f15a995945bcf9d90aaab2835141e530N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

f15a995945bcf9d90aaab2835141e530N.exe
Size

263KB
MD5

f15a995945bcf9d90aaab2835141e530
SHA1

bcf66f309d3e792361a6ee800c5ad79814b8f34f
SHA256

b6c4602dbccfe299def81657fb5038fd9228f8344f68be5898dfa1b0381b4329
SHA512

91736c183b41fc1cfce9b4395ffb685d9bc4343dbb784f36260be795cab68c37b928845960828af1eaadc3dfb757c9863d3aeb1004d6d6b1289cc0719e8e52e1
SSDEEP

6144:hfBU6tBt0njYu6eCI2tU9Hfq6BuRRVIoDLEe:xbt0F2tU9pgRRVI0Ee

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f15a995945bcf9d90aaab2835141e530N.exe

Files

f15a995945bcf9d90aaab2835141e530N.exe
.dll windows:5 windows x86 arch:x86

a2c4c7634da34fcb99c7bb727ddd7b65

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

x:\svn\ndfwe\bin\OsPassword.pdb

Imports

kernel32

GetCPInfo
GetOEMCP
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLocalTime
GetCommandLineA
HeapAlloc
HeapReAlloc
RtlUnwind
RaiseException
VirtualAlloc
HeapSize
Sleep
ExitProcess
GetACP
IsValidCodePage
HeapDestroy
VirtualFree
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
GetProcessHeap
InterlockedCompareExchange
GetLocaleInfoA
InterlockedExchange
CreateFileA
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalFlags
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryA
lstrcmpW
GetVersionExA
InterlockedIncrement
CompareStringA
GetCurrentProcessId
lstrcmpA
GlobalGetAtomNameA
SetErrorMode
GetModuleFileNameA
GetCurrentThreadId
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
GetModuleHandleA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
SetLastError
ReadProcessMemory
DeleteCriticalSection
FindClose
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetTickCount
CreateDirectoryW
FindFirstFileW
LocalFree
CloseHandle
LockResource
GetProcAddress
GetLastError
lstrlenW
MultiByteToWideChar
GetVersionExW
SizeofResource
LoadLibraryW
WideCharToMultiByte
OpenProcess
GetModuleHandleW
GetCurrentProcess
LoadResource
FreeLibrary
FindResourceW
HeapCreate
lstrlenA

user32

PostQuitMessage
DestroyMenu
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
SetWindowTextA
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
PtInRect
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
UnhookWindowsHookEx
ValidateRect
PeekMessageA
GetKeyState
SendMessageA
DispatchMessageA
CallNextHookEx
SetWindowsHookExA
UnregisterClassA
CheckMenuItem
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowThreadProcessId
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
GetWindowTextA
GetDlgItem

gdi32

DeleteDC
GetStockObject
RectVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
GetDeviceCaps
PtVisible
SetMapMode
RestoreDC
SaveDC
DeleteObject
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
TextOutA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
IsTextUnicode
OpenProcessToken

shlwapi

PathFindExtensionA
PathFindFileNameA

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer
LsaEnumerateLogonSessions

psapi

GetModuleInformation

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

GetUserPassword

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2c4c7634da34fcb99c7bb727ddd7b65

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

secur32

psapi

oleaut32

Exports

Exports

Sections

.text Size: 184KB - Virtual size: 183KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 9KB - Virtual size: 24KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 30KB - Virtual size: 30KB

.text
Size: 184KB - Virtual size: 183KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 9KB - Virtual size: 24KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 30KB - Virtual size: 30KB