077e58c640f6ae0bdfc7c955aff73c60N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

077e58c640f6ae0bdfc7c955aff73c60N.exe
Size

1.1MB
MD5

077e58c640f6ae0bdfc7c955aff73c60
SHA1

90f0fb1467c573181c98192e4e15a4e435a700ea
SHA256

55d15a57d3197e1e485dd15906c65e8dd381959c5a109d475cd5b2e61b250b99
SHA512

498ed8fd40fa40a71c6bde85cf8ca770dcfba7146fd90931bd680536f39c1de814a6646ae446637297f6f51d30e42b6d12508cd585a006b75b010ad75fe6d346
SSDEEP

24576:Y8Yb+MWFRS5V91nlxAQNGCvPAfFB6sqIdJlyV:oWm7ECPAfuaJlyV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
077e58c640f6ae0bdfc7c955aff73c60N.exe

Files

077e58c640f6ae0bdfc7c955aff73c60N.exe
.dll regsvr32 windows:5 windows x86 arch:x86

afed33e733971968da5258bae9cca836

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\work\workspace\CryptoPad\bin\ReleaseMT\TaskPlugin.pdb

Imports

kernel32

GetCurrentProcessId
GetTickCount
VirtualAlloc
VirtualFree
VirtualProtect
IsBadReadPtr
SetLastError
LoadLibraryA
FreeLibrary
DuplicateHandle
EnterCriticalSection
LeaveCriticalSection
SetEvent
CreateEventW
WaitForMultipleObjects
GetTempPathW
LoadLibraryW
TerminateProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetSystemDirectoryW
VerSetConditionMask
SleepEx
VerifyVersionInfoW
InitializeCriticalSection
OpenProcess
ReadFile
GetStdHandle
GetFileType
ExpandEnvironmentStringsA
FormatMessageA
ResetEvent
IsDebuggerPresent
OutputDebugStringW
ReadConsoleInputA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
GetModuleHandleW
GetProcAddress
FlushConsoleInputBuffer
WideCharToMultiByte
MultiByteToWideChar
lstrcatW
GetComputerNameW
WaitForSingleObject
CloseHandle
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
DecodePointer
HeapSize
GetLastError
InterlockedExchange
RaiseException
GetModuleFileNameW
Sleep
InitializeCriticalSectionAndSpinCount
GetProcessHeap
InterlockedCompareExchange
HeapFree
GlobalMemoryStatus
GetModuleHandleA
LocalFree
SetEndOfFile
SetEnvironmentVariableA
GetCurrentDirectoryW
CreateFileW
WriteConsoleW
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
FindClose
SetStdHandle
FlushFileBuffers
ReadConsoleW
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetConsoleMode
GetModuleFileNameA
SetConsoleCtrlHandler
WriteFile
GetOEMCP
HeapAlloc
PeekNamedPipe
HeapReAlloc
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
FileTimeToSystemTime
GetFileInformationByHandle
FileTimeToLocalFileTime
SetFilePointerEx
GetFullPathNameW
IsProcessorFeaturePresent
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetCommandLineA
LoadLibraryExW
ExitThread
GetCurrentThreadId
CreateThread
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetStringTypeW
EncodePointer

user32

wsprintfW
PostMessageW
PeekMessageW
TranslateMessage
DispatchMessageW
CreateWindowExW
SetWindowLongW
GetMessageW
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
DestroyWindow
GetWindowLongW
DefWindowProcW

advapi32

RegisterEventSourceA
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
DeregisterEventSource
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetUserNameW
RegDeleteKeyW
ReportEventA

ole32

CoCreateGuid
CoTaskMemFree
IIDFromString
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance
StringFromIID

oleaut32

VariantClear
SysAllocString
VariantInit
SysFreeString

shlwapi

PathAddBackslashW
StrCmpNIW
PathAppendW

iphlpapi

GetIpForwardTable
GetAdaptersInfo

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

ws2_32

gethostname
getaddrinfo
freeaddrinfo
ioctlsocket
send
select
__WSAFDIsSet
getpeername
WSAIoctl
connect
WSAGetLastError
htons
ntohs
getsockname
listen
accept
recvfrom
WSACleanup
WSAStartup
getsockopt
closesocket
WSASetLastError
socket
bind
recv
setsockopt
sendto

wldap32

ord27
ord167
ord147
ord301
ord46
ord142
ord133
ord208
ord145
ord118
ord127
ord41
ord26
ord79
ord216
ord14

Exports

Exports

CallTaskFun
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 849KB - Virtual size: 849KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

afed33e733971968da5258bae9cca836

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

iphlpapi

psapi

ws2_32

wldap32

Exports

Exports

Sections

.text Size: 849KB - Virtual size: 849KB

.rdata Size: 219KB - Virtual size: 218KB

.data Size: 11KB - Virtual size: 27KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 38KB - Virtual size: 38KB

.text
Size: 849KB - Virtual size: 849KB

.rdata
Size: 219KB - Virtual size: 218KB

.data
Size: 11KB - Virtual size: 27KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 38KB - Virtual size: 38KB