889459e93f814a4e3b8721e619f75220N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

889459e93f814a4e3b8721e619f75220N.exe
Size

2.0MB
MD5

889459e93f814a4e3b8721e619f75220
SHA1

f00c09f7df901be23f67711723ba3e403444c31e
SHA256

e16cc7e0e3167694726c1afc99e46e473f0e0a341e4bf1a9d84753b44adb31ad
SHA512

126bb4379667c91314d1da085dedee74fdd4a705260fc75e17b5f3e50c1f8ccd4493e018c44c7c283d761743470d567bd8fd54b2332efb0bec50891aa215eaf7
SSDEEP

24576:zRxz2UxfW2QKqtSo6VslORwPXPhoUVXx2/Srbi2fJu0+QqrvEAoAv1Pp1nNIUwwk:F/VQKrtooUVmSrGTQsrBf+6VD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
889459e93f814a4e3b8721e619f75220N.exe

Files

889459e93f814a4e3b8721e619f75220N.exe
.dll windows:5 windows x86 arch:x86

76f3357d9b3bbfe6943328f7e7b56462

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoA

ntdsapi

DsListSitesW

user32

DrawIconEx
SetDlgItemTextA
IsMenu
HideCaret
WindowFromPoint
GetTitleBarInfo
EndDeferWindowPos
SetKeyboardState

winmm

mmioCreateChunk

clusapi

GetClusterFromResource

ole32

OleDestroyMenuDescriptor
CoGetClassObject
PropVariantClear
CoSetProxyBlanket

netapi32

NetSessionDel

shlwapi

StrCpyNW
ColorRGBToHLS

winspool.drv

EnumMonitorsW

setupapi

CM_Get_Sibling_Ex
SetupDiBuildClassInfoListExW
SetupDiGetDriverInfoDetailW
CM_Get_DevNode_Registry_PropertyW

kernel32

GetThreadPriority
WinExec
FindNextChangeNotification
LoadLibraryW
GetModuleFileNameA
ActivateActCtx
OutputDebugStringA
GetFileSize
PostQueuedCompletionStatus
SetStdHandle
WaitForSingleObjectEx
GetUserDefaultLCID
GetNumaHighestNodeNumber
ResumeThread

advapi32

RegEnumKeyA
SaferRecordEventLogEntry

oleaut32

LoadTypeLibEx
SafeArrayCreate

pdh

PdhEnumObjectsW

gdi32

GetDIBColorTable
SetWindowOrgEx

comctl32

CreatePropertySheetPageW

mprapi

MprAdminMIBServerDisconnect
MprInfoCreate

shell32

SHPathPrepareForWriteW

wintrust

WintrustRemoveActionID

rpcrt4

RpcEpRegisterA
RpcBindingSetObject

msvcrt

memset
wcscoll
calloc

Exports

Exports

KefbtiqdLsxnsflwofd

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.crt
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 668KB - Virtual size: 665KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76f3357d9b3bbfe6943328f7e7b56462

Headers

File Characteristics

Imports

version

ntdsapi

user32

winmm

clusapi

ole32

netapi32

shlwapi

winspool.drv

setupapi

kernel32

advapi32

oleaut32

pdh

gdi32

comctl32

mprapi

shell32

wintrust

rpcrt4

msvcrt

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.crt Size: 4KB - Virtual size: 1KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 48KB - Virtual size: 48KB

.CRT Size: 668KB - Virtual size: 665KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 16KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.crt
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 48KB - Virtual size: 48KB

.CRT
Size: 668KB - Virtual size: 665KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 16KB