fcd9c8dc24f8b30631d45c2dea8270d0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

fcd9c8dc24f8b30631d45c2dea8270d0N.exe
Size

517KB
MD5

fcd9c8dc24f8b30631d45c2dea8270d0
SHA1

df5c72988c867f2cc6f6a9b526d25ad2d4351364
SHA256

9041d5a23b92d71286be4cff233bbc940595b1041fff509c1e90c3bdd79f9082
SHA512

75f29110436fa4e4ad6ebd5eeaba2c2aa1b2d5d5c2110a18aaccbb86bd3145f226da3a72aaae306ab9d7af88e9f3dc2da68d0a20d4c49b8d5e87524fa11b943d
SSDEEP

6144:ukcX5C/wrPggK2YwIXWjSpC+UpXypZIIBJwxZHpnHfFsvPpnB:ukcXk4rP14aSp3UpCcEJeZpq5B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fcd9c8dc24f8b30631d45c2dea8270d0N.exe

Files

fcd9c8dc24f8b30631d45c2dea8270d0N.exe
.exe windows:5 windows x86 arch:x86

c32c6a19eaed55cc98e692b37d0065e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\derek\dr\build_package\build_release-32\bin32\drconfig.pdb

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
InitiateSystemShutdownW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
RegDeleteKeyW
RegCloseKey
RegCreateKeyExW
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
LookupAccountNameW
AddAccessAllowedAce
InitializeAcl
GetLengthSid
RegSetKeySecurity
IsValidSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
RegOpenKeyExW
RegEnumKeyExW
RegEnumValueW
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegOpenKeyW
CloseEventLog
ReadEventLogW
GetOldestEventLogRecord
GetNumberOfEventLogRecords
NotifyChangeEventLog
OpenEventLogW
ClearEventLogW
GetSecurityInfo

drconfiglib

dr_nudge_all
dr_nudge_pid
dr_nudge_process
dr_syswide_is_on
dr_registered_process_iterator_start
dr_registered_process_iterator_hasnext
dr_registered_process_iterator_stop
dr_register_syswide
dr_unregister_syswide
dr_registered_process_iterator_next
dr_client_iterator_start
dr_client_iterator_hasnext
dr_client_iterator_next
dr_client_iterator_stop
dr_num_registered_clients
dr_register_client
dr_process_is_registered
dr_register_process
dr_get_config_dir
dr_unregister_process

kernel32

GetDriveTypeW
SetCurrentDirectoryW
GetCurrentDirectoryW
CompareStringW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapReAlloc
HeapSize
SetEndOfFile
SetStdHandle
LCMapStringW
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetCurrentProcess
GetLastError
GetCurrentThread
FindClose
FindFirstFileW
MoveFileExW
MoveFileW
DeleteFileW
LocalFree
GetProcAddress
GetModuleHandleW
GetShortPathNameW
GetSystemDirectoryW
CloseHandle
CreateDirectoryW
RemoveDirectoryW
FindNextFileW
LocalAlloc
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
CopyFileW
ExpandEnvironmentStringsW
FormatMessageW
LoadLibraryExW
CreateEventW
CreateThread
ReadProcessMemory
OpenProcess
TerminateProcess
SleepEx
ResumeThread
GetThreadContext
VirtualFreeEx
WriteProcessMemory
VirtualProtectEx
VirtualAllocEx
CreateRemoteThread
CreateFileW
GetCurrentProcessId
HeapFree
HeapAlloc
GetProcessHeap
WideCharToMultiByte
MultiByteToWideChar
GetEnvironmentVariableW
GetFullPathNameW
LoadLibraryW
FreeLibrary
SetFilePointer
ReadFile
GetFileAttributesW
SetEnvironmentVariableW
ExitProcess
DecodePointer
EnterCriticalSection
LeaveCriticalSection
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
GetCommandLineW
HeapSetInformation
GetStringTypeW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FatalAppExitA
EncodePointer
SetConsoleCtrlHandler
InterlockedExchange
GetLocaleInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetStartupInfoW
Sleep
RtlUnwind
IsProcessorFeaturePresent
GetCPInfo
GetACP
GetOEMCP
GetFullPathNameA

Sections

.text
Size: 400KB - Virtual size: 399KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c32c6a19eaed55cc98e692b37d0065e9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

drconfiglib

kernel32

Sections

.text Size: 400KB - Virtual size: 399KB

.rdata Size: 89KB - Virtual size: 89KB

.data Size: 5KB - Virtual size: 15KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 400KB - Virtual size: 399KB

.rdata
Size: 89KB - Virtual size: 89KB

.data
Size: 5KB - Virtual size: 15KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 14KB