1ec7ed57aa9aa6e6999c0d730f997b60N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

1ec7ed57aa9aa6e6999c0d730f997b60N.exe
Size

1.7MB
MD5

1ec7ed57aa9aa6e6999c0d730f997b60
SHA1

c22a93be39d483d897f66e38ddc051ccc9354026
SHA256

e79a527f86b14519878e6515b7c92f1fa8d5b3903d2d356a1910bf375b31cd59
SHA512

0857516b4b24644408ec9d7d43e48ae99e715df410b490b93ea3c020f985cec04e87a4c7e1ae984f78cf0c0c969fd661cb973146cba049b07e23901e44889315
SSDEEP

49152:6kZ2Ra5sm09ItsWmoD3SkqWEmxFCIVo8ePq7vsqwtC2S/Yqmz+X2Ki:6kZ2U+evmC3XqWpxBVo8ea7wlSyzK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ec7ed57aa9aa6e6999c0d730f997b60N.exe

Files

1ec7ed57aa9aa6e6999c0d730f997b60N.exe
.dll windows:5 windows x86 arch:x86

d6e48a32611312fca08c9a839b2c6c2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

ImageList_AddMasked

esent

JetInit2
JetTerm2

netapi32

NetUserSetGroups
NetGroupAddUser
NetQueryDisplayInformation
NetGroupGetInfo
NetServerTransportDel

msacm32

acmFormatEnumW

rasapi32

RasGetConnectStatusW
RasGetSubEntryPropertiesA

gdi32

Polygon
GetTextMetricsA
SelectObject
ScaleWindowExtEx
ExtTextOutA
GetCharWidthFloatA
SetDIBitsToDevice
DescribePixelFormat
GetObjectA
GetDeviceGammaRamp
PolyPolygon
GetMetaFileA
SetMiterLimit
GetDCOrgEx
GetMapMode

msvfw32

DrawDibStop

secur32

GetComputerObjectNameW
MakeSignature
AcquireCredentialsHandleA
InitializeSecurityContextA

advapi32

RegEnumKeyA
GetEffectiveRightsFromAclW
RegConnectRegistryA
SetEntriesInAclW
GetServiceKeyNameA
RegisterEventSourceA
CryptSetProviderExW
StartServiceCtrlDispatcherA
LookupAccountNameW
QueryServiceStatusEx
CryptContextAddRef
OpenSCManagerA
BuildTrusteeWithSidW
RegNotifyChangeKeyValue
GetKernelObjectSecurity
BuildTrusteeWithNameW
QueryServiceConfig2W
CreatePrivateObjectSecurityEx
AreAnyAccessesGranted
AccessCheckByType

mprapi

MprConfigTransportGetInfo
MprConfigInterfaceDelete
MprConfigInterfaceSetInfo
MprConfigTransportCreate
MprAdminMIBEntrySet

wininet

InternetTimeFromSystemTimeA
InternetSetCookieA
HttpSendRequestW

wintrust

WTHelperProvDataFromStateData
WintrustLoadFunctionPointers
CryptSIPGetSignedDataMsg
IsCatalogFile

lz32

GetExpandedNameW
LZSeek
LZClose

opengl32

glEvalCoord1f

winscard

SCardForgetCardTypeW
SCardListInterfacesA
SCardListCardsA

setupapi

SetupDiGetClassInstallParamsW
SetupDiEnumDeviceInfo
CM_Locate_DevNode_ExW
SetupVerifyInfFileW
CM_Open_Class_KeyW
SetupFindNextMatchLineW
SetupDiGetClassImageListExW
CM_Disable_DevNode
CM_Get_Device_ID_List_SizeW
SetupDiGetDeviceInfoListDetailA
SetupGetLineTextW
SetupDiGetDeviceRegistryPropertyA
SetupDiGetINFClassW

oleaut32

CreateTypeLi
GetActiveObject
LoadTypeLibEx

kernel32

HeapReAlloc
HeapAlloc
ReadFile
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
WriteFile
SetFilePointer
FatalAppExitA
ExitProcess
HeapFree
Sleep
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
CompareStringW
GetCurrentThread
GetLastError
GetCurrentThreadId
SetLastError
TlsSetValue
TlsAlloc
GetTickCount
GetProcAddress
GetModuleHandleW
IsValidCodePage
GetPriorityClass
CreateFileMappingA
CreateProcessW
SetStdHandle
ResetEvent
EnumSystemCodePagesA
SetCriticalSectionSpinCount
GetPrivateProfileSectionW
CreateEventA
GetConsoleOutputCP
HeapCreate
WriteConsoleA
TlsFree
ReplaceFileA
MoveFileA
CreateHardLinkW
IsWow64Process
CallNamedPipeA
FillConsoleOutputCharacterA
Process32FirstW
GetFileTime
LocalLock
GenerateConsoleCtrlEvent
CallNamedPipeW
FileTimeToDosDateTime
GetStartupInfoW
OpenWaitableTimerW
WaitForSingleObject
EscapeCommFunction
EnterCriticalSection
GetModuleHandleA
GetModuleFileNameA
CloseHandle
GetModuleFileNameW
GetBinaryTypeA
GetSystemDefaultUILanguage
SetMailslotInfo
DuplicateHandle
SetUserGeoID
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LeaveCriticalSection
HeapDestroy
VirtualFree
VirtualAlloc
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
CreateFileA
GetLocaleInfoW
SetEnvironmentVariableA
GetCommandLineA
HeapSize
GetTimeZoneInformation
SetLocaleInfoW
WriteConsoleW
GetCurrentProcessId
GetSystemTimeAsFileTime
CompareStringA
FlushFileBuffers
UnregisterWait
LoadLibraryA
TlsGetValue

version

GetFileVersionInfoA
VerFindFileW

ole32

CoFreeLibrary
StgCreatePropStg
PropVariantCopy
OleMetafilePictFromIconAndLabel
CoLockObjectExternal
OleLoadFromStream
OleLockRunning

winspool.drv

DeletePrinterDriverExW

winmm

waveOutGetDevCapsW
mmioDescend
midiOutMessage
mixerGetID
waveInClose
midiOutGetDevCapsW
GetDriverModuleHandle
PlaySoundW
waveInGetPosition

urlmon

CoInternetSetFeatureEnabled
IsAsyncMoniker

user32

GetUpdateRgn
GetWindowContextHelpId
ShowScrollBar
GetSystemMetrics
ShowWindow
SetLayeredWindowAttributes
VkKeyScanExW
RegisterWindowMessageA
CreateWindowExW
MessageBoxW
CallMsgFilterA
CopyImage
MessageBoxExW
EndMenu
ToUnicodeEx
InflateRect
ToAsciiEx
GetClipCursor
SetMenuDefaultItem
LookupIconIdFromDirectoryEx
CreateWindowExA
SetTimer
TabbedTextOutA
SetClipboardData
DlgDirSelectComboBoxExW
FreeDDElParam
SendMessageCallbackA
SwapMouseButton
LoadKeyboardLayoutW
keybd_event
SetDlgItemInt

rpcrt4

I_RpcGetExtendedError
NdrAllocate
RpcBindingInqAuthClientW
RpcMgmtSetCancelTimeout
NdrAsyncServerCall

crypt32

PFXVerifyPassword
CertAlgIdToOID
CryptBinaryToStringA
CertFindChainInStore
CryptMsgDuplicate
CertEnumCertificateContextProperties

imm32

ImmGetCandidateListW

clusapi

GetNodeClusterState
RestoreClusterDatabase

ws2_32

select

mscms

IsColorProfileTagPresent
GetStandardColorSpaceProfileW

shlwapi

PathGetCharTypeA
SHEnumKeyExW
StrStrIA
PathIsURLW
StrDupA
PathCreateFromUrlA

shell32

ExtractIconW
ExtractAssociatedIconA
SHChangeNotify
ShellExecuteExA
SHGetFileInfoA
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW

Sections

.text
Size: 1012KB - Virtual size: 1009KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qdata
Size: 692KB - Virtual size: 689KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d6e48a32611312fca08c9a839b2c6c2d

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

esent

netapi32

msacm32

rasapi32

gdi32

msvfw32

secur32

advapi32

mprapi

wininet

wintrust

lz32

opengl32

winscard

setupapi

oleaut32

kernel32

version

ole32

winspool.drv

winmm

urlmon

user32

rpcrt4

crypt32

imm32

clusapi

ws2_32

mscms

shlwapi

shell32

Sections

.text Size: 1012KB - Virtual size: 1009KB

.qdata Size: 692KB - Virtual size: 689KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 44KB - Virtual size: 53KB

.rsrc Size: 4KB - Virtual size: 904B

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 1012KB - Virtual size: 1009KB

.qdata
Size: 692KB - Virtual size: 689KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 44KB - Virtual size: 53KB

.rsrc
Size: 4KB - Virtual size: 904B

.reloc
Size: 12KB - Virtual size: 11KB