a5a92d4d7d460195ab31ffda45ffafd0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

a5a92d4d7d460195ab31ffda45ffafd0N.exe
Size

239KB
MD5

a5a92d4d7d460195ab31ffda45ffafd0
SHA1

15168cb4b2240d2124064031a4533f7ab5dd7a6c
SHA256

ebf9758a40f93c4b31e5f65bd26fee56cc10f23e204ca491811143e33fb9248b
SHA512

a9be976dfbd32b5a4439d0d44e8e723dfb1cdb8ae8c3123d281b2b98831ab8517542b9c90187134e41c731a3ea12d0dcd1b87ffabaf4957aea7ce202a77af920
SSDEEP

6144:2toZ6vUlGloB+6kw3bxK9LXpYre/v2wAOU/4hWBa9SZm:2zoa1DwLE3DtAOU/bbg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a5a92d4d7d460195ab31ffda45ffafd0N.exe

Files

a5a92d4d7d460195ab31ffda45ffafd0N.exe
.exe windows:4 windows x86 arch:x86

5980d872c2aa1b1de47df0eb69b7a0a1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

DeleteUrlCacheGroup
ShowClientAuthCerts
FtpGetCurrentDirectoryW
FindFirstUrlCacheEntryExW
DeleteUrlCacheContainerA
GetUrlCacheHeaderData
FindFirstUrlCacheEntryExA
HttpQueryInfoW
InternetTimeToSystemTime
IsHostInProxyBypassList
InternetGetConnectedStateExA
HttpAddRequestHeadersW
InternetOpenA
FtpCommandW
InternetAutodial
FtpGetFileW
IsUrlCacheEntryExpiredW
FtpRenameFileA
HttpOpenRequestW
DetectAutoProxyUrl

shell32

SHFileOperationA
SHGetDesktopFolder
SHAppBarMessage
ShellAboutA
ExtractAssociatedIconA
RealShellExecuteExW
ShellExecuteExA
SHGetDataFromIDListW
SHFreeNameMappings
ExtractIconW
DoEnvironmentSubstW
SHBrowseForFolderW
ExtractAssociatedIconW
SHGetFileInfoW
ExtractAssociatedIconExW
FreeIconList
DuplicateIcon
SHGetPathFromIDListA
SHGetDataFromIDListA
ExtractIconExW
SHEmptyRecycleBinW
DoEnvironmentSubstA
SheGetDirA
DragQueryPoint
SHAddToRecentDocs

user32

wsprintfA
PostQuitMessage

comdlg32

PrintDlgA
PrintDlgW
GetFileTitleA
GetOpenFileNameW
GetSaveFileNameW
ChooseColorA
GetOpenFileNameA
FindTextW

kernel32

HeapDestroy
GetCurrentProcessId
SetLastError
SleepEx
GetOEMCP
QueryPerformanceCounter
IsBadWritePtr
ExitProcess
DeleteCriticalSection
LCMapStringA
OpenFileMappingW
RtlUnwind
LCMapStringW
GetCurrentThread
GetTimeZoneInformation
TlsFree
GetTickCount
InitializeCriticalSection
EnumResourceTypesA
GetFileType
SetHandleCount
HeapReAlloc
GetACP
InterlockedExchange
GetCommandLineA
GetModuleHandleA
TlsGetValue
UnhandledExceptionFilter
WideCharToMultiByte
GetStringTypeA
TransactNamedPipe
FoldStringA
FreeEnvironmentStringsW
LeaveCriticalSection
GetVersion
TlsAlloc
GetSystemTimeAsFileTime
GetProcAddress
GetStdHandle
HeapAlloc
VirtualAlloc
VirtualFree
GetModuleFileNameA
WritePrivateProfileStringA
GetCPInfo
GetEnvironmentStrings
GetStartupInfoA
HeapFree
EnterCriticalSection
WriteFile
GetLastError
GetEnvironmentStringsW
MultiByteToWideChar
TerminateProcess
FindFirstFileA
GetCurrentProcess
VirtualQuery
TlsSetValue
EnumDateFormatsW
HeapCreate
VirtualUnlock
FreeEnvironmentStringsA
GetStringTypeW
LoadLibraryA
GetCurrentThreadId

advapi32

DuplicateTokenEx
CryptSetProvParam
StartServiceA
RegQueryValueExA
RegQueryValueExW
RevertToSelf
DuplicateToken
RegNotifyChangeKeyValue
CryptEncrypt
CryptVerifySignatureW
RegDeleteValueA
LookupSecurityDescriptorPartsA
LookupPrivilegeValueA
RegEnumKeyW
LookupSecurityDescriptorPartsW
CryptImportKey
RegCloseKey
RegCreateKeyW
RegQueryValueA

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5980d872c2aa1b1de47df0eb69b7a0a1

Headers

File Characteristics

Imports

wininet

shell32

user32

comdlg32

kernel32

advapi32

Sections

.text Size: 119KB - Virtual size: 118KB

.data Size: 107KB - Virtual size: 106KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 119KB - Virtual size: 118KB

.data
Size: 107KB - Virtual size: 106KB

.rsrc
Size: 12KB - Virtual size: 11KB