0012b985d69e412cfeed1304dc79e550N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

0012b985d69e412cfeed1304dc79e550N.exe
Size

57KB
MD5

0012b985d69e412cfeed1304dc79e550
SHA1

452d277ed7e9215dae57686dad7719350ed9169f
SHA256

172c554d8701b3f037e6d937a9cb31a2c8bf788ffa9ff1cc075ea6c07fa6262b
SHA512

a6555a35de36e0f9685251259cac8983fa3dc6a0cce0458db3934edd9ba06f499eb1b89fbbce4007292a9dfa86161feab5a9a40a661f337869150526f0e7cc4e
SSDEEP

1536:90935yGgu2IcX2bFkLd3rvGAn4+xiwI+m1lD9cwsJ2:9S35ydIcGbqZ7f3Qfc2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0012b985d69e412cfeed1304dc79e550N.exe

Files

0012b985d69e412cfeed1304dc79e550N.exe
.exe windows:5 windows x86 arch:x86

be3afb22f38a55dff1b4a6aaebf7dae1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

MyFree
SetupCommitFileQueueA
SetupFindNextLine
SetupOpenAppendInfFileW
SetupDiCreateDeviceInfoListExW
SetupQueueRenameA
CM_Get_Device_Interface_Alias_ExA
CM_Get_DevNode_Status
SetupGetLineByIndexW
SetupSetDirectoryIdW
SetupDiDrawMiniIcon
CM_Set_DevNode_Registry_PropertyA
SetupDiDeleteDevRegKey
SetupDecompressOrCopyFileA
CM_Get_HW_Prof_Flags_ExA
SetupDiRegisterCoDeviceInstallers
CM_Test_Range_Available
CM_Get_Next_Log_Conf
SetupDiGetClassInstallParamsW
SetupDiSetSelectedDevice
SetupVerifyInfFileW
CM_Get_DevNode_Custom_Property_ExA
CM_Create_DevNodeW
SetupDeleteErrorW
InstallHinfSectionA
DoesUserHavePrivilege
SetupGetIntField
CM_Get_Device_ID_ListW
SetupOpenMasterInf

msvcrt20

_seterrormode
_getws
_putws
?ebuf@streambuf@@IBEPADXZ
_putenv
??_Diostream@@QAEXXZ
_ismbbalnum
?ignore@istream@@QAEAAV1@HH@Z
_wspawnv
_wsearchenv
??0istrstream@@QAE@PAD@Z
_setjmp3
_wexecle
_mbsrev
_scalb
__p__daylight
signal
atan2
??5istream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
?read@istream@@QAEAAV1@PACH@Z
_cexit
??0ostrstream@@QAE@ABV0@@Z
??_7strstreambuf@@6B@
?clog@@3Vostream_withassign@@A
?is_open@ifstream@@QBEHXZ
ftell
vfprintf
?width@ios@@QAEHH@Z
_tcstok
_execl

es

DllGetClassObject
NotifyLogoffUser
LCEControlServer
ServiceMain
NotifyLogonUser
DllCanUnloadNow

msvcirt

?fail@ios@@QBEHXZ
?close@ofstream@@QAEXXZ
??_8stdiostream@@7Bostream@@@
??_Gistream_withassign@@UAEPAXI@Z
??0ostream@@IAE@ABV0@@Z
?iword@ios@@QBEAAJH@Z
??0istrstream@@QAE@PAD@Z
?fill@ios@@QAEDD@Z
??4istream@@IAEAAV0@PAVstreambuf@@@Z
?gptr@streambuf@@IBEPADXZ
??_7stdiobuf@@6B@
??_7ostream_withassign@@6B@
??0ofstream@@QAE@PBDHH@Z
??_7filebuf@@6B@
?overflow@stdiobuf@@UAEHH@Z
??_Gostrstream@@UAEPAXI@Z
??0strstreambuf@@QAE@P6APAXJ@ZP6AXPAX@Z@Z
?attach@ifstream@@QAEXH@Z
??_Dostream@@QAEXXZ
?fd@fstream@@QBEHXZ
?setmode@fstream@@QAEHH@Z
??0istream_withassign@@QAE@PAVstreambuf@@@Z
??0strstreambuf@@QAE@H@Z
?bitalloc@ios@@SAJXZ
?eback@streambuf@@IBEPADXZ
?x_lockc@ios@@0U_CRT_CRITICAL_SECTION@@A
??0istream@@IAE@XZ
?rdbuf@ifstream@@QBEPAVfilebuf@@XZ
??5istream@@QAEAAV0@PAE@Z

apphelp

SdbGetTagDataSize
SdbReadQWORDTag
SdbGetStringTagPtr
SdbReadQWORDTagRef
SdbReadMsiTransformInfo
SdbOpenDatabase
SdbQueryData
SdbGetFirstChild
SdbGetStandardDatabaseGUID
SdbTagRefToTagID
SdbReadWORDTagRef
SdbGrabMatchingInfoEx
SdbDeletePermLayerKeys
ApphelpCheckShellObject
SdbCreateMsiTransformFile
SdbReadStringTagRef
ShimFlushCache
AllowPermLayer
GetPermLayers
ShimDumpCache
ApphelpCheckMsiPackage
SdbReadBYTETag

kernel32

LocalAlloc
SetEnvironmentVariableW
WriteConsoleOutputW
GetConsoleKeyboardLayoutNameA
RemoveLocalAlternateComputerNameW
GetFileType
WritePrivateProfileSectionW
InterlockedIncrement
GetDevicePowerState
GetVolumeInformationA
SetConsoleInputExeNameW
HeapCreate
GetNumberOfConsoleMouseButtons
LZDone
EndUpdateResourceA
VirtualAlloc
TlsFree
InterlockedPopEntrySList
CallNamedPipeW
LZCopy
GetVolumePathNameA
LoadLibraryA
SetConsoleHardwareState

wmadmod

CreateInstance
DllRegisterServer
DllUnregisterServer
DllGetClassObject
DllCanUnloadNow

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be3afb22f38a55dff1b4a6aaebf7dae1

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

msvcrt20

es

msvcirt

apphelp

kernel32

wmadmod

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 17KB - Virtual size: 66KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 224B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 17KB - Virtual size: 66KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 224B