9449af6c62352aed67defdeed86a6e30N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

9449af6c62352aed67defdeed86a6e30N.exe
Size

504KB
MD5

9449af6c62352aed67defdeed86a6e30
SHA1

527855f460ea97a2de019e3c1fc2e1fbff721f84
SHA256

6e4db5b2d88a66eadcd7e3215bc7c44637850e6acf6b035c78fe862ca6bcbeb9
SHA512

c0654208a2c4bc7331bee851a3a8163c1799353b45fc02f5f57516acfd6ec110f63144a8e904c52fd7dc30011ce8365f0733f34ec1fb1b44cd2e3c056ae41e56
SSDEEP

12288:4YXxN4U0gtWdfuS1oMOQd1awgLzcRUfpMiqO2x2lOA:vB6NX9uS1oMOEEwyImJqO2x2lO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9449af6c62352aed67defdeed86a6e30N.exe

Files

9449af6c62352aed67defdeed86a6e30N.exe
.exe windows:4 windows x86 arch:x86

470d426cc561de6ef9098d9342682f30

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

kernel32

VirtualAlloc
CompareStringA
QueryPerformanceCounter
lstrcmpW
GetEnvironmentStrings
GetStringTypeW
TlsAlloc
GetSystemTimeAsFileTime
GetSystemTime
LeaveCriticalSection
InterlockedExchange
SetHandleCount
GetTickCount
SetLastError
TlsFree
InterlockedIncrement
SetFilePointer
UnhandledExceptionFilter
CreateMutexA
HeapDestroy
HeapAlloc
HeapCreate
lstrcpyA
IsBadWritePtr
TerminateProcess
GetCurrentThreadId
InitializeCriticalSection
GetTimeZoneInformation
GetModuleFileNameA
GetFileType
ExitProcess
VirtualFree
RtlUnwind
VirtualQuery
LoadLibraryA
GetCurrentProcess
GetACP
GetOEMCP
TlsGetValue
LCMapStringW
GlobalAddAtomA
GetLastError
FlushFileBuffers
GetEnvironmentStringsW
GetLocalTime
SetStdHandle
GetStdHandle
ReadFile
OpenMutexA
GetCurrentThread
GetCommandLineA
GetStartupInfoA
CompareStringW
GetModuleHandleA
CloseHandle
EnterCriticalSection
InterlockedDecrement
SetEnvironmentVariableA
WideCharToMultiByte
DeleteCriticalSection
TlsSetValue
GetVersion
WriteFile
HeapFree
FreeEnvironmentStringsA
GetProcAddress
HeapReAlloc
Sleep
MultiByteToWideChar
LCMapStringA
GetStringTypeA
GetCPInfo
FreeEnvironmentStringsW
GetCurrentProcessId

user32

GetSysColorBrush
RegisterClassExA
RegisterClassA
GetMenuStringW
SetParent
DdeAbandonTransaction
SendInput

advapi32

LookupPrivilegeValueA

wininet

GetUrlCacheHeaderData
InternetReadFile
GopherCreateLocatorW
RetrieveUrlCacheEntryStreamW
HttpAddRequestHeadersA

Sections

.text
Size: 322KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

470d426cc561de6ef9098d9342682f30

Headers

File Characteristics

Imports

comctl32

kernel32

user32

advapi32

wininet

Sections

.text Size: 322KB - Virtual size: 321KB

.rdata Size: 60KB - Virtual size: 86KB

.data Size: 103KB - Virtual size: 103KB

.rsrc Size: 17KB - Virtual size: 17KB

.text
Size: 322KB - Virtual size: 321KB

.rdata
Size: 60KB - Virtual size: 86KB

.data
Size: 103KB - Virtual size: 103KB

.rsrc
Size: 17KB - Virtual size: 17KB