9cb774a74d2eca04f87a4e1eff097100N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

9cb774a74d2eca04f87a4e1eff097100N.exe
Size

533KB
MD5

9cb774a74d2eca04f87a4e1eff097100
SHA1

12c738ef1cef5902004d9a46f5fd727eede0d8bd
SHA256

97ee763468595a9b5359a19f5ddc3432de44c83f21f7d14fea675c00f8217d87
SHA512

77371f9f2e5be5f13cdd384e0af30c3b23bd2a0940417afa4309fb3c81313c00db6352ac57fc7298209c031ef9532371b77f7cbe70ff3e84f12365242fcfa856
SSDEEP

12288:R7F16x/dPzl+UghNgQhv2iFdJJ5+bALCtqMgab6o:RxgV1ghNgQhvv5LLCkMgaOo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9cb774a74d2eca04f87a4e1eff097100N.exe

Files

9cb774a74d2eca04f87a4e1eff097100N.exe
.exe windows:4 windows x86 arch:x86

a7815801c41293e2a6df5efadfe47371

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\srkyzte\esss\oin.pdb

Imports

gdi32

GetDeviceCaps
DeleteDC
PlgBlt
CreateDCW
ExtCreatePen

kernel32

InitializeCriticalSectionAndSpinCount
WriteFile
HeapDestroy
HeapFree
FreeEnvironmentStringsW
TerminateProcess
LeaveCriticalSection
SetLastError
DeleteCriticalSection
TlsGetValue
CreateFileA
SetComputerNameA
GetStringTypeW
GetStringTypeA
WideCharToMultiByte
GetOEMCP
GetConsoleCP
GetModuleHandleW
IsBadWritePtr
GetConsoleTitleW
GetConsoleMode
GetDateFormatA
GlobalDeleteAtom
GetModuleFileNameA
WriteConsoleA
TlsFree
VirtualQuery
GetCPInfo
IsDebuggerPresent
ReadFile
HeapReAlloc
GetSystemTimeAsFileTime
GetTimeFormatA
LoadLibraryA
OpenFileMappingW
OpenMutexA
GetPrivateProfileStringA
SetStdHandle
WriteProfileStringA
TlsAlloc
GetConsoleOutputCP
UnhandledExceptionFilter
GetProcAddress
SetUnhandledExceptionFilter
VirtualAlloc
FreeLibrary
GetUserDefaultLCID
FlushFileBuffers
GetCommandLineA
CreateMutexA
EnterCriticalSection
InterlockedIncrement
GetCurrentThreadId
LCMapStringA
LCMapStringW
EnumSystemCodePagesW
HeapSize
MultiByteToWideChar
GlobalAddAtomA
GetStartupInfoA
GetTickCount
GetModuleHandleA
SetHandleCount
InterlockedDecrement
CompareStringA
TlsSetValue
GetLocaleInfoW
WriteConsoleW
IsValidLocale
EnumCalendarInfoA
QueryPerformanceCounter
Sleep
RtlZeroMemory
GetUserDefaultLangID
GetLastError
GetLocaleInfoA
CompareStringW
RtlUnwind
GetStdHandle
SetConsoleCtrlHandler
SetFilePointer
HeapAlloc
HeapCreate
GetModuleFileNameW
GetCurrentThread
EnumSystemLocalesA
GetStartupInfoW
GetCurrentProcessId
ExitProcess
GetFileType
CloseHandle
GetCommandLineW
GetACP
GetCurrencyFormatW
GetTempFileNameW
GetCurrentProcess
GetTimeZoneInformation
MoveFileExW
GetEnvironmentStringsW
CreateProcessW
lstrcpyW
IsValidCodePage
InterlockedExchange
VirtualFree
LocalAlloc
SetEnvironmentVariableA
DebugBreak

shell32

SHUpdateRecycleBinIcon
SHFileOperation

user32

IsWindowEnabled
CheckMenuItem
GetMonitorInfoA
ActivateKeyboardLayout
RegisterClassExA
CreateWindowExW
CloseWindow
ShowWindow
RegisterClassA
CharToOemBuffW
CharUpperA
DdeImpersonateClient
CreateMDIWindowA
OemToCharBuffW
CheckRadioButton
RemovePropW
GetAltTabInfo
MessageBoxW
DdeDisconnect

comctl32

InitCommonControlsEx

Sections

.text
Size: 340KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7815801c41293e2a6df5efadfe47371

Headers

File Characteristics

PDB Paths

Imports

gdi32

kernel32

shell32

user32

comctl32

Sections

.text Size: 340KB - Virtual size: 339KB

.rdata Size: 59KB - Virtual size: 86KB

.data Size: 116KB - Virtual size: 116KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 340KB - Virtual size: 339KB

.rdata
Size: 59KB - Virtual size: 86KB

.data
Size: 116KB - Virtual size: 116KB

.rsrc
Size: 16KB - Virtual size: 16KB