47ac171d703289374995a9603b1dbed0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

47ac171d703289374995a9603b1dbed0N.exe
Size

60KB
MD5

47ac171d703289374995a9603b1dbed0
SHA1

b8e4f63b071a8384223f4a3b61e8a632ec4e77bd
SHA256

79094b4dfdeba9b938f9109f73d9d748fc4838fbc6d21ebaf2b28ccec9fc3531
SHA512

9f80a6dd535bedd1b2f09ee698bcbd3dba89ee9aa59406018a47993d8817144971641716bfd28b6e361ae6f176cc6317fef60fe8b3764e18f268842733c28507
SSDEEP

1536:t0LhHqKO/nKTGkv5pSJGoUH6VqvWVqbTVqbQ:tOhHy/SRAJGoJVqvWVqbTVqbQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47ac171d703289374995a9603b1dbed0N.exe

Files

47ac171d703289374995a9603b1dbed0N.exe
.exe windows:4 windows x86 arch:x86

ac6f5f664f87ac10509b9154ed466473

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
CopyFileA
lstrcatA
GetTickCount
GetLocalTime
lstrcpyA
GetComputerNameA
GetLocaleInfoA
MultiByteToWideChar
CreateProcessA
FreeLibrary
GetProcAddress
LoadLibraryA
_lclose
_lopen
GetSystemDirectoryA
WideCharToMultiByte
GetModuleFileNameA
lstrlenA
CloseHandle
Sleep
FlushFileBuffers
LCMapStringW
LCMapStringA
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
InterlockedIncrement
InterlockedDecrement
SetFilePointer
GetStringTypeW
GetStringTypeA
GetLastError
CreateThread
GetCurrentThreadId
TlsSetValue
ExitThread
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
TlsAlloc
SetLastError
TlsGetValue
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlUnwind
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
HeapReAlloc

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
GetUserNameA

ws2_32

gethostname
gethostbyname
send
socket
htons
inet_addr
ioctlsocket
connect
select
closesocket
WSAStartup
WSACleanup
inet_ntoa

mpr

WNetAddConnection2A
WNetCancelConnection2A

netapi32

NetApiBufferFree
NetUserEnum
NetScheduleJobAdd
NetRemoteTOD

iertutil

ord320

dui70

?GetKeyFocusedElement@DialogElement@DirectUI@@UEAAPEAVElement@2@

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.l1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.l1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nyi`F7
Size: 4KB - Virtual size: 256B

.l1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ac6f5f664f87ac10509b9154ed466473

Headers

File Characteristics

Imports

kernel32

advapi32

ws2_32

mpr

netapi32

iertutil

dui70

Sections

.text Size: 24KB - Virtual size: 23KB

.reloc Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 12KB

.l1 Size: 4KB - Virtual size: 4KB

.l1 Size: 4KB - Virtual size: 4KB

nyi`F7 Size: 4KB - Virtual size: 256B

.l1 Size: 4KB - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 23KB

.reloc
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.l1
Size: 4KB - Virtual size: 4KB

.l1
Size: 4KB - Virtual size: 4KB

nyi`F7
Size: 4KB - Virtual size: 256B

.l1
Size: 4KB - Virtual size: 4KB