46bd47ac19372d106adc0baaca5586e0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

46bd47ac19372d106adc0baaca5586e0N.exe
Size

276KB
MD5

46bd47ac19372d106adc0baaca5586e0
SHA1

e25d6f04bd7d80fa92833cce69412fe0bb4531a6
SHA256

e1a2593930db8e75976eccf2a435ff70e62efc51561692afb62f4561adab2353
SHA512

379c1863604ad259f865f03c9878be90f40e83d78f9f064b9468e8d653914196de4b3f191dcf6fa97b93ac26961dd056c2628b192092e123033c2bd35b7da462
SSDEEP

6144:S2GS+aC0rY4knoxbWbG6jPZ/RtgpaIQc0ACyA:HGS+anrfknoxbWbG6jPZkamrA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46bd47ac19372d106adc0baaca5586e0N.exe

Files

46bd47ac19372d106adc0baaca5586e0N.exe
.exe windows:10 windows x86 arch:x86

9703ae33b2923ce0dd0212619f962e0b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

AudioDG.pdb

Imports

msvcrt

_ftol2
memcmp
_CxxThrowException
_unlock
_lock
wcstoul
?terminate@@YAXXZ
_except_handler4_common
__dllonexit
_wcmdln
_onexit
_initterm
??1type_info@@UAE@XZ
__p__fmode
_cexit
_exit
wcsncpy_s
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
memset
__CxxFrameHandler3
_callnewh
_vsnwprintf
memcpy_s
_wcsicmp
memmove_s
_resetstkoflw
malloc
_purecall
_errno
free
realloc
__setusermatherr
_controlfp
memcpy

api-ms-win-core-processenvironment-l1-2-0

GetCommandLineW

api-ms-win-core-com-l1-1-1

CoTaskMemFree
CoImpersonateClient
CoRevertToSelf
CLSIDFromString
StringFromCLSID
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
PropVariantClear
CoInitializeSecurity
CoCreateInstance
CoInitializeEx
CoRevokeClassObject
CoResumeClassObjects
CoRegisterClassObject

rpcrt4

RpcServerRegisterIf3
I_RpcBindingInqTransportType
RpcServerUseProtseqEpW
NdrServerCall2
RpcRevertToSelf
I_RpcBindingInqLocalClientPID
RpcImpersonateClient
RpcServerUnregisterIfEx

api-ms-win-core-synch-l1-2-0

LeaveCriticalSection
ResetEvent
DeleteCriticalSection
EnterCriticalSection
InitOnceBeginInitialize
WaitForSingleObject
Sleep
InitializeCriticalSection
WaitForMultipleObjectsEx
WaitForSingleObjectEx
CreateEventW
SetEvent
InitOnceExecuteOnce

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameW
FreeLibrary
GetModuleHandleA
LockResource
SizeofResource
LoadResource
FindResourceExW
LoadLibraryExW
GetModuleHandleW

api-ms-win-core-processthreads-l1-1-2

GetCurrentThreadId
CreateThread
GetCurrentProcessId
GetThreadId
GetCurrentProcess
OpenProcess
GetProcessId
GetStartupInfoW
TerminateProcess

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-handle-l1-1-0

GetHandleInformation
DuplicateHandle
CloseHandle

api-ms-win-security-base-l1-2-0

MakeAbsoluteSD

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegGetValueW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-heap-l1-2-0

HeapFree
HeapSize
HeapReAlloc
HeapDestroy
HeapAlloc
HeapSetInformation
GetProcessHeap

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetLogicalProcessorInformationEx
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-memory-l1-1-2

GetProcessWorkingSetSizeEx
SetProcessWorkingSetSizeEx
UnmapViewOfFile
MapViewOfFile
VirtualLock
CreateFileMappingW
VirtualUnlock

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-debug-l1-1-1

OutputDebugStringA

ntdll

NtQueryInformationProcess
EtwLogTraceEvent
NtSetInformationProcess
NtSetInformationThread
RtlPublishWnfStateData
NtQuerySystemInformation
NtSetSystemInformation
EtwEventWrite
EtwEventWriteTransfer
EtwGetTraceLoggerHandle
NtDeleteWnfStateName
EtwUnregisterTraceGuids
NtCreateWnfStateName
EtwEventUnregister
EtwRegisterTraceGuidsW
EtwTraceMessage
EtwEventRegister
RtlExtendMemoryBlockLookaside
RtlFreeMemoryBlockLookaside
RtlCreateMemoryBlockLookaside
RtlLockMemoryZone
RtlAllocateMemoryZone
RtlNtStatusToDosError
RtlCreateMemoryZone
RtlAllocateMemoryBlockLookaside
RtlUnlockMemoryZone
RtlDestroyMemoryBlockLookaside
RtlDestroyMemoryZone
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
AlpcGetMessageAttribute
NtAlpcCreatePort
NtAlpcOpenSenderProcess
RtlRandomEx
NtClose
NtAlpcSendWaitReceivePort
NtAlpcAcceptConnectPort
NtAlpcConnectPort
RtlInitUnicodeStringEx
AlpcInitializeMessageAttribute
ShipAssertMsgW
EtwEventSetInformation
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
ShipAssert
WinSqmIncrementDWORD

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterMemoryBlock

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

mmdevapi

ord8
ord2
ord9

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
TraceEvent

api-ms-win-eventing-provider-l1-1-0

EventWrite

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

Sections

.text
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CODE
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9703ae33b2923ce0dd0212619f962e0b

Headers

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-com-l1-1-1

rpcrt4

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-memory-l1-1-2

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-debug-l1-1-1

ntdll

api-ms-win-core-windowserrorreporting-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

mmdevapi

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-delayload-l1-1-1

Sections

.text Size: 246KB - Virtual size: 245KB

RT_CODE Size: 1024B - Virtual size: 784B

RT_BSS Size: - Virtual size: 40B

.data Size: 1024B - Virtual size: 2KB

.idata Size: 7KB - Virtual size: 6KB

.didat Size: 512B - Virtual size: 40B

RT_DATA Size: 512B - Virtual size: 176B

RT_CONST Size: 512B - Virtual size: 480B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 246KB - Virtual size: 245KB

RT_CODE
Size: 1024B - Virtual size: 784B

RT_BSS
Size: - Virtual size: 40B

.data
Size: 1024B - Virtual size: 2KB

.idata
Size: 7KB - Virtual size: 6KB

.didat
Size: 512B - Virtual size: 40B

RT_DATA
Size: 512B - Virtual size: 176B

RT_CONST
Size: 512B - Virtual size: 480B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 16KB - Virtual size: 15KB