a74f36887fd8c7f65a00bcff3d6fe280N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

a74f36887fd8c7f65a00bcff3d6fe280N.exe
Size

277KB
MD5

a74f36887fd8c7f65a00bcff3d6fe280
SHA1

96bea8cf6a423871fd716aee72a0869a09579771
SHA256

5a4324f08c9482b5d73fdf4ca3e1513883217611aa4a51bdc4bfee9dc5dea3ad
SHA512

94fb076517ba23f3178a53741a5ef221094c0f7de32233335e12e16c15313fa2c7fe612099862df1a480b6966623bfe7f3f8f2f5de148df4b1f214837386506d
SSDEEP

6144:HHEMlRR48uTDeAV3caWPSwb/n8P4tP7xnivVgMj8ARrBVk9:n5bC8uTDetaWPFm4tPcgME

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a74f36887fd8c7f65a00bcff3d6fe280N.exe

Files

a74f36887fd8c7f65a00bcff3d6fe280N.exe
.exe windows:4 windows x86 arch:x86

bdc25b834d8926cc808363e75e81ede2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetWriteFile
InternetConnectA
FreeUrlCacheSpaceW
FindFirstUrlCacheEntryExW
FtpDeleteFileA
DeleteUrlCacheEntryA
InternetDialA
InternetCanonicalizeUrlA
ShowX509EncodedCertificate
FtpOpenFileW
GetUrlCacheEntryInfoA
InternetQueryFortezzaStatus
GopherOpenFileA
InternetTimeToSystemTime
GetUrlCacheEntryInfoExW
InternetGetConnectedStateEx
InternetCreateUrlW
FindFirstUrlCacheGroup

shell32

RealShellExecuteW
SHEmptyRecycleBinW
SHGetSpecialFolderPathA
SHGetMalloc
SHGetNewLinkInfo
DragQueryFile
ExtractIconExW
DragFinish
FindExecutableW
ShellExecuteExA
SHChangeNotify
ExtractIconEx
SHGetFileInfo
SHEmptyRecycleBinA
SheChangeDirA
CommandLineToArgvW
SHFormatDrive
SHUpdateRecycleBinIcon
SHGetDataFromIDListW
ExtractAssociatedIconExA
RealShellExecuteA
ShellExecuteExW
SHGetPathFromIDListA

user32

SwapMouseButton
WINNLSGetIMEHotkey
ClipCursor
IsDialogMessageW
GetWindow
RemovePropA
WaitForInputIdle
InsertMenuItemW
GetClipCursor
InSendMessage
OpenDesktopW
CreateMDIWindowA

advapi32

RegEnumValueA
LookupSecurityDescriptorPartsW
CryptSignHashA
RegDeleteKeyW
RegSetValueExW
LookupAccountSidA
CryptSignHashW
RegQueryValueA
LookupAccountSidW
CryptDeriveKey
StartServiceA
CryptExportKey
GetUserNameW
RegLoadKeyA
CryptEncrypt
RegSetKeySecurity
CryptDestroyHash
RegNotifyChangeKeyValue
RegOpenKeyExW
RegFlushKey
CryptVerifySignatureW
RegConnectRegistryW
GetUserNameA
CryptSetProviderExW

kernel32

VirtualQuery
GetDateFormatA
HeapAlloc
DeleteCriticalSection
UnhandledExceptionFilter
GetCommandLineA
OpenMutexA
InterlockedIncrement
LCMapStringW
TlsAlloc
SetLastError
GetLocaleInfoW
HeapReAlloc
GetModuleFileNameA
GetTimeZoneInformation
FreeEnvironmentStringsW
IsValidCodePage
IsValidLocale
GetCurrentThread
GetStartupInfoW
VirtualFree
LoadLibraryA
VirtualAlloc
TerminateProcess
TlsGetValue
GetLocaleInfoA
InterlockedDecrement
InterlockedExchange
TlsSetValue
GetOEMCP
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetVersionExA
HeapSize
GetModuleFileNameW
CompareStringA
GetCommandLineW
EnterCriticalSection
SetHandleCount
HeapCreate
GetTickCount
GetUserDefaultLCID
CompareStringW
SetEnvironmentVariableA
GetNamedPipeHandleStateW
GetLastError
WriteFile
SetConsoleCtrlHandler
GetEnvironmentStrings
ExitProcess
MultiByteToWideChar
InitializeCriticalSection
TlsFree
GetStringTypeW
EnumSystemLocalesA
WideCharToMultiByte
HeapFree
GetCPInfo
GetCurrentThreadId
GetCurrentProcess
HeapDestroy
GetACP
QueryPerformanceCounter
GetCurrentProcessId
GetTimeFormatA
RtlUnwind
LCMapStringA
GetProcAddress
FreeEnvironmentStringsA
GetStdHandle
LeaveCriticalSection
FreeLibrary
GetModuleHandleA
Sleep
GetStartupInfoA
GetSystemTimeAsFileTime
GetProcessHeap
GetFileType
GetStringTypeA
IsDebuggerPresent

comdlg32

ChooseColorW
GetOpenFileNameW
ReplaceTextA
GetSaveFileNameA
FindTextW
PageSetupDlgW
ChooseFontW
ChooseFontA
GetOpenFileNameA
LoadAlterBitmap
GetFileTitleW
ReplaceTextW
PrintDlgA
ChooseColorA
GetSaveFileNameW
GetFileTitleA
PageSetupDlgA

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bdc25b834d8926cc808363e75e81ede2

Headers

File Characteristics

Imports

wininet

shell32

user32

advapi32

kernel32

comdlg32

Sections

.text Size: 128KB - Virtual size: 127KB

.data Size: 139KB - Virtual size: 138KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 128KB - Virtual size: 127KB

.data
Size: 139KB - Virtual size: 138KB

.rsrc
Size: 9KB - Virtual size: 9KB