4d77abcd3071c50415bbf6264254e9f0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4d77abcd3071c50415bbf6264254e9f0N.exe
Size

815KB
MD5

4d77abcd3071c50415bbf6264254e9f0
SHA1

402b56fdbf0390fb25a5d8e0e20e111cac163083
SHA256

cea9850e60a71e29e607bc51ed1ea0ecd009de04f0da595babcf96659e14cdcb
SHA512

c60b0fffbbfb3a2521da87ae9adadbd11b6800617d562abd1e83c0da424037519c9120c2aa9a76742497987e47a7f2b98ae7da7c6404ff3aa846be3a09af3a03
SSDEEP

12288:Qz3jeGHN+rdIgyD/r75w3MoaNDHQDFvGzd1wnpnw5qwPHbZHbSrZsy8Q:QTN+rd8DzWXtpGzd1wnpnlw9H29sQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d77abcd3071c50415bbf6264254e9f0N.exe

Files

4d77abcd3071c50415bbf6264254e9f0N.exe
.dll windows:6 windows x86 arch:x86

fea86ef2e60720964b28275c9f48d29a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
VirtualAlloc
VirtualQuery
HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
GetLastError
HeapReAlloc
CloseHandle
HeapAlloc
GetThreadContext
GetCurrentProcessId
FlushInstructionCache
SetThreadContext
OpenThread
GetTickCount
CreateThread
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent

user32

FindWindowA
GetKeyState
GetAsyncKeyState

msvcp140

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?copyfmt@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEAAV12@ABV12@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?good@ios_base@std@@QBE_NXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QBE?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@DPBUtm@@PBD3@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Xinvalid_argument@std@@YAXPBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?_Xbad_function_call@std@@YAXXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?fail@ios_base@std@@QBE_NXZ
?eof@ios_base@std@@QBE_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
?id@?$ctype@D@std@@2V0locale@2@A
??Bios_base@std@@QBE_NXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
_Query_perf_frequency
_Query_perf_counter
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@M@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Xout_of_range@std@@YAXPBD@Z

msvcp140_atomic_wait

__std_create_threadpool_work
__std_bulk_submit_threadpool_work
__std_parallel_algorithms_hw_threads
__std_close_threadpool_work
__std_wait_for_threadpool_work_callbacks

vcruntime140

memchr
__std_exception_copy
__std_terminate
__std_type_info_destroy_list
__std_exception_destroy
__CxxFrameHandler3
_except_handler4_common
memmove
_CxxThrowException
__current_exception_context
strstr
__current_exception
memcpy
_purecall
memset

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

terminate
_initterm
_invalid_parameter_noinfo_noreturn
_seh_filter_dll
_cexit
_configure_narrow_argv
_initterm_e
_crt_atexit
_execute_onexit_table
_errno
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function

api-ms-win-crt-stdio-l1-1-0

_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
fwrite
fgetc
fclose
fflush
fputc
_get_stream_buffer_pointers
__stdio_common_vsprintf

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-time-l1-1-0

_localtime64
_time64

api-ms-win-crt-convert-l1-1-0

_wtof
atoi
strtoll
strtol
_wtoi
strtod
strtoul
atof
strtoull

api-ms-win-crt-math-l1-1-0

roundf
ceil
_fdclass
fminf
_dclass
__libm_sse2_sin
__libm_sse2_expf
__libm_sse2_cosf
_CIfmod
round
_dsign
__libm_sse2_sinf

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-string-l1-1-0

isdigit
toupper
isxdigit
tolower

Sections

.text
Size: 623KB - Virtual size: 622KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fea86ef2e60720964b28275c9f48d29a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

msvcp140_atomic_wait

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

Sections

.text Size: 623KB - Virtual size: 622KB

.rdata Size: 61KB - Virtual size: 61KB

.data Size: 73KB - Virtual size: 276KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 56KB - Virtual size: 56KB

.text
Size: 623KB - Virtual size: 622KB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 73KB - Virtual size: 276KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 56KB - Virtual size: 56KB