50230c08f5837700d65585911702f040N[.]exe

General

Target

50230c08f5837700d65585911702f040N.exe
Size

280KB
MD5

50230c08f5837700d65585911702f040
SHA1

0139423e1248281b0aaa5d5f659b3ba1edb498e5
SHA256

deadeb1af0bb9d6b8703d7f65f5196de450d51c875925700c85601dba0aa9f68
SHA512

43faa22a913f4474d7136a81e781da9a69fede09431be55f5b6bdffa2aebd60d9c68ce5ad19669e7b84dc43154dcdeb481e45a5482692a076180c7f9fb93456b
SSDEEP

6144:nqnE8zroFHae7Gyi62/TfXoipbu/djkFCaQkJt0zj3icEPunu+j7VloK0zu5:qnE8zroFN7hPADX/cFjeCaQstELicEPM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
50230c08f5837700d65585911702f040N.exe

Files

50230c08f5837700d65585911702f040N.exe
.exe windows:4 windows x86 arch:x86

3771ebde487f41eacf80f414224f74f9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
CreateRemoteThread
WaitForDebugEvent
SetStdHandle
RtlUnwind
LeaveCriticalSection
GetEnvironmentVariableW
GetCurrentProcess
GetVersion
VirtualAlloc
TlsSetValue
WriteFile
HeapReAlloc
GetModuleFileNameW
GetEnvironmentVariableA
GetLastError
FreeEnvironmentStringsA
InterlockedExchange
GetModuleFileNameA
GetCommandLineA
IsBadWritePtr
ExitProcess
GetEnvironmentStrings
InitializeCriticalSection
SetLastError
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
HeapCreate
EnterCriticalSection
TlsGetValue
QueryPerformanceCounter
FindFirstFileA
UnhandledExceptionFilter
GetFileAttributesA
VirtualQuery
GetCurrentThreadId
DeleteCriticalSection
HeapAlloc
GetStartupInfoW
HeapFree
GetTempPathA
TerminateProcess
GetCurrentProcessId
FoldStringA
MultiByteToWideChar
HeapDestroy
LockFileEx
TlsFree
CreateSemaphoreW
GetEnvironmentStringsW
SetHandleCount
FreeEnvironmentStringsW
VirtualFree
GetStartupInfoA
SetLocaleInfoA
GetMailslotInfo
GetModuleHandleA
SetTimeZoneInformation
GetCurrentThread
FindNextChangeNotification
GetPrivateProfileIntA
GetStdHandle
GetCurrencyFormatA
CreateSemaphoreA
GetPrivateProfileStringA
TlsAlloc
GetProcAddress
GetFileType

advapi32

CryptDestroyHash
RegCreateKeyA
RegCreateKeyExW
InitiateSystemShutdownW
RegSaveKeyW
CryptEnumProviderTypesW
CryptVerifySignatureA
RegEnumKeyExA
LookupPrivilegeValueW
ReportEventA
RegSetValueExA
CryptGetProvParam
CryptDuplicateHash
StartServiceA
LookupAccountSidA

gdi32

FlattenPath

Sections

.text
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3771ebde487f41eacf80f414224f74f9

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

Sections

.text Size: 138KB - Virtual size: 138KB

.data Size: 133KB - Virtual size: 133KB

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 138KB - Virtual size: 138KB

.data
Size: 133KB - Virtual size: 133KB

.rsrc
Size: 7KB - Virtual size: 6KB