3240077b506992ccc0fdb305ad5f08a0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

3240077b506992ccc0fdb305ad5f08a0N.exe
Size

2.1MB
MD5

3240077b506992ccc0fdb305ad5f08a0
SHA1

1a9e320ec9a4fdb223db49f4e7576e1b79b2d94b
SHA256

de43d07cc85e5c2c94f10480b09c547eb6c3e8d321e122e58c77cc2ee13d4041
SHA512

4ca64d7fa544b76227cb304834b1f446d709afb11b5a6bff0efd7126b7c4ce28bef1eab69cb36e5467f9e1083742d102a3f37bb1abf5a82e043d8ef4e84e0a02
SSDEEP

49152:rQ0ATCzlENWiNAM7vaK6yfjxEJE3jM2ce:rVqNfvGhE3Xc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3240077b506992ccc0fdb305ad5f08a0N.exe

Files

3240077b506992ccc0fdb305ad5f08a0N.exe
.exe windows:6 windows x64 arch:x64

405059d36ef1c5268d386954fd072a5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\xml-data\build-dir\CODRU-CL23M-SOURCES\bin\x64\Release\inproductbilling.pdb

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeW

kernel32

GetFileAttributesW
FindNextFileW
FindClose
DeleteFileW
GetModuleHandleExW
FormatMessageA
WideCharToMultiByte
LoadLibraryExW
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
DeleteCriticalSection
MultiByteToWideChar
InitializeCriticalSection
CreateSemaphoreW
GetCommandLineW
GetCurrentProcessId
CreateFileW
GetSystemDirectoryW
SetEnvironmentVariableW
LocalFree
LocalAlloc
WriteFile
UnlockFile
LockFile
SetDllDirectoryW
InitializeCriticalSectionEx
RaiseException
DecodePointer
OpenProcess
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
SetLastError
CreateDirectoryW
GetFileSizeEx
GetFinalPathNameByHandleW
SetEndOfFile
SetFileAttributesW
SetFileInformationByHandle
SetFilePointer
DebugBreak
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
DeviceIoControl
GetProcessTimes
GetCurrentThread
GetLocalTime
GetTickCount64
GetWindowsDirectoryW
GetModuleFileNameA
LoadLibraryExA
LoadLibraryA
FormatMessageW
SetSearchPathMode
FileTimeToSystemTime
GetFileInformationByHandleEx
K32GetMappedFileNameW
GetSystemInfo
VirtualProtect
VirtualQuery
WriteConsoleW
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
GetModuleFileNameW
VirtualFree
GetLongPathNameW
QueryDosDeviceW
SetConsoleCtrlHandler
ExitProcess
GetFileType
GetStdHandle
GetTimeZoneInformation
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
GetCPInfo
CompareStringEx
GetLocaleInfoEx
LCMapStringEx
EncodePointer
GetSystemTimeAsFileTime
ExitThread
GetExitCodeThread
WaitForSingleObjectEx
AreFileApisANSI
SetFilePointerEx
GetFileInformationByHandle
GetFileAttributesExW
GetOEMCP
GetTimeFormatW
GetDateFormatW
GetLastError
ExpandEnvironmentStringsW
GetCurrentThreadId
GetEnvironmentVariableW
GetCurrentProcess
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
WaitForSingleObject
CreateThread
Sleep
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
VirtualAlloc
RtlUnwind
GetACP
IsValidCodePage
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
SetStdHandle
FreeLibraryAndExitThread
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
GetStringTypeW
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
FindFirstFileExW

user32

GetDC
GetPropW
SetActiveWindow
EnumChildWindows
GetShellWindow
GetWindowLongPtrW
RegisterClassExW
GetActiveWindow
OpenClipboard
IsDialogMessageW
DefDlgProcW
CloseClipboard
EmptyClipboard
MoveWindow
TranslateMessage
ChangeWindowMessageFilterEx
SetParent
SetClipboardData
GetDesktopWindow
ReleaseDC
EnableWindow
BroadcastSystemMessageW
RegisterWindowMessageW
EnumWindows
SendMessageTimeoutW
IsWindow
SetWindowLongPtrW
SetWindowTextW
SendMessageW
PostMessageW
MonitorFromPoint
MonitorFromRect
GetCursorPos
GetAncestor
GetWindowLongW
OffsetRect
CopyRect
UpdateWindow
DestroyWindow
CreateWindowExW
GetClientRect
SetWindowPos
GetMonitorInfoW
GetWindowRect
GetWindowThreadProcessId
SetForegroundWindow
ShowWindow
DispatchMessageW
GetMessageW
CreateDialogIndirectParamW

gdi32

GetDeviceCaps

advapi32

GetNamedSecurityInfoW
LookupAccountSidW
GetAclInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
GetSecurityDescriptorDacl
GetFileSecurityW
GetAce
ConvertSidToStringSidW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegGetValueW
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

ole32

CoUninitialize
OleUninitialize
OleInitialize
CoInitializeEx

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 301KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 580KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

405059d36ef1c5268d386954fd072a5b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

advapi32

ole32

ntdll

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 301KB - Virtual size: 301KB

.data Size: 27KB - Virtual size: 38KB

.pdata Size: 54KB - Virtual size: 53KB

.didat Size: 1024B - Virtual size: 600B

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 580KB - Virtual size: 584KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 301KB - Virtual size: 301KB

.data
Size: 27KB - Virtual size: 38KB

.pdata
Size: 54KB - Virtual size: 53KB

.didat
Size: 1024B - Virtual size: 600B

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 580KB - Virtual size: 584KB