bf0695da6044cea8e559c729c1f4a600N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

bf0695da6044cea8e559c729c1f4a600N.exe
Size

205KB
MD5

bf0695da6044cea8e559c729c1f4a600
SHA1

5976f01997efc8b707850e00936aa069ab9ff182
SHA256

b06763b7bea1dfd1dc483a7713088dbf03f2a46b77bc2fff16e7f5f0feb1c399
SHA512

d7a907369a34cbbc2be04b3072947a6600936a7aaa9fb77b4bda95587988c6c2320b8b6ec3cd53d7eda24ef67912ffa7ab5f39e0a83d84d3f35923377e0c75f9
SSDEEP

6144:yNgDUKU4+njevbFKyJ3YaCDESfwwVwtgB7ILdatq/1:yyoKwYgyJ34DEQwIwtUMatq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf0695da6044cea8e559c729c1f4a600N.exe

Files

bf0695da6044cea8e559c729c1f4a600N.exe
.exe windows:4 windows x86 arch:x86

f9b4d40cdbf64f9ae4b51f640ea1d32d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

SetUrlCacheConfigInfoA
InternetShowSecurityInfoByURLA
UpdateUrlCacheContentPath
FindNextUrlCacheEntryW
ShowSecurityInfo
CreateUrlCacheContainerW
InternetGetConnectedStateExW
InternetInitializeAutoProxyDll
GetUrlCacheConfigInfoW
InternetDialW
InternetCanonicalizeUrlW
CreateUrlCacheEntryW
InternetSetOptionA
FindNextUrlCacheEntryA

user32

IsDlgButtonChecked
LoadBitmapA
GetScrollPos
CallMsgFilterA
SendMessageTimeoutA
EnableWindow
DrawCaption

shell32

ShellAboutA
SHInvokePrinterCommandA
SHFileOperationW
ShellExecuteW
RealShellExecuteExW
SHGetDesktopFolder
SHGetPathFromIDListA
SHUpdateRecycleBinIcon

advapi32

RegEnumKeyW
CryptCreateHash
RegQueryMultipleValuesA
RegFlushKey
RegOpenKeyExA
CryptGenRandom
RegSetValueExA
RegQueryValueExW
LookupSecurityDescriptorPartsA
RegEnumKeyA
CryptVerifySignatureW
LookupPrivilegeNameA
GetUserNameW
CreateServiceW
RegDeleteKeyA
LookupAccountSidA
StartServiceA
CryptSetKeyParam
RegSetValueExW
LookupAccountSidW

kernel32

OpenSemaphoreW
FreeEnvironmentStringsA
RtlUnwind
GetSystemDirectoryW
InterlockedExchange
GetModuleHandleA
lstrlen
GetCurrentProcess
MultiByteToWideChar
LoadLibraryA
IsBadWritePtr
GetProcAddress
TlsAlloc
FindNextFileW
GetVersion
OpenFileMappingA
SystemTimeToFileTime
TlsSetValue
GetLastError
ExitProcess
GetFileType
VirtualFree
GetEnvironmentStringsW
GetTempPathA
GetModuleFileNameA
WideCharToMultiByte
HeapCreate
GetEnvironmentStrings
CreateToolhelp32Snapshot
HeapDestroy
GetConsoleTitleA
GetStringTypeExA
GetProcessHeaps
GetComputerNameA
SetHandleCount
GetExitCodeThread
HeapReAlloc
VirtualQuery
GlobalAddAtomW
EnumCalendarInfoExW
TlsFree
SetLastError
TerminateProcess
GetOEMCP
GetCommandLineA
HeapAlloc
SetConsoleCP
SetConsoleCursorPosition
DeleteCriticalSection
ReadConsoleOutputCharacterA
FreeEnvironmentStringsW
GetStartupInfoA
GetCurrentProcessId
InitializeCriticalSection
EnterCriticalSection
WritePrivateProfileStructA
QueryPerformanceCounter
GetStringTypeW
GetACP
GetStdHandle
GetCurrentThread
GetLogicalDriveStringsW
GetCurrentThreadId
WriteFile
GetSystemTimeAsFileTime
LeaveCriticalSection
TlsGetValue
UnhandledExceptionFilter
LCMapStringA
GetStringTypeA
WaitForSingleObject
FoldStringW
GetTickCount
LCMapStringW
VirtualAlloc
RemoveDirectoryA
HeapFree
GetCPInfo

comdlg32

ReplaceTextW
GetOpenFileNameW
ChooseFontW
ChooseColorW
PrintDlgA
PageSetupDlgA

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 105KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9b4d40cdbf64f9ae4b51f640ea1d32d

Headers

File Characteristics

Imports

wininet

user32

shell32

advapi32

kernel32

comdlg32

Sections

.text Size: 95KB - Virtual size: 95KB

.data Size: 105KB - Virtual size: 123KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 95KB - Virtual size: 95KB

.data
Size: 105KB - Virtual size: 123KB

.rsrc
Size: 3KB - Virtual size: 2KB