542710368fac23c78b5193964bd12150N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

542710368fac23c78b5193964bd12150N.exe
Size

2.1MB
MD5

542710368fac23c78b5193964bd12150
SHA1

5d2d8bdf241f6dc8ced5c27ea6732ca4e1b2ca7f
SHA256

a411cae69f19da6d9a6f0adbeb860349ea8a6102edda39b6659eb7aca7f71fc0
SHA512

8eed001ec1086f154f2ececbb507527cc87d3f7cb0e180ba2f987ca427176b4ebe38ef558f89e8056cde4cef14fd06a3e97a94917f1d1051caaf77a2217d9850
SSDEEP

49152:vy+csXF34veqH/u7ERPPvvNFL8uhLn4HlqOWz0bPQvpXJIKn:Gsom+/uwRPPNd+qOWzkQvpXPn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
542710368fac23c78b5193964bd12150N.exe

Files

542710368fac23c78b5193964bd12150N.exe
.dll windows:5 windows x86 arch:x86

2464f39afd9d91a7e44ca9cdaa7f5df4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imm32

ImmGetGuideLineW

ws2_32

gethostbyname

netapi32

NetApiBufferFree
NetLocalGroupAddMember
NetLocalGroupGetMembers
NetUserGetGroups
NetLocalGroupGetInfo

lz32

LZSeek
GetExpandedNameW
LZOpenFileW

ole32

CreateILockBytesOnHGlobal
OleCreateFromData
CoRegisterInitializeSpy
CLSIDFromProgID
OleGetIconOfClass
CoDisconnectObject

gdi32

BeginPath
GetPath
GetMiterLimit
GetCurrentObject
SetTextAlign
GetEnhMetaFileDescriptionA
ExtSelectClipRgn
DeleteEnhMetaFile
GetKerningPairsA
InvertRgn
RemoveFontResourceExW
GetOutlineTextMetricsA
GetDeviceGammaRamp

winmm

midiInPrepareHeader
mixerGetLineControlsW
waveOutWrite
waveInStart
mixerSetControlDetails
midiOutPrepareHeader
timeSetEvent
mixerGetLineControlsA
mmioGetInfo

rasapi32

RasGetCustomAuthDataW
RasSetCredentialsW

wininet

ReadUrlCacheEntryStream
CreateUrlCacheEntryW
CreateUrlCacheEntryA

urlmon

CoGetClassObjectFromURL

version

GetFileVersionInfoSizeA

msacm32

acmStreamUnprepareHeader

oleaut32

CreateTypeLi
SafeArrayPutElement
VarBstrFromDate
VarCyFromDate

comctl32

ImageList_AddMasked

msvfw32

ICOpen

secur32

FreeCredentialsHandle
TranslateNameW
GetComputerObjectNameW
FreeContextBuffer

opengl32

glPushAttrib

shell32

SHGetFolderPathW
SHGetFolderPathA
ShellAboutA

winscard

g_rgSCardRawPci
SCardConnectA
SCardForgetCardTypeW

user32

FillRect
ShowWindow
GetActiveWindow
DlgDirSelectExA
GetCursor
GetClassInfoExA
ExcludeUpdateRgn
KillTimer
DeleteMenu
GetClassWord
InternalGetWindowText
SetUserObjectSecurity
MonitorFromWindow
SetClassWord
EnumDisplayDevicesW
CreateAcceleratorTableW
GetUpdateRgn
PrivateExtractIconsW
OpenInputDesktop
GetClassNameA
GetDoubleClickTime
VkKeyScanA
DragObject
EnableScrollBar
GrayStringW
WindowFromDC
GetProcessWindowStation
DrawMenuBar

winspool.drv

SetPortW

rpcrt4

RpcBindingServerFromClient
RpcMgmtInqServerPrincNameW
I_RpcSendReceive
RpcMgmtSetCancelTimeout
RpcServerRegisterIf2

setupapi

SetupDiLoadClassIcon
CMP_WaitNoPendingInstallEvents
SetupGetFieldCount
SetupDiDestroyClassImageList
SetupDiSetSelectedDevice
CM_Set_HW_Prof_Flags_ExW
SetupLogErrorA
SetupSetPlatformPathOverrideW
SetupDiInstallDriverFiles
CM_Get_DevNode_Custom_PropertyW
SetupSetFileQueueAlternatePlatformW
CM_Get_Device_ID_ListW
SetupDiEnumDeviceInfo

mscms

GetStandardColorSpaceProfileW
CloseColorProfile

clusapi

ClusterRegOpenKey
ClusterRegCreateKey

wintrust

WintrustRemoveActionID

esent

JetGetBookmark
JetMove

crypt32

PFXImportCertStore
CertFreeCTLContext
CryptRegisterDefaultOIDFunction
CryptMemFree
CryptSignAndEncodeCertificate
PFXVerifyPassword
CryptSignMessage
CryptMsgClose

advapi32

RegEnumKeyW
RegSaveKeyA
CryptReleaseContext
BuildSecurityDescriptorW
RegReplaceKeyW
RegisterEventSourceW
IsTokenRestricted
StartServiceA
ImpersonateNamedPipeClient
StartServiceCtrlDispatcherA
AbortSystemShutdownW
OpenThreadToken
MakeAbsoluteSD
GetCurrentHwProfileW
GetAuditedPermissionsFromAclW
GetWindowsAccountDomainSid
RegSaveKeyExW
GetTrusteeNameW
LogonUserA
RegSetKeySecurity

shlwapi

PathCanonicalizeW
StrRetToBufA
StrStrIA
StrCmpNIA
StrCpyNW
StrChrIW
PathCreateFromUrlW
SHRegGetValueW
StrToInt64ExW
StrStrNIW
PathUnquoteSpacesW
SHRegDeleteUSValueW

kernel32

GetStringTypeA
SetLastError
TlsGetValue
GetProcAddress
GetModuleHandleW
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetSystemTimeAsFileTime
CreatePipe
GetBinaryTypeA
GetModuleFileNameA
GetModuleFileNameW
CloseHandle
OutputDebugStringA
GetModuleHandleA
IsDBCSLeadByte
SetFileApisToOEM
SetWaitableTimer
WritePrivateProfileSectionW
EnterCriticalSection
SetStdHandle
FindActCtxSectionStringW
SetEndOfFile
GetConsoleWindow
FindFirstChangeNotificationW
CreateTimerQueue
GetPrivateProfileSectionA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryA
HeapReAlloc
VirtualAlloc
VirtualFree
WriteFile
HeapAlloc
RtlUnwind
InitializeCriticalSectionAndSpinCount
ReadFile
GetCommTimeouts
LoadLibraryExW
SetThreadIdealProcessor
ContinueDebugEvent
SetSystemTime
GetNamedPipeInfo
WaitNamedPipeA
DosDateTimeToFileTime
GetLocaleInfoA
ExitProcess
Sleep
HeapFree
GetModuleHandleExW
SetConsoleScreenBufferSize
VirtualUnlock
GetStringTypeW
GetCurrentThreadId
LCMapStringW
WideCharToMultiByte
LCMapStringA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LeaveCriticalSection
DeleteCriticalSection
GetStdHandle
MultiByteToWideChar
GetVolumeInformationA
OpenMutexW
CommConfigDialogA
CompareFileTime
ReadConsoleA
TlsSetValue
Process32FirstW
FindNextVolumeW
GetLastError

mprapi

MprAdminConnectionEnum
MprAdminMIBServerDisconnect
MprConfigBufferFree
MprConfigServerConnect
MprInfoDuplicate

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qdata
Size: 852KB - Virtual size: 850KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2464f39afd9d91a7e44ca9cdaa7f5df4

Headers

DLL Characteristics

File Characteristics

Imports

imm32

ws2_32

netapi32

lz32

ole32

gdi32

winmm

rasapi32

wininet

urlmon

version

msacm32

oleaut32

comctl32

msvfw32

secur32

opengl32

shell32

winscard

user32

winspool.drv

rpcrt4

setupapi

mscms

clusapi

wintrust

esent

crypt32

advapi32

shlwapi

kernel32

mprapi

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.qdata Size: 852KB - Virtual size: 850KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 92KB - Virtual size: 99KB

.rsrc Size: 4KB - Virtual size: 1024B

.reloc Size: 24KB - Virtual size: 22KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.qdata
Size: 852KB - Virtual size: 850KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 92KB - Virtual size: 99KB

.rsrc
Size: 4KB - Virtual size: 1024B

.reloc
Size: 24KB - Virtual size: 22KB