11352b8ff6ba86e24b1463a11ed30cd0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

11352b8ff6ba86e24b1463a11ed30cd0N.exe
Size

192KB
MD5

11352b8ff6ba86e24b1463a11ed30cd0
SHA1

f352e2732e2d92b09fd3de403e73f0d3bc89e6c9
SHA256

4d1c0b74227dcffdd89a2fabc19c76d9308cdb38b9cb5f1a99e2818c25b20aa8
SHA512

1ba1c68b5b9d70a0673a7117a80d370e252bccb4b5693d3f5a9cd521bd5ad4119e2113489b41a0bc141f2677bc6b60a4810dd379f6063e2de5b610753c17ffc5
SSDEEP

3072:5rHFTDdWZbxDrs5/V3og5NHs4I/w9/F5eCYRoiOUu4J/Wq1aDUezJUy0j92ISzzC:5TRdWZNWoUNHs4y2/eC5ihu4lWqaUoq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11352b8ff6ba86e24b1463a11ed30cd0N.exe

Files

11352b8ff6ba86e24b1463a11ed30cd0N.exe
.exe windows:5 windows x86 arch:x86

f75ad81707b8ea58d1e5667ceb42d1bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemWindowsDirectoryA
GetEnvironmentVariableA
DeleteFileA
CloseHandle
GetLastError
GetModuleFileNameW
GetProcessHeap
WaitForSingleObject
HeapFree
HeapAlloc
GetCommandLineW
IsDebuggerPresent
GetModuleHandleA
GetProcAddress
GetTempPathA
GetCurrentProcessId
GetModuleFileNameA
GetVersionExW
Sleep
GlobalFindAtomA
ExpandEnvironmentStringsA
GetCurrentProcess
GlobalAddAtomA
SetUnhandledExceptionFilter
GetComputerNameA
GetThreadContext
CreateFileA
SetThreadContext
Process32First
SetErrorMode
OpenProcess
WideCharToMultiByte
TerminateThread
CreateProcessA
TerminateProcess
FlushInstructionCache
GetShortPathNameA
SetCurrentDirectoryA
FindFirstFileA
GetHandleInformation
VirtualAlloc
VirtualAllocEx
FindClose
LoadLibraryA
Process32Next
FindNextFileA
LoadLibraryExA
VirtualProtect
GetCurrentDirectoryA
CreateToolhelp32Snapshot
GetVersionExA
WriteProcessMemory
ResumeThread
CreateThread
SetPriorityClass
SetEndOfFile
GetCurrentThread
WriteFile
GetBinaryTypeA
ReadFile
SetThreadPriority
GetFileSizeEx
CopyFileA
SetFileAttributesA
GetTempFileNameA
CreateRemoteThread
GetExitCodeProcess
Module32First
VirtualProtectEx
Module32Next
SwitchToThread
HeapReAlloc
GetTickCount
GetThreadPriority
lstrcpynA
VirtualFree
ExitProcess

user32

WaitForInputIdle
CharLowerA
wsprintfW
CharUpperA

shell32

SHGetFolderPathA
ShellExecuteExW
SHGetFolderPathW
ShellExecuteExA
ord680

ole32

CoUninitialize
CoInitializeEx

psapi

GetModuleBaseNameW

shlwapi

StrCatBuffA
PathAddBackslashA
PathCombineA
PathAddExtensionA
SHGetValueA
PathAppendW
StrStrNIW
StrStrIA
PathFindFileNameA
PathFileExistsA
PathIsDirectoryA
StrChrIA

ntdll

RtlImageNtHeader
_stricmp
ZwOpenProcess
ZwSetInformationThread
ZwClose
ZwUnmapViewOfSection
_alloca_probe
memset
_snprintf
ZwQueryInformationProcess
RtlUnwind

advapi32

CryptGetHashParam
CryptAcquireContextA
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptHashData
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
RegSetValueExA
RegCreateKeyA
RegOpenKeyExA
SetKernelObjectSecurity
CheckTokenMembership
RegFlushKey
RegCloseKey
CreateWellKnownSid

winscard

SCardEstablishContext
SCardFreeMemory
SCardDisconnect
SCardReleaseContext
SCardListReadersA
SCardConnectA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wintrust

WinVerifyTrust

netapi32

NetServerGetInfo
NetApiBufferFree
NetWkstaGetInfo

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

code
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 158KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f75ad81707b8ea58d1e5667ceb42d1bf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

psapi

shlwapi

ntdll

advapi32

winscard

version

wintrust

netapi32

Sections

.text Size: 16KB - Virtual size: 16KB

code Size: 8KB - Virtual size: 7KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 158KB - Virtual size: 159KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 16KB

code
Size: 8KB - Virtual size: 7KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 158KB - Virtual size: 159KB

.reloc
Size: 2KB - Virtual size: 1KB