2bdfae1525133ec6a68dea1c5bd14cc0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

2bdfae1525133ec6a68dea1c5bd14cc0N.exe
Size

196KB
MD5

2bdfae1525133ec6a68dea1c5bd14cc0
SHA1

ece04e6359cab3c06b7c493cd8fe0b8a7d2eba4b
SHA256

b6598d86bcbd251928349d942e466e2349907189cad83060ba7b4efb14e827aa
SHA512

a58e396aeef417471d2f8e1ffdc9ead0af11efc4a248e534d706da9019da3af38ccd8257eca47fa1b983ff83dffcd179cd9c3fc820eaf63b2e7d72a6fa2b11eb
SSDEEP

3072:g+S/J+rUNKg8p3RBpl/r4g2pRbSU47y/G6YCmoAVihptEUIWXBJpTcFITaR:Ag4Ug8BNl/r5yPulihptJpre

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bdfae1525133ec6a68dea1c5bd14cc0N.exe

Files

2bdfae1525133ec6a68dea1c5bd14cc0N.exe
.dll windows:10 windows x86 arch:x86

adfa4ceb475544ed7a3c0fb8598bd5ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

olesvr32.pdb

Imports

msvcrt

_vsnwprintf
??3@YAXPAX@Z
_purecall
_errno
wcsncmp
memcpy
memcmp
memmove
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
_initterm
malloc
free
_amsg_exit
_XcptFilter
memset

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
lstrcmpA
GetCurrentThreadId
VirtualQuery
SetThreadStackGuarantee
GetSystemInfo
VirtualAlloc
VirtualProtect
IsDebuggerPresent
IsWow64Process
DebugBreak
GetModuleHandleW
GetProcessHeap
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
GetProcAddress
HeapAlloc
CreateThreadpoolTimer
ReleaseSRWLockShared
SetThreadpoolTimer
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitOnceComplete
GetCurrentThread
CloseThreadpoolTimer
OutputDebugStringW
ReleaseSRWLockExclusive
lstrcmpiA
GlobalSize
GlobalGetAtomNameA
GlobalUnlock
GlobalFindAtomA
GlobalLock
GlobalFree
GlobalAlloc
GlobalAddAtomA
Sleep
GetLastError
FormatMessageW
ReleaseMutex
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
InitializeCriticalSectionEx
LeaveCriticalSection
GlobalDeleteAtom
LocalUnlock
LocalFree
LocalAlloc
LocalLock
GetModuleHandleExW
ReleaseSemaphore
EnterCriticalSection
GetModuleFileNameA
InitOnceBeginInitialize
CreateSemaphoreExW
HeapFree
SetLastError

advapi32

SetThreadToken
RegOpenKeyExA
EventUnregister
OpenThreadToken
OpenProcessToken
RegOpenUserClassesRoot
EventSetInformation
EventRegister
RegQueryValueExA
EventWriteTransfer
RegCloseKey

user32

GetParent
GetWindowLongA
SetTimer
PostMessageA
UnpackDDElParam
PackDDElParam
SendMessageA
CreateWindowExA
DefWindowProcA
EnumPropsA
SetWindowLongA
IsWindow
RegisterClassA
RegisterClipboardFormatA
GetWindowThreadProcessId
SetPropA
GetClassNameA
KillTimer
GetDesktopWindow
RemovePropA
GetPropA
SetWindowWord
EnumChildWindows
FreeDDElParam
DestroyWindow
GetWindow

gdi32

CopyMetaFileA
CreateBitmap
GetBitmapBits
DeleteEnhMetaFile
DeleteObject
DeleteMetaFile
GetObjectA
SetBitmapBits
CopyEnhMetaFileA

ntdll

EtwTraceMessage

Exports

Exports

DeleteClientInfo
DocWndProc
EnumForTerminate
FindItemWnd
ItemCallBack
ItemWndProc
OleBlockServer
OleQueryServerVersion
OleRegisterServer
OleRegisterServerDoc
OleRenameServerDoc
OleRevertServerDoc
OleRevokeObject
OleRevokeServer
OleRevokeServerDoc
OleSavedServerDoc
OleUnblockServer
SendDataMsg
SendRenameMsg
SrvrWndProc
TerminateClients
TerminateDocClients
WEP

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

adfa4ceb475544ed7a3c0fb8598bd5ce

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

user32

gdi32

ntdll

Exports

Exports

Sections

.text Size: 46KB - Virtual size: 45KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 143KB - Virtual size: 142KB

.text
Size: 46KB - Virtual size: 45KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 143KB - Virtual size: 142KB