4f472019789ca1da14f4f25cf7ce8e60N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

4f472019789ca1da14f4f25cf7ce8e60N.exe
Size

1.3MB
MD5

4f472019789ca1da14f4f25cf7ce8e60
SHA1

1a27d29dc23f7ed16c521e329b60dc09008583f3
SHA256

0b6f27ac0a29511cd3662e74a55a460af5b6b39da19f4c55a935b61b7cfce0c9
SHA512

490b86d337c0558b3c58c82e9d24aedd1553499f1820bbed22e415b303e835621df50cd585a6ace5b2899599a693d763ffd265c43412becd4a93b0c0d0adef70
SSDEEP

24576:bQH9WeX+V/lvp8oAoT7sit5/qJEzKlYAFBDNA8Ov+V:bAXsdLAKsizyVJNAJ+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f472019789ca1da14f4f25cf7ce8e60N.exe

Files

4f472019789ca1da14f4f25cf7ce8e60N.exe
.dll regsvr32 windows:5 windows x86 arch:x86

99767ade574c5fb3e90536ca377f5a1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\MTDeveloper2\PackageSrc\MTDeveloper2\PLATFORM\MNavi\38STEP\DataAbsorber\MZDataABS_DeviceMemoryR\Release\MZDataABS_DeviceMemoryR.pdb

Imports

mfc100u

ord1301
ord323
ord1934
ord1873
ord1945
ord2088
ord2090
ord1953
ord408
ord2045
ord1984
ord2080
ord2053
ord2055
ord2091
ord908
ord2068
ord2064
ord13218
ord1474
ord7524
ord11838
ord4512
ord11516
ord12154
ord1440
ord4150
ord1889
ord4086
ord7176
ord1292
ord7624
ord7548
ord11784
ord13854
ord4744
ord2164
ord11476
ord11477
ord13381
ord7108
ord13387
ord8530
ord3684
ord3625
ord11864
ord7126
ord1739
ord14162
ord10976
ord13267
ord11469
ord7179
ord13570
ord13567
ord13572
ord13569
ord13571
ord13568
ord3416
ord5261
ord11228
ord11236
ord7391
ord9498
ord11240
ord11209
ord11845
ord4642
ord4923
ord5115
ord8483
ord4901
ord5118
ord4645
ord4794
ord4623
ord6931
ord6932
ord6922
ord4792
ord7393
ord9328
ord8346
ord6140
ord890
ord6869
ord322
ord13605
ord265
ord266
ord3413
ord13206
ord2683
ord286
ord1312
ord869
ord1270
ord296
ord280
ord1476
ord1479
ord4290
ord1310
ord2614
ord13127
ord5264
ord285
ord5229
ord2629
ord902
ord12153
ord2062
ord12801
ord1450
ord14203
ord1298
ord1300

msvcr100

swprintf_s
_wcsnicmp
memmove_s
swscanf_s
?terminate@@YAXXZ
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
wcsncpy_s
memcmp
_resetstkoflw
malloc
calloc
_recalloc
free
memset
??0bad_cast@std@@QAE@ABV01@@Z
??8type_info@@QBE_NABV0@@Z
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
_purecall
memcpy
wcslen
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
__CxxFrameHandler3
fopen
fread
_fileno
ferror
fwrite
_setmode
ftell
fseek
fclose
sscanf
strncmp
tolower
isupper
_exit
raise
fprintf
__iob_func
ldiv
strncpy
realloc
memchr
strtoul
_gmtime64
sprintf
strstr
fputs
signal
_getch
_localtime64_s
wcsstr
fgets
_errno
isspace
isdigit
qsort
getenv
strcmp
_time64
isxdigit
_vsnprintf
vfprintf
memmove
_wfopen
fflush
feof
atoi
strchr

kernel32

GetFileAttributesExW
GetSystemInfo
VirtualLock
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
GetDiskFreeSpaceW
LockFileEx
HeapSize
GetTempPathW
FlushFileBuffers
VirtualUnlock
CreateFileW
ReadFile
GetFileAttributesW
HeapValidate
HeapCreate
GetFileAttributesA
OutputDebugStringA
FormatMessageW
WideCharToMultiByte
InitializeCriticalSection
WriteFile
FormatMessageA
GetTempPathA
UnlockFileEx
OutputDebugStringW
LockFile
UnlockFile
WaitForSingleObject
HeapFree
SystemTimeToFileTime
HeapAlloc
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
SetFilePointer
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
FlushConsoleInputBuffer
CloseHandle
GetVersionExA
LoadLibraryA
GlobalMemoryStatus
GetVersion
GetModuleHandleA
GetFileType
GetStdHandle
MultiByteToWideChar
GetSystemTime
AreFileApisANSI
DeleteFileA
GetProcAddress
FreeLibrary
LoadLibraryW
GetProcessHeap
DeleteFileW
HeapDestroy
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
LocalAlloc
LocalFree
lstrcmpiW
lstrcpyW
GetThreadLocale
CreateDirectoryW
SetThreadLocale
GetModuleHandleW
LeaveCriticalSection
EnterCriticalSection
RaiseException
InterlockedDecrement
InterlockedIncrement
lstrlenW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
Sleep

user32

CharNextW
GetUserObjectInformationW
GetDesktopWindow
MessageBoxA
GetProcessWindowStation

atl100

ord61
ord32
ord30
ord64
ord68
ord56
ord49
ord15
ord67
ord23

ole32

CoCreateInstance

oleaut32

RegisterTypeLi
UnRegisterTypeLi
SysStringLen
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysAllocString

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xfunc@tr1@std@@YAXXZ

advapi32

DeregisterEventSource
ReportEventA
RegisterEventSourceA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 975KB - Virtual size: 975KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

99767ade574c5fb3e90536ca377f5a1a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc100u

msvcr100

kernel32

user32

atl100

ole32

oleaut32

msvcp100

advapi32

Exports

Exports

Sections

.text Size: 975KB - Virtual size: 975KB

.rdata Size: 232KB - Virtual size: 231KB

.data Size: 15KB - Virtual size: 24KB

.rsrc Size: 14KB - Virtual size: 14KB

.reloc Size: 50KB - Virtual size: 49KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 975KB - Virtual size: 975KB

.rdata
Size: 232KB - Virtual size: 231KB

.data
Size: 15KB - Virtual size: 24KB

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 50KB - Virtual size: 49KB

.rmnet
Size: 56KB - Virtual size: 60KB