270ff1351eabc9962e7dd00934e6f6e0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

270ff1351eabc9962e7dd00934e6f6e0N.exe
Size

2.8MB
MD5

270ff1351eabc9962e7dd00934e6f6e0
SHA1

f04944885e6ff3320090a005982cf554ad6afda5
SHA256

11e0774cac3b949a18dc46edcb1458f87ed19689e1fb8dde070254ab185c7e98
SHA512

ba04535c22f16ed4e3948947f935859471ed92f6f170a3ec5b6e6f4e6fed8a1e7aa8c8f123203b24bad80ed78c360dd291c1115f8a77a9ebc084ac41809ea495
SSDEEP

49152:yV4owkX+iR49FLsNDchocCfHj7KSiJ9szTpQL:k4rLr6dcCfH49szt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
270ff1351eabc9962e7dd00934e6f6e0N.exe

Files

270ff1351eabc9962e7dd00934e6f6e0N.exe
.dll windows:5 windows x86 arch:x86

abeeb8b6e069ee262e28dd11b5afdfb8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winspool.drv

SetPortW

msvfw32

ICDraw

wintrust

CryptCATEnumerateAttr

netapi32

NetUserGetGroups
NetShareEnumSticky
NetLocalGroupGetMembers
NetSessionEnum
NetLocalGroupGetInfo

version

VerQueryValueW
GetFileVersionInfoSizeA

comctl32

ImageList_Destroy

winmm

waveInGetDevCapsW
waveInClose
timeKillEvent
auxGetNumDevs
waveOutWrite
waveOutOpen
mmioClose
mmioRead

wininet

InternetQueryOptionW
FindFirstUrlCacheGroup
HttpSendRequestW

clusapi

ClusterRegCloseKey
ClusterResourceEnum

rpcrt4

I_RpcServerRegisterForwardFunction
RpcBindingSetAuthInfoExA
NdrUserMarshalBufferSize
RpcMgmtSetCancelTimeout
RpcEpResolveBinding

opengl32

glTranslatef

oleaut32

BSTR_UserMarshal
VarR4FromDate
VarR4FromStr
VarI2FromR4

gdi32

GetTextExtentPointW
StartPage
BeginPath
GetBoundsRect
GetCurrentObject
GetDIBits
GetGlyphOutlineW
GetMapMode
GetROP2
GetBkMode
SetBkMode
InvertRgn
SetTextAlign
GetObjectW

mscms

DisassociateColorProfileFromDeviceW
GetColorProfileHeader

ws2_32

select

rasapi32

RasEnumAutodialAddressesW
RasEnumConnectionsA

ole32

CoFreeLibrary
CoInitializeSecurity
CoUnmarshalInterface
GetHGlobalFromStream
RegisterDragDrop
HICON_UserUnmarshal

lz32

LZOpenFileW
LZCopy
GetExpandedNameW

setupapi

SetupDiEnumDeviceInfo
SetupGetLineByIndexW
SetupDiClassNameFromGuidExW
CM_Free_Resource_Conflict_Handle
CM_Get_Device_ID_List_Size_ExW
CM_Get_Device_Interface_ListW
SetupGetInfInformationW
CM_Connect_MachineW
SetupDiSetSelectedDevice
SetupDiSetSelectedDriverA
CM_Get_Next_Log_Conf
SetupDiEnumDeviceInterfaces

urlmon

CreateURLMoniker

msacm32

acmStreamUnprepareHeader

user32

DestroyCaret
GetOpenClipboardWindow
CloseClipboard
InSendMessage
GetUpdateRgn
GrayStringW
WaitMessage
SetCaretPos
IsClipboardFormatAvailable
CreateWindowExA
IsCharUpperW
DlgDirSelectExA
GetThreadDesktop
OpenInputDesktop
ShowWindow
VkKeyScanExW
DlgDirSelectComboBoxExA
EnumDisplayMonitors
CreateDialogParamW
ScreenToClient
GetDoubleClickTime
DrawFrameControl
GetCursor
ShowScrollBar
ValidateRgn
EnableScrollBar
VkKeyScanA
GetLastInputInfo

esent

JetMakeKey
JetMove

advapi32

GetOldestEventLogRecord
OpenBackupEventLogW
RegSaveKeyA
GetLengthSid
SaferComputeTokenFromLevel
OpenServiceW
SetKernelObjectSecurity
AllocateLocallyUniqueId
RegSetValueA
ClearEventLogA
CryptReleaseContext
RegNotifyChangeKeyValue
ChangeServiceConfigW
GetSidIdentifierAuthority
CryptGenKey
GetUserNameW
SetSecurityDescriptorControl
CryptExportKey
DuplicateTokenEx
GetServiceDisplayNameW

crypt32

CryptSignMessage
CryptRegisterDefaultOIDFunction
CertAddStoreToCollection
CertCreateContext
CryptSignAndEncodeCertificate
CertVerifyValidityNesting
CryptMsgClose
CertDuplicateStore
PFXImportCertStore

mprapi

MprAdminInterfaceSetCredentials
MprAdminInterfaceTransportSetInfo
MprAdminMIBServerDisconnect
MprConfigInterfaceDelete
MprAdminConnectionGetInfo

shell32

SHOpenFolderAndSelectItems
DuplicateIcon
DragFinish

imm32

ImmEscapeW

secur32

FreeContextBuffer
QueryContextAttributesW
QueryCredentialsAttributesW
QuerySecurityPackageInfoW

shlwapi

PathIsUNCServerShareW
StrFormatByteSizeA
wvnsprintfW
StrChrIA
AssocIsDangerous
PathFileExistsA
StrStrW
SHGetValueW
StrCpyNW
StrStrIA

kernel32

LoadLibraryA
GetConsoleCP
CreateFileA
HeapReAlloc
VirtualAlloc
WriteConsoleW
GetUserGeoID
GetLogicalDrives
ClearCommBreak
EnterCriticalSection
VirtualFree
WriteFile
HeapAlloc
RtlUnwind
InitializeCriticalSectionAndSpinCount
ReadFile
GetLocaleInfoA
GetConsoleOutputCP
WriteConsoleA
ExitProcess
Sleep
GetStringTypeW
GetStringTypeA
GetConsoleMode
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
DeleteCriticalSection
GetStdHandle
LeaveCriticalSection
GetLastError
GetCurrentThreadId
SetLastError
TlsGetValue
GetProcAddress
GetModuleHandleW
IsValidCodePage
GetOEMCP
GetACP
FlushFileBuffers
InterlockedDecrement
InterlockedIncrement
GetCPInfo
CreatePipe
GetBinaryTypeA
GetModuleFileNameA
GetModuleFileNameW
CloseHandle
OutputDebugStringA
GetModuleHandleA
FileTimeToDosDateTime
PostQueuedCompletionStatus
WriteFileEx
SetHandleInformation
GlobalHandle
GenerateConsoleCtrlEvent
SetFilePointer
SetStdHandle
HeapFree
OpenMutexW
ExpandEnvironmentStringsW
IsWow64Process
LoadLibraryExW
GetTempFileNameA
GetTimeZoneInformation
IsBadStringPtrA
ReadConsoleA
GetSystemTimeAdjustment
DeleteFiber
WritePrivateProfileStructA
SetProcessShutdownParameters
LCMapStringW
GetDefaultCommConfigA
Process32FirstW
TlsSetValue
HeapCreate
WaitNamedPipeA

winscard

SCardReleaseContext
SCardGetCardTypeProviderNameW
SCardIntroduceCardTypeW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 220KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abeeb8b6e069ee262e28dd11b5afdfb8

Headers

DLL Characteristics

File Characteristics

Imports

winspool.drv

msvfw32

wintrust

netapi32

version

comctl32

winmm

wininet

clusapi

rpcrt4

opengl32

oleaut32

gdi32

mscms

ws2_32

rasapi32

ole32

lz32

setupapi

urlmon

msacm32

user32

esent

advapi32

crypt32

mprapi

shell32

imm32

secur32

shlwapi

kernel32

winscard

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.qdata Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 220KB - Virtual size: 229KB

.rsrc Size: 4KB - Virtual size: 1024B

.reloc Size: 44KB - Virtual size: 43KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.qdata
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 220KB - Virtual size: 229KB

.rsrc
Size: 4KB - Virtual size: 1024B

.reloc
Size: 44KB - Virtual size: 43KB