50fdd3fbada44c3bd1d7c0a3ebb8de90N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

50fdd3fbada44c3bd1d7c0a3ebb8de90N.exe
Size

260KB
MD5

50fdd3fbada44c3bd1d7c0a3ebb8de90
SHA1

a96b7617b0aabf332509852d65d164470e56933a
SHA256

d745288e79fc801e4051d81c8ae430357790ae42998a7ea347cee94fb173723f
SHA512

2b6bb09673330e49fa5bf5373bf4b20e44d31c52998d79254f3ab37c1018227646c3a6a2061b95a3d3bf7ae8d337ae1dea0694b35359d31aeec877bf4b7c4381
SSDEEP

3072:6yCjTGQAUxLaCmyDFs3JNy46KoiMzQ+QM/vos:6ymGQAUxOC/DFs3JNy46K4XR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
50fdd3fbada44c3bd1d7c0a3ebb8de90N.exe

Files

50fdd3fbada44c3bd1d7c0a3ebb8de90N.exe
.dll windows:4 windows x86 arch:x86

38a2761671c13a40aaceff8040e961a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpW
LocalFree
FormatMessageW
GetLastError
lstrlenW
FreeLibrary
GetProcAddress
LoadLibraryW
lstrcpyW
InterlockedDecrement
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
CloseHandle
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
FlushFileBuffers
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
Sleep
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
UnhandledExceptionFilter
IsBadCodePtr
VirtualAlloc
RtlUnwind
GetCommandLineA
GetVersion
RaiseException
DebugBreak
GetStdHandle
WriteFile
OutputDebugStringA
LoadLibraryA
InterlockedIncrement
GetModuleFileNameA
ExitProcess
TerminateProcess
GetCurrentProcess
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
VirtualFree
SetUnhandledExceptionFilter
SetConsoleCtrlHandler
SetFilePointer
MultiByteToWideChar
HeapAlloc
HeapReAlloc

user32

GetClassNameW
SendMessageTimeoutW
SendMessageW
CallNextHookEx
UnhookWindowsHookEx
GetWindowThreadProcessId
SetWindowsHookExW
MessageBoxW
GetWindowLongW
RegisterWindowMessageW

ole32

CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

VariantClear
VariantInit
VariantCopy
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantChangeType
SetErrorInfo
GetErrorInfo
CreateErrorInfo

Exports

Exports

?IsPasswordPage@@YGKXZ
?QueryPasswordEdit@@YGHXZ
?QueryPasswordPage@@YGHXZ
?SetHook@@YGHPAUHWND__@@0I@Z
?UnsetHook@@YGHPAUHWND__@@0@Z

Sections

.text
Size: 208KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 289B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38a2761671c13a40aaceff8040e961a7

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 208KB - Virtual size: 204KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 20KB - Virtual size: 26KB

.idata Size: 4KB - Virtual size: 3KB

Shared Size: 4KB - Virtual size: 289B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 208KB - Virtual size: 204KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 20KB - Virtual size: 26KB

.idata
Size: 4KB - Virtual size: 3KB

Shared
Size: 4KB - Virtual size: 289B

.reloc
Size: 8KB - Virtual size: 7KB