663e1557c29fa8da1c9d20caf15180b0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

663e1557c29fa8da1c9d20caf15180b0N.exe
Size

699KB
MD5

663e1557c29fa8da1c9d20caf15180b0
SHA1

fdb61a6e712da0e0072662e997d6a07e5f172468
SHA256

edc4f946187e71b7fd00eba6adb641a7675bcc66c92d4f44b14c63f94fc8dca5
SHA512

fa918682861d9de6d78e2ba3ad51b1ca007c043582a031702c938dbf04409a57712a08f50bbfb0c049057532ec139d338352b704969e3c73e660c65ae953b63f
SSDEEP

12288:VlURPvPuZIXwbYmT1j9PiwkbGMeVO9+5D0OEKDbtyiAl:V6P2XBiwkSrOkv1bty

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
663e1557c29fa8da1c9d20caf15180b0N.exe

Files

663e1557c29fa8da1c9d20caf15180b0N.exe
.dll regsvr32 windows:4 windows x86 arch:x86

420bdf38654226fa8bbc541780ada222

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

t:\oavrt\x86\ship\0\msorun.pdb

Imports

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__clean_type_info_names_internal
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
free
_encoded_null
_malloc_crt
_encode_pointer
fopen_s
fwprintf_s
fclose
vsprintf_s
wcscpy_s
vswprintf_s
wcsrchr
_wcslwr_s
swscanf_s
_CIsin
_CIcos
??3@YAXPAX@Z
_CItan
_CIasin
_CIacos
_CIatan
_CIexp
_CIlog
_CIsinh
_CIcosh
_CItanh
ceil
rand
_CIsqrt
iswdigit
_wcsnicmp
floor
_CIfmod
memset
_CIlog10
_CIpow
wcsncmp
wcstod
wcsstr
wcschr
memmove
iswspace
memcpy
??2@YAPAXI@Z
_wcsicmp

advapi32

RegEnumKeyExW
RegCloseKey
RegQueryValueExA
RegQueryValueExW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExA
RegSetValueExA

gdi32

SetViewportOrgEx
SetStretchBltMode
GetRgnBox
GetClipRgn
CreateRectRgn
GetViewportOrgEx
GetDeviceCaps
DeleteObject

kernel32

QueryPerformanceCounter
VirtualProtect
DisableThreadLibraryCalls
GetSystemDirectoryA
GetSystemDirectoryW
FreeLibrary
CreateSemaphoreA
ReleaseSemaphore
WaitForSingleObject
IsBadReadPtr
GetTickCount
IsBadWritePtr
CreateThread
WaitForMultipleObjectsEx
WaitForSingleObjectEx
CloseHandle
CreateEventA
GetCurrentThreadId
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameA
LoadLibraryA
SetEvent
FreeLibraryAndExitThread
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetLastError
LoadLibraryW
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetCurrentProcessId
GetSystemTimeAsFileTime
GetProcessHeap
CreateProcessA
GetTempFileNameA
GetTempPathA
HeapFree
HeapAlloc
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
IsBadCodePtr
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LeaveCriticalSection

ole32

CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoInitializeEx
CLSIDFromProgID
CoCreateInstance
CoGetInterfaceAndReleaseStream

oleaut32

SysAllocStringLen
VariantChangeTypeEx
SetErrorInfo
LoadRegTypeLi
SysFreeString
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
VARIANT_UserFree
VARIANT_UserUnmarshal
VARIANT_UserMarshal
VARIANT_UserSize
VariantClear
VariantCopy
SysStringLen
SysAllocString
VariantInit

rpcrt4

NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
NdrStubCall2
NdrStubForwardingFunction
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree

user32

GetWindowLongA
PeekMessageA
TranslateMessage
GetDC
ReleaseDC
SetRectEmpty
EqualRect
DestroyWindow
RegisterClassA
CreateWindowExA
SetWindowLongA
SetTimer
KillTimer
DefWindowProcA
DispatchMessageA
PostMessageA
RegisterClassExA
MsgWaitForMultipleObjects

wininet

InternetCanonicalizeUrlW
InternetCombineUrlW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 305KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

420bdf38654226fa8bbc541780ada222

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr80

advapi32

gdi32

kernel32

ole32

oleaut32

rpcrt4

user32

wininet

Exports

Exports

Sections

.text Size: 321KB - Virtual size: 321KB

.data Size: 18KB - Virtual size: 19KB

.rsrc Size: 52KB - Virtual size: 52KB

.reloc Size: 305KB - Virtual size: 308KB

.text
Size: 321KB - Virtual size: 321KB

.data
Size: 18KB - Virtual size: 19KB

.rsrc
Size: 52KB - Virtual size: 52KB

.reloc
Size: 305KB - Virtual size: 308KB