dcce8cf174d609007a90ee75b3b0da00N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

dcce8cf174d609007a90ee75b3b0da00N.exe
Size

702KB
MD5

dcce8cf174d609007a90ee75b3b0da00
SHA1

442663c00e1cbf4fee07ff70bc073330553cb74e
SHA256

13d1a9e65daf31f141552ae376348f4ce7e66142af0f380fddc333e4ef0f8f06
SHA512

408485d3fe39511d83431e977a15c1e36f19d0c1eade92abe8f15d64cba2a4d4a545cef5e517f8bb9af9f8837459513701b1f3064c1d52bd6c2209193c832cd2
SSDEEP

12288:Tk5Hghz0DCMSCXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDR:QeJcCKsqjnhMgeiCl7G0nehbGZpbD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dcce8cf174d609007a90ee75b3b0da00N.exe

Files

dcce8cf174d609007a90ee75b3b0da00N.exe
.exe windows:6 windows x86 arch:x86

174400a01b268a209fae2074e85ffe34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

WCChromeNativeMessagingHost.pdb

Imports

kernel32

ReadFile
WriteFile
CloseHandle
GetLastError
SetNamedPipeHandleState
OpenMutexW
Sleep
GetTickCount
lstrlenW
OutputDebugStringA
DecodePointer
RaiseException
SetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
FindResourceExW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadResource
LockResource
GetVolumeInformationW
LoadLibraryW
FindResourceW
MultiByteToWideChar
GetCurrentProcessId
FreeLibrary
LoadLibraryA
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FindClose
FindFirstFileW
GetTempFileNameW
GetTempPathW
CreateProcessW
VerSetConditionMask
HeapSetInformation
GetCurrentProcess
ExitProcess
CreateThread
TerminateThread
SetDllDirectoryW
VerifyVersionInfoW
OutputDebugStringW
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
CreateFileW
EnterCriticalSection
LeaveCriticalSection
SizeofResource

user32

DdeCreateStringHandleW
DdeClientTransaction
DdeDisconnect
DdeConnect
DdeUninitialize
DdeGetLastError
DdeFreeStringHandle
KillTimer
SetTimer
DispatchMessageW
TranslateMessage
GetMessageW
MessageBoxW
DestroyWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
PostMessageW
RegisterWindowMessageW
DdeInitializeW

advapi32

RegQueryValueExW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteExW
ShellExecuteW

ole32

CoInitializeEx
CoUninitialize

msvcp120

??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Fiopen@std@@YAPAU_iobuf@@PBGHH@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE_JPBG_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?wcout@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z

msvcr120

__wgetmainargs
__set_app_type
exit
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__winitenv
_commode
_except1
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
_wcslwr
_fmode
??_V@YAXPAX@Z
memset
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy_s
free
wmemcpy_s
_CxxThrowException
__CxxFrameHandler3
_purecall
memchr
memmove
memcpy
wcsnlen
wcsncat_s
wcsncpy_s
wcsncpy
_wcsicmp
fclose
getchar
_wfopen_s
_waccess
_waccess_s
fflush
fgetc
fgetpos
fputc
fsetpos
_fseeki64
fwrite
setvbuf
sprintf_s
ungetc
_lock_file
_unlock_file
_itoa_s
_itow_s
memmove_s
wcscat_s
wcscpy_s
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
__iob_func
_fileno
_get_heap_handle
_setmode
isdigit
isxdigit
isspace
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_except_handler4_common
??1type_info@@UAE@XZ
_XcptFilter
_amsg_exit

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

174400a01b268a209fae2074e85ffe34

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

msvcp120

msvcr120

Sections

.text Size: 73KB - Virtual size: 72KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 35KB - Virtual size: 34KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 73KB - Virtual size: 72KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 35KB - Virtual size: 34KB

.reloc
Size: 572KB - Virtual size: 576KB