84efaff343cf7a34d2a0d847a1e5fd50N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

84efaff343cf7a34d2a0d847a1e5fd50N.exe
Size

41KB
MD5

84efaff343cf7a34d2a0d847a1e5fd50
SHA1

0c0a49303f035ab2c69576ca7db8a8a8b999a2f3
SHA256

0abaa0645902eddd5a0ce22f7448c7646409aa8024c8017fa8d973e3015004c5
SHA512

89b569afc5dc9687eb83c4446fff9b63cffb29cb307febf6bbb715442b6ddc97a79ee14873c828a074dd2336d558edd38c078b7dcb85366a5936e34977083446
SSDEEP

768:bqxpNsob9GUBaxydUM4fOezXeaO41X2Lu1effeK93ASkEJE:bSsob9GWMM4fOezOaO4In93A3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84efaff343cf7a34d2a0d847a1e5fd50N.exe

Files

84efaff343cf7a34d2a0d847a1e5fd50N.exe
.dll windows:4 windows x86 arch:x86

f3ddeda84d4f93cdbde743f0f5c0cab2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
GetTempPathA
DeleteFileA
GetPrivateProfileStringA
GetPrivateProfileIntA
Sleep
WinExec
CreateProcessA
lstrcatA
GetProcAddress
GetComputerNameA
CloseHandle
GetFileSize
CreateFileA
TerminateProcess
WaitForSingleObject
OutputDebugStringA
GetLastError
FindNextFileA
FindFirstFileA
CreateToolhelp32Snapshot
Process32First
LoadLibraryA
Process32Next

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyA

shell32

SHGetSpecialFolderPathA

mfc42

ord825

msvcrt

fopen
fgetc
sprintf
memcpy
memset
strcat
strncpy
strlen
atoi
srand
time
fprintf
strcmp
fputs
strstr
strcpy
__CxxFrameHandler
free
malloc
rewind
ftell
fseek
memmove
strchr
fgets
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
fwrite
fputc
fclose
_stricmp
fread
_itoa

msvcirt

?endl@@YAAAVostream@@AAV1@@Z
?cout@@3Vostream_withassign@@A
??6ostream@@QAEAAV0@PBD@Z
??6ostream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
??6ostream@@QAEAAV0@D@Z

ws2_32

inet_ntoa
WSAStartup
gethostbyname

wininet

InternetCrackUrlA
InternetReadFile
HttpQueryInfoA
InternetSetOptionA
InternetQueryOptionA
HttpSendRequestA
HttpSendRequestExA
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
InternetOpenA
HttpEndRequestA
InternetWriteFile

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3ddeda84d4f93cdbde743f0f5c0cab2

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

mfc42

msvcrt

msvcirt

ws2_32

wininet

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 10KB - Virtual size: 92KB

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 10KB - Virtual size: 92KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 2KB - Virtual size: 2KB