializeAcl
OpenProcessToken
SetTokenInformation
GetAclInformation
AddAccessAllowedAce
AddAce
RegOpenKeyExW
RegQueryValueExW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
AddAccessAllowedAceEx
SetSecurityInfo
EqualSid
TraceEvent
ConvertSidToStringSidW
RegEnumKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegOpenKeyExA
RegQueryValueExA
RegEnumValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegDeleteKeyW
GetSecurityInfo
DeleteAce
RegDeleteValueW
ReportEventW
RegisterEventSourceA
DeregisterEventSource
CreateProcessAsUserW
DuplicateTokenEx
CreateRestrictedToken
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
OpenThreadToken
GetSidLengthRequired
RegCreateKeyExW
RegCloseKey
ConvertStringSidToSidW
GetTokenInformation
GetSidSubAuthorityCount

user32

DefWindowProcW
PostThreadMessageW
GetWindowLongW
IsWindow
SendMessageW
PostMessageW
AllowSetForegroundWindow
RegisterWindowMessageW
RegisterClassExW
CreateWindowExW
SetWindowLongW
LoadAcceleratorsW
TranslateAcceleratorW
PostQuitMessage
MsgWaitForMultipleObjectsEx
PeekMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
UnregisterClassW
GetSystemMetrics
CharLowerW
WaitForInputIdle
GetShellWindow
GetWindowThreadProcessId
GetThreadDesktop
GetUserObjectInformationW

shlwapi

ord219

Exports

Exports

DllCanUnloadNow
DllGetClassObject
IEGetFrameUtilExports
IEGetProcessModule
IEGetTabWindowExports
IERT_DelayLoadFailureHook
ImpersonateUser
ResetIEExtensibility
ResetIERegistrySettings
RevertImpersonate

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b184d5ef3c2cdc093fe0ea94caeac625

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

advapi32

user32

shlwapi

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.data Size: 16KB - Virtual size: 16KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 92KB - Virtual size: 91KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 92KB - Virtual size: 91KB