9891312c4b41fc564932fd1249e36b50N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

9891312c4b41fc564932fd1249e36b50N.exe
Size

442KB
MD5

9891312c4b41fc564932fd1249e36b50
SHA1

d14dd890347d39eb18816c3374a74bbf88a12fed
SHA256

27e95644f5857a838b9b25a3661af1496e4e85b80bfc741bc25e61f06bbd2295
SHA512

3846a809ebfaedbf58ac79b91f542baa85c2621bf5c52cdee86337c32e5037c87094175d14707be9fd66eab69ff704ec970bca24e1d7c9cedb14ee4c015d313d
SSDEEP

12288:9+dUs1V3NJY+DzgxyH3q6dT3YGeWJ9W7reF:9INNrzg+VT3mWJ9WA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9891312c4b41fc564932fd1249e36b50N.exe

Files

9891312c4b41fc564932fd1249e36b50N.exe
.exe windows:4 windows x86 arch:x86

737d47a3015f4fbb5b2ee03a76a17832

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

StartServiceA
LookupPrivilegeNameA
CryptEnumProviderTypesA
RegLoadKeyA
RegCreateKeyExW
CryptDestroyKey
InitiateSystemShutdownW
LookupPrivilegeValueA
CryptHashSessionKey
RegSetValueW
CryptSetProvParam
CryptAcquireContextA
CryptSignHashA
LookupAccountNameA

comdlg32

ChooseFontW
ReplaceTextA
GetOpenFileNameW
FindTextW
GetFileTitleW
GetOpenFileNameA
ChooseColorA

user32

DdeUninitialize
IsCharAlphaW
InsertMenuItemW
SetWindowsHookA
GetClassLongW
EnableWindow
GetWindowTextA
DrawFrameControl
SystemParametersInfoW
GetClipboardSequenceNumber
CallMsgFilterW
EnumDisplaySettingsExW
GetDC
DdeKeepStringHandle
GetUpdateRect
SetActiveWindow
SetFocus
SetThreadDesktop
IsCharAlphaNumericA
SetWindowLongW
DdeGetLastError

shell32

InternalExtractIconListA
ExtractAssociatedIconA
SHGetDataFromIDListA
SHFileOperationA
DragFinish
SHQueryRecycleBinA
SHGetFileInfoW
SheGetDirA
SHInvokePrinterCommandW
RealShellExecuteW
RealShellExecuteExW
SHEmptyRecycleBinA
CheckEscapesW
SHFreeNameMappings
ExtractIconW
InternalExtractIconListW
DoEnvironmentSubstA
SHGetFileInfoA
SHGetDataFromIDListW
DoEnvironmentSubstW
FreeIconList

kernel32

GetModuleHandleA
TlsSetValue
SetHandleCount
EnterCriticalSection
GetLastError
RtlUnwind
GetStartupInfoA
HeapCreate
GetModuleFileNameA
GetCurrentThreadId
GetProcAddress
HeapReAlloc
GetModuleFileNameW
VirtualAlloc
GlobalGetAtomNameW
TlsGetValue
SetConsoleTitleW
TlsAlloc
GetCurrentProcess
InterlockedExchange
VirtualQuery
WritePrivateProfileStringW
FreeEnvironmentStringsW
InitializeCriticalSection
GetCurrentThread
HeapFree
GetEnvironmentStrings
GetFileType
TlsFree
IsBadWritePtr
GetStartupInfoW
ExitProcess
HeapAlloc
GetCommandLineW
HeapDestroy
GetCommandLineA
GetCurrentProcessId
MultiByteToWideChar
DeleteCriticalSection
QueryPerformanceCounter
GetTickCount
UnhandledExceptionFilter
VirtualFree
LeaveCriticalSection
LoadLibraryA
FreeEnvironmentStringsA
GetStdHandle
GetSystemTimeAsFileTime
TerminateProcess
GetVersion
SetLastError
WriteFile
GetEnvironmentStringsW

wininet

RetrieveUrlCacheEntryStreamW
IsUrlCacheEntryExpiredA

Sections

.text
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 302KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

737d47a3015f4fbb5b2ee03a76a17832

Headers

File Characteristics

Imports

advapi32

comdlg32

user32

shell32

kernel32

wininet

Sections

.text Size: 126KB - Virtual size: 125KB

.data Size: 302KB - Virtual size: 302KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 126KB - Virtual size: 125KB

.data
Size: 302KB - Virtual size: 302KB

.rsrc
Size: 12KB - Virtual size: 12KB