485a9723a30dad2a47d73292536119f0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

485a9723a30dad2a47d73292536119f0N.exe
Size

588KB
MD5

485a9723a30dad2a47d73292536119f0
SHA1

4904757676f0962e1c92bf9d71f4ce636b9cb6e6
SHA256

30bcae852131a1d6291c20fa53df595d3f8e008922c2cc194cbc8a8b94516802
SHA512

089a36f31c2705eb2f4493e86c79f7612ab4b5f6508fbd51a04e92481a57879c79ad164e90e96cdb8849f6f5f6acfd5d41c694cec2e4e68d4818bbbec0df988f
SSDEEP

12288:SXZTQe+Vr2aPHzIrphxj2pYJ2BjvrEH7d:ATQRl2sHzIFXj22JgrEH7d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
485a9723a30dad2a47d73292536119f0N.exe

Files

485a9723a30dad2a47d73292536119f0N.exe
.dll regsvr32 windows:4 windows x86 arch:x86

524ffd91354bad1ff45dcb94bc57bcc8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

t:\ses\x86\ship\0\OPUC.pdb

Imports

kernel32

ResetEvent
CloseHandle
LocalFree
LocalAlloc
LoadLibraryA
GetProcAddress
Sleep
SetEvent
OpenMutexA
FindClose
FindNextFileA
FindFirstFileA
CreateEventA
MoveFileA
GetWindowsDirectoryA
CreateThread
DeleteFileA
GetVersionExA
CreateMutexA
WaitForSingleObject
GetModuleHandleA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
IsDBCSLeadByte
GetModuleFileNameA
DisableThreadLibraryCalls
lstrcmpiA
FlushFileBuffers
lstrlenA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
GetTickCount
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetOEMCP
GetCPInfo
HeapSize
QueryPerformanceCounter
VirtualFree
HeapCreate
WriteFile
SetFilePointer
CreateFileA
FormatMessageA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetLocalTime
GetFileAttributesA
GetExitCodeProcess
CreateProcessA
GetCurrentProcess
CreateDirectoryA
GetTempPathA
RemoveDirectoryA
GetFileTime
GetFileSize
ReadFile
CopyFileA
WaitForMultipleObjects
SetFileTime
CompareFileTime
SystemTimeToFileTime
GetCurrentProcessId
GetCurrentThreadId
GetSystemTime
SetLastError
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetFileAttributesA
GetSystemDirectoryA
GlobalFree
GlobalAlloc
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetSystemTimeAsFileTime
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
MultiByteToWideChar

oleaut32

SysFreeString
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
VariantClear
SafeArrayUnaccessData
GetErrorInfo
VariantCopy
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
SafeArrayAccessData
SafeArrayCreate
VariantInit

advapi32

RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ole32

CLSIDFromString
OleRun
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CLSIDFromProgID

user32

GetActiveWindow
MessageBoxA
PeekMessageA
UnregisterClassA
ExitWindowsEx
CharNextA
DestroyWindow
GetParent
GetWindowLongA
DispatchMessageA
MsgWaitForMultipleObjects
EnumWindows
TranslateMessage

shlwapi

UrlGetPartW
UrlGetPartA

shell32

SHFileOperationA

wininet

HttpOpenRequestA
HttpSendRequestA
HttpAddRequestHeadersA
InternetCrackUrlA
InternetOpenA
InternetConnectA
InternetReadFile
InternetCloseHandle
HttpQueryInfoA

cabinet

ord23
ord21
ord20
ord22

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 446KB - Virtual size: 446KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 823KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

524ffd91354bad1ff45dcb94bc57bcc8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

oleaut32

advapi32

version

ole32

user32

shlwapi

shell32

wininet

cabinet

Exports

Exports

Sections

.text Size: 446KB - Virtual size: 446KB

.data Size: 19KB - Virtual size: 823KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 38KB - Virtual size: 37KB

.text
Size: 446KB - Virtual size: 446KB

.data
Size: 19KB - Virtual size: 823KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 38KB - Virtual size: 37KB