0cdbb1804bd2d9293e98c7f6d2a01cf0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

0cdbb1804bd2d9293e98c7f6d2a01cf0N.exe
Size

1.3MB
MD5

0cdbb1804bd2d9293e98c7f6d2a01cf0
SHA1

63c82f75f517652deffbc1de8701e70f1ea8b40f
SHA256

5054b62d484d3b47be4ad9b384e4cb985d9b179b1a81bc68b0bfcbff448bbe5b
SHA512

04d9c23a9e0723ddf664f96f1094c1de8a4bd32860e5064aab4466bd38956ed6db4294dfcf41eeb31ce8b8d9833453e01052586b18793af8b0c1528f27a55154
SSDEEP

12288:sgqfQb3HICEqMTmkJR4Do07Y86gw5CtCjX+NLuFhNpBeZT3X:sNQz4fSkQ/7Gb8NLEbeZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cdbb1804bd2d9293e98c7f6d2a01cf0N.exe

Files

0cdbb1804bd2d9293e98c7f6d2a01cf0N.exe
.exe windows:5 windows x86 arch:x86

5b859053c7a5d6260b6f8565c66e68e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dexplore.pdb

Imports

kernel32

FreeLibrary
IsDBCSLeadByte
GetUserDefaultLCID
FindClose
FindNextFileW
FindFirstFileW
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
GetSystemDefaultLCID
LoadLibraryExA
GetFileAttributesExW
CopyFileW
GetModuleHandleW
FindAtomW
DeleteAtom
AddAtomW
CreateFileMappingA
MapViewOfFile
CreateEventA
CreateMutexA
DuplicateHandle
OpenProcess
LoadLibraryA
GetProcAddress
WaitForSingleObject
SetEvent
ReleaseMutex
GetUserDefaultUILanguage
UnmapViewOfFile
GetFileAttributesA
OutputDebugStringW
VirtualFree
VirtualAlloc
lstrcpynW
SystemTimeToFileTime
GetSystemTime
LoadLibraryExW
WriteFile
GetStdHandle
LoadLibraryW
CreateDirectoryW
MoveFileW
GetFileAttributesW
GetModuleFileNameW
CreateFileW
CloseHandle
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleA
GetVersionExA
LeaveCriticalSection
FindResourceExA
LoadResource
LockResource
SizeofResource
FindResourceA
GetLastError
EnterCriticalSection
GetModuleFileNameA
lstrcmpiA
lstrlenW
GetEnvironmentVariableA
InterlockedExchange
RaiseException
WideCharToMultiByte
MultiByteToWideChar
CreateProcessA
lstrlenA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
LocalAlloc
QueryPerformanceCounter
GetStartupInfoA
InterlockedCompareExchange
Sleep

msvcr80

_except_handler4_common
_callnewh
??3@YAXPAX@Z
free
memcpy_s
_resetstkoflw
wcscpy_s
_mbscmp
_wtol
sprintf_s
_vsnprintf_s
_vswprintf_c_l
strrchr
isprint
_ultow_s
_strlwr_s
strcpy_s
wcsncat_s
_set_purecall_handler
wcsstr
wcspbrk
memmove
wcschr
wcsncpy_s
wcscat_s
_vsnwprintf_s
_wmakepath_s
_wsplitpath_s
swprintf_s
memset
memmove_s
_wcsicmp
wcsrchr
_vscwprintf
vswprintf_s
_wcsnicmp
??_V@YAXPAX@Z
_recalloc
calloc
strncpy_s
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_crt_debugger_hook
_controlfp_s
_invoke_watson
malloc

user32

CharNextW
LoadStringW
MessageBoxW
LoadIconA
LoadImageA
DestroyWindow
UnregisterClassA
CharNextA
GetSystemMetrics

advapi32

CryptVerifySignatureA
CryptHashData
CryptCreateHash
CryptImportKey
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptDestroyHash
RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW

ole32

OleUninitialize
CoInitializeSecurity
StringFromCLSID
OleInitialize
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
IIDFromString
CoCreateInstance

oleaut32

SysAllocString
GetErrorInfo
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysStringLen
VarBstrCat
SysAllocStringByteLen
VariantClear
VariantInit
SysStringByteLen
SysFreeString
SysAllocStringLen

shlwapi

PathAddBackslashW

mscoree

CorBindToRuntimeEx
LockClrVersion

custsat

ord5
ord4

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5b859053c7a5d6260b6f8565c66e68e1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcr80

user32

advapi32

ole32

oleaut32

shlwapi

mscoree

custsat

Sections

.text Size: 77KB - Virtual size: 76KB

.data Size: 2KB - Virtual size: 8KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 77KB - Virtual size: 76KB

.data
Size: 2KB - Virtual size: 8KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB