5732e03e33873a598e879a233e6aa810N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

5732e03e33873a598e879a233e6aa810N.exe
Size

2.1MB
MD5

5732e03e33873a598e879a233e6aa810
SHA1

86a541387a95b2e5d725ac312c9e16c4e64ae6d8
SHA256

de4269ba282a6c69051f353c1683b24b8a07acec6678455c1c68761a4d013cdf
SHA512

c0ac26a3e7c84a2ad41b10e2e886be51b7c27fefe630e766a811cc5b1186bca73631b01ae3f70ba88d0fa3e6a40e10670c7b0528a68bddad3088f1b81b711499
SSDEEP

49152:fDKDg9F7kR9Sy8H363DsmPaDsTJWH3p5oya6HzYIYmNwM:G09FwHSXXJmPaD5Ho4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5732e03e33873a598e879a233e6aa810N.exe

Files

5732e03e33873a598e879a233e6aa810N.exe
.dll windows:5 windows x86 arch:x86

b6b6487c32c4d353a4c0df5484452660

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\slave-jenkins\workspace\Sparrow_1\Client\SDK_C\proj\DataApi\Release\data_api.pdb

Imports

kernel32

GetDriveTypeW
SetEndOfFile
GetProcessHeap
FindNextFileW
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
GetCurrentDirectoryW
GetFullPathNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
GetTimeZoneInformation
HeapSize
FlushFileBuffers
GetConsoleCP
HeapDestroy
DeviceIoControl
IsProcessorFeaturePresent
GetStartupInfoW
SetHandleCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CompareStringW
GetDateFormatA
GetTimeFormatA
LCMapStringW
RtlUnwind
RaiseException
SetConsoleCtrlHandler
ExitProcess
SetFilePointer
GetFileInformationByHandle
ExitThread
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapReAlloc
GetCommandLineA
GetFileAttributesA
MoveFileA
DeleteFileA
GetCPInfo
HeapAlloc
HeapFree
GetStringTypeW
GetProcAddress
GetLastError
lstrlenW
GetLocaleInfoW
DecodePointer
EncodePointer
InterlockedExchange
MultiByteToWideChar
GetSystemDirectoryA
GetModuleFileNameW
GetVersionExW
GetVolumeInformationA
WideCharToMultiByte
GetModuleHandleW
GetCurrentProcess
FindFirstFileW
SetPriorityClass
CreateFileA
CreateThread
GetSystemTime
CloseHandle
ReleaseMutex
Sleep
GetSystemTimeAsFileTime
WaitForSingleObject
GetTickCount
CreateMutexW
HeapCreate
InterlockedDecrement
InterlockedIncrement
ReadConsoleW
ReadConsoleA
SetLastError
FormatMessageA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SleepEx
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
FreeLibrary
ExpandEnvironmentStringsA
VerifyVersionInfoA
VerSetConditionMask
LoadLibraryA
GetModuleHandleA
GetEnvironmentVariableW
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
InterlockedExchangeAdd
GetModuleHandleExW
DeleteFiber
SwitchToFiber
CreateFiber
GetVersion
WriteFile
FindClose
FormatMessageW
SystemTimeToFileTime
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryW
GetConsoleMode
SetConsoleMode
CreateFileW

user32

GetProcessWindowStation
MessageBoxA
GetUserObjectInformationW
MessageBoxW

advapi32

CryptGetProvParam
CryptReleaseContext
CryptAcquireContextW
RegCreateKeyExW
CryptDecrypt
CryptCreateHash
CryptSetHashParam
CryptSignHashW
CryptDestroyHash
CryptExportKey
RegQueryValueExW
CryptGetUserKey
RegCloseKey
RegSetValueExW
DeregisterEventSource
CryptGenRandom
CryptDestroyKey
ReportEventW
CryptEnumProvidersW
RegisterEventSourceW

ole32

CoCreateGuid
CoInitialize
CoUninitialize

ws2_32

accept
recvfrom
sendto
gethostname
freeaddrinfo
getpeername
getsockopt
bind
ntohs
getsockname
setsockopt
WSAIoctl
__WSAFDIsSet
WSASetLastError
WSACleanup
ioctlsocket
connect
inet_ntoa
inet_addr
select
WSAGetLastError
htons
recv
socket
closesocket
gethostbyname
send
WSAStartup
listen
shutdown
getnameinfo
getaddrinfo

wldap32

ord46
ord22
ord211
ord143
ord50
ord26
ord30
ord200
ord32
ord35
ord79
ord33
ord301
ord27
ord41
ord60

normaliz

IdnToAscii

crypt32

CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertDuplicateCertificateContext

iphlpapi

GetAdaptersAddresses

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

call_test
data_base_ext
data_base_ext_w
data_base_info
data_base_info2
data_base_info2_w
data_base_info_w
data_changestate
data_count
data_count_w
data_err_trace
data_err_trace_w
data_event
data_event_w
data_experience
data_experience_w
data_init
data_init_w
data_screen
data_screen_w
data_stop
get_clientsign
get_clientsign_w

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 441KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6b6487c32c4d353a4c0df5484452660

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

ws2_32

wldap32

normaliz

crypt32

iphlpapi

version

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 441KB - Virtual size: 440KB

.data Size: 41KB - Virtual size: 62KB

.rsrc Size: 1024B - Virtual size: 956B

.reloc Size: 85KB - Virtual size: 85KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 441KB - Virtual size: 440KB

.data
Size: 41KB - Virtual size: 62KB

.rsrc
Size: 1024B - Virtual size: 956B

.reloc
Size: 85KB - Virtual size: 85KB