0b73363f70be4baa26d0c5fc79dc96f0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

0b73363f70be4baa26d0c5fc79dc96f0N.exe
Size

89KB
MD5

0b73363f70be4baa26d0c5fc79dc96f0
SHA1

0f0c5468ebef8c7e0cc5eb7888c92a09e934540c
SHA256

4b3e545f645150376296091f642c8592b832102d6a64893d4b3e29e7d691d0e7
SHA512

ef115668381bf86fccda48d0f59bede00d0384a9a713e529b155fbba7924f11e1c430a4392c80e8db6e089c4e961f4f68688d5c0fb695378d73b4a9579a88b86
SSDEEP

1536:orBEF28K/al4rsc2bVg3q5wH/8OcB8y+PxCYK3XqVrJKiwcB0+ZX1/:AJ8fl4rsHg6eHEO9ymK3aVrJbbB0+ZF/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b73363f70be4baa26d0c5fc79dc96f0N.exe

Files

0b73363f70be4baa26d0c5fc79dc96f0N.exe
.dll windows:6 windows x86 arch:x86

0448a5b611a93c3a406445e487f564c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\hgwork\spike10\Win32\Release\import\alphamed.pdb

Imports

mfc140u

ord8965
ord12172
ord6978
ord11002
ord9256
ord3266
ord13878
ord12262
ord12258
ord1722
ord1744
ord1770
ord1756
ord1777
ord4936
ord5003
ord4948
ord4966
ord4960
ord4954
ord5013
ord4997
ord4942
ord5019
ord4974
ord4912
ord4927
ord4988
ord4502
ord9693
ord4494
ord3055
ord14590
ord7923
ord14596
ord6877
ord11717
ord13703
ord5935
ord2682
ord12124
ord3941
ord3372
ord3371
ord3265
ord12168
ord5249
ord5549
ord5760
ord9350
ord5525
ord5790
ord14588
ord5411
ord5228
ord7722
ord7723
ord7712
ord5409
ord8219
ord10255
ord9210
ord6531
ord11015
ord5427
ord5422
ord4477
ord2766
ord1687
ord1525
ord13473
ord10472
ord7493
ord458
ord8361
ord12922
ord8759
ord8758
ord14413
ord14419
ord14407
ord4743
ord4666
ord12765
ord2997
ord1533
ord1530
ord310
ord8183
ord5118
ord5922
ord11936
ord305
ord3838
ord3010
ord12089
ord9139
ord11726
ord11725
ord5652
ord10288
ord265
ord1111
ord4092
ord2385
ord2389
ord10284
ord10286
ord10287
ord10285
ord266
ord1653
ord14785
ord2760
ord1511
ord14410
ord14416
ord5074
ord12131
ord9040
ord11396
ord3404
ord3403
ord3164
ord6218
ord13752
ord300
ord316
ord12560
ord3305
ord5885
ord3302
ord5111
ord5252
ord8210
ord1654
ord4323
ord12559
ord5109
ord12921
ord8757
ord2996
ord286
ord2374
ord485
ord2268
ord8360
ord8719
ord12884
ord1692
ord1689
ord8182
ord1046
ord6967
ord5921
ord285
ord3009
ord280
ord5884
ord1523
ord2304
ord2477
ord4815
ord1045
ord296
ord1513

kernel32

GetLastError
WideCharToMultiByte
CreateFileW
CloseHandle
GetFileSizeEx
OutputDebugStringW
SetFilePointerEx
ReadFile
GetFinalPathNameByHandleW
GetFileTime
FileTimeToSystemTime
InitializeCriticalSectionEx
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
GetProcAddress
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
MultiByteToWideChar

user32

EnableWindow
SendMessageW

msvcp140

?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?uncaught_exceptions@std@@YAHXZ

vcruntime140

__std_terminate
__std_exception_copy
__std_exception_destroy
_purecall
memset
_except_handler4_common
__std_type_info_destroy_list
memmove
_CxxThrowException
memcpy
memchr
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_seh_filter_dll
_configure_narrow_argv
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-string-l1-1-0

strncpy_s
strcpy_s
_stricmp

api-ms-win-crt-filesystem-l1-1-0

_wstat64i32

api-ms-win-crt-time-l1-1-0

_mktime64
_wctime64_s
_wstrdate_s
_ctime64_s

api-ms-win-crt-convert-l1-1-0

atof
atoi
atol
_wtoi

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-math-l1-1-0

floor
_CIfmod

Exports

Exports

FCCloseSource
FCGetChanData
FCGetChanInfo
FCGetFileInfo
FCGetFileTypes
FCGetTypeStrings
FCGetVersion
FCOpenSource
FCStringPars

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0448a5b611a93c3a406445e487f564c6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc140u

kernel32

user32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 5KB - Virtual size: 4KB