a077c282822e4b8c6732f27f55ee66c0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a077c282822e4b8c6732f27f55ee66c0N.exe
Size

2.8MB
MD5

a077c282822e4b8c6732f27f55ee66c0
SHA1

35aa2ab72e8eb669e1ebf6a62d81d93a6be51b0a
SHA256

e95745445ac88ab928c5ba761cbb1fc7e7fc669a4845bc62237a5cdf2490cb6d
SHA512

336ebedda1815bd600f2fa01957dc0de5182af60743cf53d62da5f1b89d2b4a7bb3eba1f5b57e00bae6bc6bd52bd8f9349057b831d2d418e9f4f1a11ffdcb20f
SSDEEP

49152:7uULH/3EjUlevofdQRWtNiePto41zMhQ0iruQZukCITK+wB133yG04HxxsIvORo:ieH/3mjvEbYeVZzMpirukNwTHyGnHxNZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a077c282822e4b8c6732f27f55ee66c0N.exe

Files

a077c282822e4b8c6732f27f55ee66c0N.exe
.dll windows:5 windows x86 arch:x86

d2fcd3d1e84fba0d96ef0319995a4550

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

HttpOpenRequestA

crypt32

CryptSIPCreateIndirectData

mprapi

MprAdminMIBEntryGetFirst

ole32

OleTranslateAccelerator

setupapi

SetupDiEnumDeviceInfo

shlwapi

StrStrW
UrlUnescapeA
StrRChrA

comctl32

ImageList_Create
ImageList_LoadImageA

wintrust

CryptCATAdminCalcHashFromFileHandle
CryptCATStoreFromHandle

oleaut32

LoadTypeLibEx
VarR8FromUI1
GetErrorInfo
VARIANT_UserFree

user32

PostQuitMessage
ShowWindow
UpdateWindow
GetSystemMetrics
CreateCaret
ShowScrollBar
DialogBoxIndirectParamW
GetMessageW
DialogBoxParamW
CopyAcceleratorTableA
SetWindowContextHelpId
OpenClipboard

winmm

joyGetPosEx
waveOutGetPlaybackRate

winspool.drv

SetPortW
DeletePrinterDriverW
AddFormW

winscard

SCardGetCardTypeProviderNameW
SCardStatusA
SCardGetProviderIdA
SCardTransmit

rasapi32

RasGetCustomAuthDataW
RasFreeEapUserIdentityA
RasGetProjectionInfoA

advapi32

LookupPrivilegeValueW
GetAclInformation
CryptEncrypt
SaferComputeTokenFromLevel
CryptGenKey
AccessCheckAndAuditAlarmW
RegCloseKey

urlmon

UrlMkSetSessionOption

comdlg32

FindTextW

rpcrt4

RpcStringBindingParseW
I_RpcTurnOnEEInfoPropagation
RpcServerUseProtseqA
I_RpcServerSetAddressChangeFn
I_RpcNegotiateTransferSyntax

gdi32

EnumFontFamiliesExA
PtVisible
PlayMetaFile
SetEnhMetaFileBits
GetClipRgn

shell32

SHGetFolderPathA
SHCreateShellItem
ShellExecuteW
SHBrowseForFolderA
SHAppBarMessage

ws2_32

select

esent

JetInit

secur32

VerifySignature
AcceptSecurityContext

kernel32

GetCommandLineA
CloseHandle
HeapSize
GetTimeZoneInformation
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LoadLibraryA
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
GetModuleFileNameA
WriteFile
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
HeapReAlloc
HeapAlloc
GetEnvironmentStrings
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetLocaleInfoW
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileA
CompareStringA
SetEnvironmentVariableA
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetACP
WideCharToMultiByte
FatalAppExitA
ExitProcess
HeapFree
Sleep
CompareStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetDateFormatA
FreeEnvironmentStringsA
GetCurrentThread
GetLastError
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidLocale
QueryPerformanceCounter
GetProcAddress
GetModuleHandleW
IsValidCodePage
WaitForSingleObjectEx
Process32FirstW
FreeResource
AddAtomA
WaitCommEvent
InterlockedDecrement
DeleteCriticalSection
SetEvent
VerSetConditionMask
LeaveCriticalSection
WaitForSingleObject
LoadLibraryW
GetCommProperties
GetProcessShutdownParameters
ClearCommBreak
GetSystemDefaultLCID
GetModuleFileNameW
GetBinaryTypeW
LoadLibraryExA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetCPInfo
InterlockedIncrement
GetOEMCP

lz32

GetExpandedNameW

Exports

Exports

AlsntlheRrtotdabsq

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.erloc
Size: 920KB - Virtual size: 917KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2fcd3d1e84fba0d96ef0319995a4550

Headers

File Characteristics

Imports

wininet

crypt32

mprapi

ole32

setupapi

shlwapi

comctl32

wintrust

oleaut32

user32

winmm

winspool.drv

winscard

rasapi32

advapi32

urlmon

comdlg32

rpcrt4

gdi32

shell32

ws2_32

esent

secur32

kernel32

lz32

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.erloc Size: 920KB - Virtual size: 917KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 100KB - Virtual size: 106KB

.rsrc Size: 4KB - Virtual size: 952B

.reloc Size: 28KB - Virtual size: 24KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.erloc
Size: 920KB - Virtual size: 917KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 100KB - Virtual size: 106KB

.rsrc
Size: 4KB - Virtual size: 952B

.reloc
Size: 28KB - Virtual size: 24KB