466b39f318e70f8c0bfab510e579a750N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

466b39f318e70f8c0bfab510e579a750N.exe
Size

183KB
MD5

466b39f318e70f8c0bfab510e579a750
SHA1

e6f47ddf4c7fbb0517217f7d6b6901e471edd960
SHA256

29176bafabdc6d36917bf75b38ce14fa248ed6615b354a7a323b7185c74f1b31
SHA512

29acdaadc865f7e518fdda6127d33712858ee782f39e3f6ed301db1260924614e918ba224d02337bb082407f3ef154327aab63bec48138f99bc7334b9e7dd926
SSDEEP

3072:1UupxLXh4+GRbScAuFYbCYCmogtihpsvKNIAXBJJAc2oFrbd:1UupxjhW501ihpsS9JnFF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
466b39f318e70f8c0bfab510e579a750N.exe

Files

466b39f318e70f8c0bfab510e579a750N.exe
.dll windows:6 windows x86 arch:x86

d3375c760c18f3d39d416027b5050641

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dpwsockx.pdb

Imports

msvcrt

_except_handler4_common
_amsg_exit
_initterm
free
malloc
_XcptFilter
_strnicmp
memset
memcpy

kernel32

LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CloseHandle
CreateEventA
InitializeCriticalSection
InterlockedIncrement
GetLastError
InterlockedDecrement
WaitForMultipleObjectsEx
ExitThread
FreeLibrary
GetProcAddress
LoadLibraryA
InterlockedExchange
Sleep
ResetEvent
SetEvent
SetThreadPriority
CreateThread
WaitForSingleObject
GetVersionExA
DisableThreadLibraryCalls
HeapAlloc
GetProcessHeap
ReleaseMutex
UnmapViewOfFile
OpenMutexA
MapViewOfFile
CreateFileMappingA
HeapFree
GetCurrentProcessId
CreateProcessA
GetSystemDirectoryA
OpenEventA
HeapReAlloc
WideCharToMultiByte
MultiByteToWideChar
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter

user32

SetWindowLongA
SendMessageA
SetFocus
EndDialog
GetDlgItem
GetWindowLongA
GetDlgItemTextA
DialogBoxParamA
GetForegroundWindow

ws2_32

ioctlsocket
setsockopt
connect
getsockname
accept
recv
listen
WSAGetLastError
send
gethostbyname
gethostname
recvfrom
getpeername
__WSAFDIsSet
select
sendto
getsockopt
inet_ntoa
WSACleanup
WSAStartup
ntohs
bind
socket
inet_addr
closesocket
htons

winmm

timeGetTime

advapi32

AddAccessAllowedAce
RegQueryValueExA
InitializeSecurityDescriptor
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
RegCloseKey
FreeSid
SetSecurityDescriptorDacl
RegOpenKeyExA
RegEnumKeyExA

ntdll

ord1

dplayx

gdwDPlaySPRefCount

Exports

Exports

DPWS_BuildIPMessageHeader
DPWS_GetEnumPort
SPInit

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3375c760c18f3d39d416027b5050641

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

ws2_32

winmm

advapi32

ntdll

dplayx

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 37KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 142KB - Virtual size: 141KB

.text
Size: 38KB - Virtual size: 37KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 142KB - Virtual size: 141KB