608a39b42fe33ca0424f054847dfbdb0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

608a39b42fe33ca0424f054847dfbdb0N.exe
Size

2.0MB
MD5

608a39b42fe33ca0424f054847dfbdb0
SHA1

05e8115fa97e4945fc59831b28dd8ab73312e418
SHA256

093f0253bb4a7c7e59147cd65b8cb7efb572d5816d72704b3e12a5c569864a53
SHA512

c2eee64a6c1e103ecafdbe32f3d8ab6cfc3ecbc4d4090a323a065d01a5f114d40d24fa8aadbdd1ab0495ed7c3a5cbc6922aafc4e260e7f913b0a77717fce77b9
SSDEEP

49152:WXcxgcyID89FAd30Hd3EZh+nADZoPP00J:WagaKy30tHANoPc0J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
608a39b42fe33ca0424f054847dfbdb0N.exe

Files

608a39b42fe33ca0424f054847dfbdb0N.exe
.dll windows:5 windows x86 arch:x86

a4c363f519677c962ad0c87337222a32

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscms

IsColorProfileValid

ws2_32

WSACleanup

msacm32

acmFormatTagEnumW

wininet

SetUrlCacheEntryInfoW
HttpSendRequestExW
InternetErrorDlg

advapi32

DuplicateEncryptionInfoFile
CreateServiceW
StartServiceCtrlDispatcherA
CryptReleaseContext
GetOldestEventLogRecord
CryptHashData
GetExplicitEntriesFromAclW
RegQueryValueExA
StartServiceW
StartServiceA
CryptEncrypt
CryptEnumProvidersW
AddAuditAccessObjectAce
SetNamedSecurityInfoW
ReportEventA
CreateServiceA
GetFileSecurityW
AllocateAndInitializeSid
EqualDomainSid
LogonUserA
RegOpenCurrentUser

winscard

SCardDisconnect
g_rgSCardRawPci
SCardReleaseContext

opengl32

glTranslated

urlmon

CopyBindInfo

winspool.drv

GetPrinterDriverDirectoryW

shell32

ShellExecuteExW
DragAcceptFiles
SHLoadNonloadedIconOverlayIdentifiers

oleaut32

VarBoolFromDate
VarBoolFromStr
VarR8FromUI4
VarR8FromUI1

msvfw32

ICImageDecompress

rasapi32

RasGetAutodialAddressA
RasSetCredentialsW

comctl32

ImageList_ReplaceIcon

user32

wvsprintfW
SetSysColors
MapWindowPoints
VkKeyScanExA
CreateCursor
IsWindow
MapVirtualKeyW
InvalidateRgn
FindWindowW
GetLastInputInfo
GetWindowDC
GetDlgItemTextW
DlgDirListA
IsWindowVisible
OemToCharBuffA
DrawStateA
CreateWindowExW
CreateAcceleratorTableW
GetForegroundWindow
SetMenuItemInfoW
LoadCursorA
UnhookWinEvent
CopyRect
GetProcessWindowStation
GetCursorInfo
CopyAcceleratorTableA
CreateIconFromResourceEx
ShowWindow

netapi32

NetUserGetGroups
NetLocalGroupGetMembers
NetGetAnyDCName
NetLocalGroupAddMember
NetGroupDel

setupapi

SetupDiGetClassImageList
CM_Setup_DevNode
SetupGetIntField
SetupSetFileQueueAlternatePlatformW
CM_Get_DevNode_Custom_PropertyW
SetupDiGetWizardPage
CM_Get_DevNode_Registry_PropertyA
SetupGetFileCompressionInfoW
SetupGetFileQueueCount
CM_Get_Sibling
SetupFindNextLine
SetupGetFieldCount
SetupDiDestroyClassImageList

winmm

midiOutShortMsg
mmioSeek
waveInStart
waveInGetNumDevs
mciGetErrorStringW
midiOutLongMsg
waveOutGetDevCapsW
mmioRead

gdi32

GetCharABCWidthsFloatA
BeginPath
RestoreDC
CreateDIBitmap
SetBrushOrgEx
DeleteColorSpace
DeleteDC
AddFontResourceExW
SetICMProfileA
SetROP2
Ellipse
CombineRgn
StartDocW
SetDCBrushColor

mprapi

MprConfigInterfaceGetInfo
MprAdminInterfaceSetInfo
MprAdminInterfaceTransportAdd
MprConfigTransportGetHandle
MprAdminMIBServerConnect

rpcrt4

NdrConvert2
NdrAsyncServerCall
RpcBindingSetAuthInfoW
RpcBindingFromStringBindingW
NdrUserMarshalMarshall

crypt32

CertAlgIdToOID
CertCompareIntegerBlob
CertVerifyTimeValidity
CryptMsgClose
CryptHashPublicKeyInfo
CryptSIPRemoveSignedDataMsg
CertSetCTLContextProperty
CertCreateSelfSignCertificate
CertGetCRLFromStore
CertOIDToAlgId

esent

JetSeek
JetSetIndexRange

imm32

ImmIsIME

shlwapi

PathIsUNCA
StrRChrIA
UrlGetPartA
StrCSpnW
SHSkipJunction
StrToIntW
UrlGetLocationW
StrSpnW
PathRenameExtensionW
PathFindOnPathW

ole32

StgOpenStorage
OleCreateFromData
HDC_UserFree
HDC_UserUnmarshal
WriteClassStm
OleCreate

clusapi

ClusterResourceEnum
OpenCluster

kernel32

GetBinaryTypeA
GetModuleFileNameA
GetModuleFileNameW
CreatePipe
IsDBCSLeadByteEx
OutputDebugStringA
GetLargestConsoleWindowSize
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetLocaleInfoW
HeapSize
FlushFileBuffers
GetConsoleCP
SetStdHandle
SetFilePointer
GetTimeZoneInformation
GetCommandLineA
LoadLibraryA
InterlockedExchange
FreeLibrary
WriteConsoleW
RtlUnwind
InitializeCriticalSectionAndSpinCount
ReadFile
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeA
LCMapStringW
CreateFileMappingA
TryEnterCriticalSection
SetConsoleScreenBufferSize
GetCommTimeouts
WaitForMultipleObjectsEx
GetTapeParameters
HeapAlloc
MulDiv
GetConsoleFontSize
Process32FirstW
GetModuleHandleA
GetEnvironmentStringsW
SetMailslotInfo
FindResourceExA
GetProcessAffinityMask
GetSystemWow64DirectoryA
BeginUpdateResourceA
SetComputerNameExW
BuildCommDCBW
LCMapStringA
WideCharToMultiByte
WriteFile
ExitProcess
Sleep
HeapDestroy
HeapCreate
HeapReAlloc
VirtualAlloc
VirtualFree
GetLastError
MoveFileA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetSystemTimeAsFileTime
CloseHandle
WriteConsoleA
GetConsoleOutputCP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
OpenMutexA
GetConsoleMode
GetDriveTypeW
CreateEventA
WriteConsoleInputW
CreateDirectoryA
GetFileTime
GetProcessId
Process32Next
IsBadStringPtrW
VerLanguageNameA
CreateFileA
SetEnvironmentVariableA
MultiByteToWideChar
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
TlsAlloc
TlsSetValue
TlsFree
GetStringTypeW
SetLastError
SetConsoleCtrlHandler
UnhandledExceptionFilter
HeapFree
FatalAppExitA
CompareStringW
CompareStringA
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentProcess

lz32

LZOpenFileW
LZClose

secur32

AcquireCredentialsHandleA
EnumerateSecurityPackagesW
GetUserNameExA
DeleteSecurityContext

Exports

Exports

EhckewmiraarldeQnd

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qdata
Size: 796KB - Virtual size: 792KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4c363f519677c962ad0c87337222a32

Headers

DLL Characteristics

File Characteristics

Imports

mscms

ws2_32

msacm32

wininet

advapi32

winscard

opengl32

urlmon

winspool.drv

shell32

oleaut32

msvfw32

rasapi32

comctl32

user32

netapi32

setupapi

winmm

gdi32

mprapi

rpcrt4

crypt32

esent

imm32

shlwapi

ole32

clusapi

kernel32

lz32

secur32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.qdata Size: 796KB - Virtual size: 792KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 44KB - Virtual size: 52KB

.rsrc Size: 4KB - Virtual size: 1024B

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.qdata
Size: 796KB - Virtual size: 792KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 44KB - Virtual size: 52KB

.rsrc
Size: 4KB - Virtual size: 1024B

.reloc
Size: 16KB - Virtual size: 15KB