5c1d45435c1b0ef7f1a4386a5da7ec30N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

5c1d45435c1b0ef7f1a4386a5da7ec30N.exe
Size

976KB
MD5

5c1d45435c1b0ef7f1a4386a5da7ec30
SHA1

fbb237a9fa035e508852fbfcac0aeb37b4f6e5e0
SHA256

b8717c7b95776ac7269c4acdad10fbc936da1e238d025fa7c256df594a44c3de
SHA512

0f6f3465e13ac3e94f6744cc7b43a9682c2b08a326d86f90bf8f3ab12fc247c9e480fa004710daa3afa3a4338577b953fe3724b651bca8b088ae6ce375275e43
SSDEEP

24576:+d5CC/UieOpMqtuQ93bBH/vZrEH7u+OsZVOX:+zT3bB/H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c1d45435c1b0ef7f1a4386a5da7ec30N.exe

Files

5c1d45435c1b0ef7f1a4386a5da7ec30N.exe
.dll windows:4 windows x86 arch:x86

0215ce06942f2a23c304c25d18dedee7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\MRP\MRP\ScanPartition\release\ScanPartition.pdb

Imports

ntdll

strstr
ZwOpenDirectoryObject
ZwQueryDirectoryObject
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
_wcslwr
_wtoi
NtUnloadDriver
NtLoadDriver
ZwQueryVolumeInformationFile
_wcsnicmp
_wcsicmp
RtlInitUnicodeString
ZwCreateFile
ZwClose
wcsncmp
wcstombs
_allshl
wcsstr
mbstowcs
wcsncpy
_allrem
_alldiv
memcpy
_aullrem
_chkstk
_aulldiv
_allmul
memset
strrchr
atoi
strncat
sprintf
strchr
strncmp
isspace
vsprintf
strncpy

kernel32

InterlockedExchange
Sleep
InterlockedCompareExchange
GetCurrentProcess
UnhandledExceptionFilter
TerminateThread
GetExitCodeProcess
CreatePipe
SetHandleInformation
CreateProcessW
OpenFileMappingW
OpenEventW
MapViewOfFile
SetEvent
UnmapViewOfFile
DeviceIoControl
SetFilePointer
CreateFileA
CloseHandle
GetLastError
WriteFile
ReadFile
FlushFileBuffers
GetDiskFreeSpaceExA
LocalFree
GetFileSize
FormatMessageA
CreateFileW
GetVersionExW
GetTickCount
WideCharToMultiByte
GetLocalTime
MultiByteToWideChar
VirtualFree
VirtualAlloc
GlobalMemoryStatusEx
SystemTimeToFileTime
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetVolumeMountPointW
DeleteVolumeMountPointW
TerminateProcess
GetVolumeNameForVolumeMountPointW
GetSystemWindowsDirectoryW
GetFileAttributesW
GetModuleFileNameA
CreateDirectoryA
OutputDebugStringA
WaitForSingleObject

msvcr80

_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
memmove_s
__dllonexit
_lock
_onexit
_crt_debugger_hook
__clean_type_info_names_internal
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
_CxxThrowException
_beginthreadex
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
memcpy_s
??3@YAXPAX@Z
__CxxFrameHandler3
??_U@YAPAXI@Z
??_V@YAXPAX@Z
??2@YAPAXI@Z
_errno
printf
_invalid_parameter_noinfo
free
malloc
exit
_strdup
_vswprintf
wcscpy_s
wcsncpy_s
_swprintf
_unlock

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

advapi32

RegOpenKeyExW
RegQueryValueExW
RegOpenKeyW
AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegUnLoadKeyW
RegLoadKeyW

Exports

Exports

DeleteDiskList
DeletePartList
ExitSearch
GetDiskCurPartList
InitDiskList
PartStructure
SearchCancel
SearchLosePartition
TestStructure
WriteMBR
vsnprintf

Sections

.text
Size: 394KB - Virtual size: 393KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 481KB - Virtual size: 481KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0215ce06942f2a23c304c25d18dedee7

Headers

File Characteristics

PDB Paths

Imports

ntdll

kernel32

msvcr80

msvcp80

advapi32

Exports

Exports

Sections

.text Size: 394KB - Virtual size: 393KB

.rdata Size: 481KB - Virtual size: 481KB

.data Size: 4KB - Virtual size: 46KB

.rsrc Size: 512B - Virtual size: 428B

.reloc Size: 19KB - Virtual size: 19KB

.text
Size: 394KB - Virtual size: 393KB

.rdata
Size: 481KB - Virtual size: 481KB

.data
Size: 4KB - Virtual size: 46KB

.rsrc
Size: 512B - Virtual size: 428B

.reloc
Size: 19KB - Virtual size: 19KB