927f8b39ebca2896fbe8549b9a842efe81e04c3966f87751042cc1fc1f96960e[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

927f8b39ebca2896fbe8549b9a842efe81e04c3966f87751042cc1fc1f96960e.exe
Size

141KB
MD5

63d9a96c6a9a7cd4fa90c38af8e6b0b3
SHA1

1a947c6e3733add326238dfb075fda4deae867af
SHA256

927f8b39ebca2896fbe8549b9a842efe81e04c3966f87751042cc1fc1f96960e
SHA512

61b6210408015ccf0eb2ab2ce69d70716b98d0121f964bd288da4368d43d5dc9f78eeb84b92f212cffc3ee3b603edfc67962ef1026d8579c1a51eb4dc5ab0e58
SSDEEP

3072:okKdJiJN5pSIagpMV6SYytFpwKuzu085Bc:oLi5SIJpMV6SE85K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
927f8b39ebca2896fbe8549b9a842efe81e04c3966f87751042cc1fc1f96960e.exe

Files

927f8b39ebca2896fbe8549b9a842efe81e04c3966f87751042cc1fc1f96960e.exe
.exe windows:6 windows x64 arch:x64

1f6840d1a399c345fb25014e3a09eb17

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ieUnAtt.pdb

Imports

advapi32

RegQueryInfoKeyW
RegDeleteKeyW
RegEnumKeyExW
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW
RegSetValueExW
AddAccessAllowedAce
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
EqualSid
GetTokenInformation
OpenThreadToken
OpenProcessToken
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
GetLengthSid

kernel32

HeapSize
DeviceIoControl
GetVolumeInformationW
SetFileAttributesW
GetDiskFreeSpaceExW
GetVersionExA
DuplicateHandle
GetShortPathNameW
OpenEventW
HeapWalk
GetDiskFreeSpaceW
GlobalFree
GetComputerNameExW
VirtualAlloc
GlobalUnlock
GetOverlappedResult
CreateProcessA
HeapValidate
GetExitCodeProcess
HeapCreate
HeapDestroy
GetVersionExW
GetLocaleInfoW
GlobalAlloc
OpenProcess
SetFileTime
GetPrivateProfileStringW
VirtualFree
GetLogicalDrives
GlobalLock
GlobalSize
GetLogicalDriveStringsW
MoveFileExW
LocalFree
lstrcmpiW
GetLastError
WritePrivateProfileStringW
GetCommandLineW
GetFileType
Sleep
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
LocalAlloc
ExpandEnvironmentStringsW
ExitProcess
GetTempFileNameW
HeapReAlloc
GetFileSize
TlsGetValue
MapViewOfFile
UnmapViewOfFile
VirtualQuery
HeapAlloc
HeapFree
GetProcessHeap
GetWindowsDirectoryA
InitializeCriticalSection
TlsSetValue
FormatMessageW
LeaveCriticalSection
GetFileAttributesW
GetTempPathW
RaiseException
SetLastError
EnterCriticalSection
GetLocalTime
CreateFileMappingW
DeleteCriticalSection
TlsAlloc
GetWindowsDirectoryW
TlsFree
CreateDirectoryW
GetModuleFileNameW
GetModuleFileNameA
DebugBreak
CloseHandle
CreateFileA
CreateMutexW
SetFilePointer
FreeLibrary
WaitForSingleObject
GetCurrentThread
ExpandEnvironmentStringsA
WriteFile
CreateFileW
GetProcAddress
CreateFileMappingA
GetSystemInfo
LoadLibraryExA
CreateMutexA
ReleaseMutex
GetVersion
DeleteFileW
DeleteFileA
LoadLibraryExW
SetEvent
WaitForMultipleObjectsEx
ResetEvent
CreateEventW
CreateThread
FlushFileBuffers
FindFirstFileW
ReadFile
FindClose
RemoveDirectoryW
FindNextFileW
GetFileSizeEx
WideCharToMultiByte
MultiByteToWideChar
IsDebuggerPresent
OutputDebugStringA
GetFullPathNameW
GlobalMemoryStatus
HeapCompact
CopyFileExW
GetDriveTypeW
SetEndOfFile
SetErrorMode
CreateProcessW

msvcrt

__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_cexit
wcsrchr
_vsnprintf
_onexit
_wcsicmp
towlower
free
wcschr
memcpy
_wtoi
iswctype
feof
_wfopen
fgetws
swscanf_s
wcstok_s
fclose
rand_s
iswalpha
??1type_info@@UEAA@XZ
__CxxFrameHandler3
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
wcsncmp
_itow_s
_wcsnicmp
??2@YAPEAX_K@Z
iswspace
??3@YAXPEAX@Z
_vsnwprintf
memset

ole32

CoCreateGuid
StringFromGUID2

shell32

ord165
SHGetFolderPathW
CommandLineToArgvW

shlwapi

ord158
StrCmpW
StrChrW

user32

UnregisterClassA
LoadStringW

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime

Exports

Exports

??0?$CDynamicArray@EPEAE@@QEAA@_K@Z
??0?$CDynamicArray@EPEAUSKey@@@@QEAA@_K@Z
??0?$CDynamicArray@EPEAUSValue@@@@QEAA@_K@Z
??0?$CDynamicArray@GPEAG@@QEAA@_K@Z
??0?$CDynamicArray@PEAUSEnumBinContext@@PEAPEAU1@@@QEAA@_K@Z
??0?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PEAU12@@@QEAA@_K@Z
??0?$CDynamicArray@_KPEA_K@@QEAA@_K@Z
??1?$CDynamicArray@EPEAE@@QEAA@XZ
??1?$CDynamicArray@EPEAUSKey@@@@QEAA@XZ
??1?$CDynamicArray@EPEAUSValue@@@@QEAA@XZ
??1?$CDynamicArray@GPEAG@@QEAA@XZ
??1?$CDynamicArray@PEAUSEnumBinContext@@PEAPEAU1@@@QEAA@XZ
??1?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PEAU12@@@QEAA@XZ
??1?$CDynamicArray@_KPEA_K@@QEAA@XZ
??4?$CDynamicArray@EPEAE@@QEAAAEAV0@AEBV0@@Z
??4?$CDynamicArray@EPEAUSKey@@@@QEAAAEAV0@AEBV0@@Z
??4?$CDynamicArray@EPEAUSValue@@@@QEAAAEAV0@AEBV0@@Z
??4?$CDynamicArray@GPEAG@@QEAAAEAV0@AEBV0@@Z
??4?$CDynamicArray@PEAUSEnumBinContext@@PEAPEAU1@@@QEAAAEAV0@AEBV0@@Z
??4?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PEAU12@@@QEAAAEAV0@AEBV0@@Z
??4?$CDynamicArray@_KPEA_K@@QEAAAEAV0@AEBV0@@Z
??A?$CDynamicArray@PEAUSEnumBinContext@@PEAPEAU1@@@QEAAAEAPEAUSEnumBinContext@@_K@Z
??A?$CDynamicArray@_KPEA_K@@QEAAAEA_K_K@Z
??B?$CDynamicArray@EPEAUSKey@@@@QEBAPEAUSKey@@XZ
??B?$CDynamicArray@EPEAUSValue@@@@QEBAPEAUSValue@@XZ
??B?$CDynamicArray@GPEAG@@QEBAPEAGXZ
??C?$CDynamicArray@EPEAUSKey@@@@QEBAPEAUSKey@@XZ
??C?$CDynamicArray@EPEAUSValue@@@@QEBAPEAUSValue@@XZ
??_F?$CDynamicArray@EPEAE@@QEAAXXZ
??_F?$CDynamicArray@EPEAUSKey@@@@QEAAXXZ
??_F?$CDynamicArray@EPEAUSValue@@@@QEAAXXZ
??_F?$CDynamicArray@GPEAG@@QEAAXXZ
??_F?$CDynamicArray@PEAUSEnumBinContext@@PEAPEAU1@@@QEAAXXZ
??_F?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PEAU12@@@QEAAXXZ
??_F?$CDynamicArray@_KPEA_K@@QEAAXXZ
?Add@?$CDynamicArray@PEAUSEnumBinContext@@PEAPEAU1@@@QEAAHAEAPEAUSEnumBinContext@@@Z
?Add@?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PEAU12@@@QEAAHAEAUSKeeperEntry@CBlackboardFactory@@@Z
?Add@?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PEAU12@@@QEAAHAEAUSKeeperEntry@CBlackboardFactory@@AEA_K@Z
?Add@?$CDynamicArray@_KPEA_K@@QEAAHAEA_K@Z
?ElementAt@?$CDynamicArray@GPEAG@@QEAAAEAG_K@Z
?ElementAt@?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PEAU12@@@QEAAAEAUSKeeperEntry@CBlackboardFactory@@_K@Z
?GetBuffer@?$CDynamicArray@EPEAE@@QEAAPEAE_K@Z
?GetBuffer@?$CDynamicArray@EPEAUSValue@@@@QEAAPEAUSValue@@_K@Z
?GetBuffer@?$CDynamicArray@GPEAG@@QEAAPEAG_K@Z
?GetSize@?$CDynamicArray@EPEAE@@QEBA_KXZ
?GetSize@?$CDynamicArray@GPEAG@@QEBA_KXZ
?GetSize@?$CDynamicArray@PEAUSEnumBinContext@@PEAPEAU1@@@QEBA_KXZ
?GetSize@?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PEAU12@@@QEBA_KXZ
?GetSize@?$CDynamicArray@_KPEA_K@@QEBA_KXZ
?Init@?$CDynamicArray@EPEAE@@IEAAX_K@Z
?Init@?$CDynamicArray@EPEAUSKey@@@@IEAAX_K@Z
?Init@?$CDynamicArray@EPEAUSValue@@@@IEAAX_K@Z
?Init@?$CDynamicArray@GPEAG@@IEAAX_K@Z
?Init@?$CDynamicArray@PEAUSEnumBinContext@@PEAPEAU1@@@IEAAX_K@Z
?Init@?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PEAU12@@@IEAAX_K@Z
?Init@?$CDynamicArray@_KPEA_K@@IEAAX_K@Z
?RemoveAll@?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PEAU12@@@QEAAXXZ
?RemoveAll@?$CDynamicArray@_KPEA_K@@QEAAXXZ
?RemoveItemFromTail@?$CDynamicArray@PEAUSEnumBinContext@@PEAPEAU1@@@QEAAXXZ
?SetSize@?$CDynamicArray@EPEAE@@QEAAH_K@Z
?SetSize@?$CDynamicArray@EPEAUSKey@@@@QEAAH_K@Z
?SetSize@?$CDynamicArray@EPEAUSValue@@@@QEAAH_K@Z
?SetSize@?$CDynamicArray@GPEAG@@QEAAH_K@Z
?SetSize@?$CDynamicArray@PEAUSEnumBinContext@@PEAPEAU1@@@QEAAH_K@Z
?SetSize@?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PEAU12@@@QEAAH_K@Z
?SetSize@?$CDynamicArray@_KPEA_K@@QEAAH_K@Z

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f6840d1a399c345fb25014e3a09eb17

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ole32

shell32

shlwapi

user32

ntdll

oleaut32

Exports

Exports

Sections

.text Size: 111KB - Virtual size: 110KB

.data Size: 14KB - Virtual size: 18KB

.pdata Size: 3KB - Virtual size: 3KB

.idata Size: 7KB - Virtual size: 7KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 111KB - Virtual size: 110KB

.data
Size: 14KB - Virtual size: 18KB

.pdata
Size: 3KB - Virtual size: 3KB

.idata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB