4c64dde89a89c3765cf4350e39d9f400N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4c64dde89a89c3765cf4350e39d9f400N.exe
Size

1.7MB
MD5

4c64dde89a89c3765cf4350e39d9f400
SHA1

ab1a5f08c6766cad69a5d08bc890850a4c08d767
SHA256

e2e2de93d68d0c04601629880df3e1712d9cee25529e4c33c30869f46c6342c1
SHA512

8c21d7ad057b2607b869fd1476a6f9ae73897b4e1c01237894d7664c09c9e1fcdc31ff37dd9c4af4666808d6dcb60b80833bac5ee0269f2bde7ddc36f17804c5
SSDEEP

49152:278lEwLD0k6sCwNlwfIuPqblWE9vy0X+:27uohcoVqFy0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c64dde89a89c3765cf4350e39d9f400N.exe

Files

4c64dde89a89c3765cf4350e39d9f400N.exe
.dll windows:5 windows x86 arch:x86

d895d199de4b4a601046c95cd57872fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wintrust

CryptCATAdminAcquireContext
CryptCATEnumerateAttr
CryptCATAdminAddCatalog

rasapi32

RasSetEapUserDataW
RasGetCredentialsW
RasGetSubEntryHandleA

mprapi

MprInfoBlockRemove

winspool.drv

AddPrinterDriverW
DeletePrinterDriverExW
EndDocPrinter

advapi32

SetNamedSecurityInfoW
CryptDuplicateHash
RegCloseKey
RegEnumKeyExA
StartServiceCtrlDispatcherA
CryptSignHashA

secur32

EncryptMessage
QuerySecurityPackageInfoA

msvcrt

wcscoll
strspn

rpcrt4

NdrAsyncClientCall
NdrOleAllocate
UuidToStringA
NdrSimpleTypeMarshall
RpcServerUseProtseqEpA

urlmon

IsValidURL

netapi32

NetUserModalsGet

winscard

SCardGetCardTypeProviderNameA
SCardListReadersW

lz32

GetExpandedNameW

shell32

FindExecutableA
SHLoadInProc
ExtractIconExW
ExtractIconA
ExtractAssociatedIconW
ExtractIconExA
SHGetSpecialFolderLocation

kernel32

GetExitCodeProcess
WaitForSingleObjectEx
LeaveCriticalSection
DeleteCriticalSection
HeapSize
QueryPerformanceCounter
Process32FirstW
OpenSemaphoreW
VirtualAlloc
WaitForSingleObject
SetEvent
SetStdHandle
OutputDebugStringA
GetUserDefaultLCID
LoadLibraryW

oleaut32

GetErrorInfo
SafeArrayCreate

ws2_32

select

msacm32

acmDriverClose

wininet

InternetGetCookieA

comdlg32

ChooseColorW

user32

EndMenu
SetWindowsHookW
UpdateWindow
CreateIcon
SetPropW
BlockInput
GetDlgItem
DrawStateW
PostQuitMessage
LoadCursorFromFileA
ShowWindow

winmm

timeGetDevCaps
waveInGetID

gdi32

GetEnhMetaFilePaletteEntries
PlayEnhMetaFile
GetWinMetaFileBits
GetPath
GetObjectA

ole32

RevokeDragDrop
CreateDataCache

comctl32

CreateStatusWindowW
ImageList_LoadImageW

setupapi

SetupDiEnumDeviceInfo

Exports

Exports

FymaNptrxehutsqrn

Sections

.text
Size: 948KB - Virtual size: 944KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.erloc
Size: 508KB - Virtual size: 505KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 180KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d895d199de4b4a601046c95cd57872fc

Headers

File Characteristics

Imports

wintrust

rasapi32

mprapi

winspool.drv

advapi32

secur32

msvcrt

rpcrt4

urlmon

netapi32

winscard

lz32

shell32

kernel32

oleaut32

ws2_32

msacm32

wininet

comdlg32

user32

winmm

gdi32

ole32

comctl32

setupapi

Exports

Exports

Sections

.text Size: 948KB - Virtual size: 944KB

.erloc Size: 508KB - Virtual size: 505KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 180KB - Virtual size: 182KB

.rdata Size: 4KB - Virtual size: 952B

.reloc Size: 68KB - Virtual size: 66KB

.text
Size: 948KB - Virtual size: 944KB

.erloc
Size: 508KB - Virtual size: 505KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 180KB - Virtual size: 182KB

.rdata
Size: 4KB - Virtual size: 952B

.reloc
Size: 68KB - Virtual size: 66KB