491035051107eb8bbec5dc37ec401990N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

491035051107eb8bbec5dc37ec401990N.exe
Size

250KB
MD5

491035051107eb8bbec5dc37ec401990
SHA1

c473c9d53e9f81f0bfa02a77f097f65546db9caf
SHA256

bbfd14645f9e486d4e4dfbde44d4744e602eb476eefe16fa80786de513845558
SHA512

9df3dde6c60e413c7f69dd759b3fa5c6dd3ce3dbca57de2ed71b06c3e70fb45539b05ba07db2552ff2f59145a9f0d8b75eaa38dfe3c1d2a597194f765dfccfb2
SSDEEP

6144:iXdANDyzcwzPCMbvA8wme14706FLmPgB7KO:+aNQz3EDme1s9JAO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
491035051107eb8bbec5dc37ec401990N.exe

Files

491035051107eb8bbec5dc37ec401990N.exe
.exe windows:4 windows x86 arch:x86

ba31dac4af0a6d032722e5e55f38a975

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

FtpRemoveDirectoryW
DeleteIE3Cache
SetUrlCacheEntryGroup
CreateUrlCacheEntryW

advapi32

LogonUserW
RegDeleteKeyA
RegSetValueExW
InitiateSystemShutdownW
CryptDestroyKey
RegOpenKeyExA
CryptDeriveKey
CryptSetProviderW
RegConnectRegistryW
RegNotifyChangeKeyValue
RegQueryValueW
CryptEncrypt
LookupPrivilegeDisplayNameW

user32

AnyPopup
SetUserObjectSecurity
SetMenuItemInfoW
IntersectRect
RegisterClassExA
GetNextDlgGroupItem
RegisterDeviceNotificationA
ScrollDC
LoadAcceleratorsA
IsClipboardFormatAvailable
DdeAbandonTransaction
KillTimer
DdeUninitialize

gdi32

CreateEnhMetaFileA
Polygon
AddFontResourceW
CreateDIBSection
CreateCompatibleBitmap
GetPixel
EndPath
CreateFontIndirectW
DeleteMetaFile
CloseFigure
EnumICMProfilesW
DeleteObject
PlayMetaFileRecord
GetViewportOrgEx
Pie
GetBkMode
SetAbortProc

kernel32

GetCurrentThread
GetProcessHeap
GetStringTypeA
HeapReAlloc
TlsFree
SetEnvironmentVariableA
TlsSetValue
EnterCriticalSection
GetEnvironmentStringsW
HeapDestroy
EnumSystemLocalesA
TlsGetValue
GetPrivateProfileStringA
GetModuleFileNameA
HeapFree
FreeEnvironmentStringsA
HeapAlloc
InterlockedIncrement
TerminateProcess
RtlUnwind
UnhandledExceptionFilter
GetTimeZoneInformation
GetProcAddress
GetDateFormatA
WriteConsoleOutputW
GetStdHandle
HeapCreate
GetEnvironmentStrings
GetTickCount
GetOEMCP
GetStartupInfoA
SetLastError
GetUserDefaultLCID
InitializeCriticalSection
GetSystemTimeAsFileTime
IsValidCodePage
GetStringTypeW
CompareStringA
GetVersionExA
LCMapStringA
GetLocaleInfoA
DeleteCriticalSection
GetCPInfo
QueryPerformanceCounter
ExitProcess
VirtualFree
LeaveCriticalSection
TlsAlloc
GetFileType
WideCharToMultiByte
SetConsoleCtrlHandler
MultiByteToWideChar
IsDebuggerPresent
IsValidLocale
GetCurrentProcessId
GetACP
SetHandleCount
GetModuleHandleA
GetLastError
GetCurrentProcess
GetLocaleInfoW
InterlockedDecrement
InterlockedExchange
HeapSize
GetCommandLineA
LoadLibraryA
VirtualQuery
FreeEnvironmentStringsW
CompareStringW
Sleep
GlobalLock
CreateFileW
GetCurrentThreadId
GetShortPathNameW
SetUnhandledExceptionFilter
FreeLibrary
GetTimeFormatA
VirtualAlloc
WriteFile
LCMapStringW
GetDiskFreeSpaceW

shell32

InternalExtractIconListA

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba31dac4af0a6d032722e5e55f38a975

Headers

File Characteristics

Imports

wininet

advapi32

user32

gdi32

kernel32

shell32

Sections

.text Size: 119KB - Virtual size: 118KB

.rdata Size: 9KB - Virtual size: 34KB

.data Size: 111KB - Virtual size: 110KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 119KB - Virtual size: 118KB

.rdata
Size: 9KB - Virtual size: 34KB

.data
Size: 111KB - Virtual size: 110KB

.rsrc
Size: 10KB - Virtual size: 10KB