784919d2aa093e2185bed4341b141160N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

784919d2aa093e2185bed4341b141160N.exe
Size

1.7MB
MD5

784919d2aa093e2185bed4341b141160
SHA1

0e13aab2fce249f20eb00fc4874a8491af665601
SHA256

8282e4f8974edb804d7d881f4fafb4259526abf3978554900963510686233226
SHA512

533b3c7fdb51bf46dff7ba2a0303cce3dd025abf39e97cc75a815593320661467b09d45b8bd45ec37f3b1a0937d3156a6af515862f8e6265e880b3c0cc1d356f
SSDEEP

49152:g78lEwLD0k6sCwNlwpIuPqblWE9vy0XRk:g7uohco7qFy0W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
784919d2aa093e2185bed4341b141160N.exe

Files

784919d2aa093e2185bed4341b141160N.exe
.dll windows:5 windows x86 arch:x86

d895d199de4b4a601046c95cd57872fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wintrust

CryptCATAdminAcquireContext
CryptCATEnumerateAttr
CryptCATAdminAddCatalog

rasapi32

RasSetEapUserDataW
RasGetCredentialsW
RasGetSubEntryHandleA

mprapi

MprInfoBlockRemove

winspool.drv

AddPrinterDriverW
DeletePrinterDriverExW
EndDocPrinter

advapi32

SetNamedSecurityInfoW
CryptDuplicateHash
RegCloseKey
RegEnumKeyExA
StartServiceCtrlDispatcherA
CryptSignHashA

secur32

EncryptMessage
QuerySecurityPackageInfoA

msvcrt

wcscoll
strspn

rpcrt4

NdrAsyncClientCall
NdrOleAllocate
UuidToStringA
NdrSimpleTypeMarshall
RpcServerUseProtseqEpA

urlmon

IsValidURL

netapi32

NetUserModalsGet

winscard

SCardGetCardTypeProviderNameA
SCardListReadersW

lz32

GetExpandedNameW

shell32

FindExecutableA
SHLoadInProc
ExtractIconExW
ExtractIconA
ExtractAssociatedIconW
ExtractIconExA
SHGetSpecialFolderLocation

kernel32

GetExitCodeProcess
WaitForSingleObjectEx
LeaveCriticalSection
DeleteCriticalSection
HeapSize
QueryPerformanceCounter
Process32FirstW
OpenSemaphoreW
VirtualAlloc
WaitForSingleObject
SetEvent
SetStdHandle
OutputDebugStringA
GetUserDefaultLCID
LoadLibraryW

oleaut32

GetErrorInfo
SafeArrayCreate

ws2_32

select

msacm32

acmDriverClose

wininet

InternetGetCookieA

comdlg32

ChooseColorW

user32

EndMenu
SetWindowsHookW
UpdateWindow
CreateIcon
SetPropW
BlockInput
GetDlgItem
DrawStateW
PostQuitMessage
LoadCursorFromFileA
ShowWindow

winmm

timeGetDevCaps
waveInGetID

gdi32

GetEnhMetaFilePaletteEntries
PlayEnhMetaFile
GetWinMetaFileBits
GetPath
GetObjectA

ole32

RevokeDragDrop
CreateDataCache

comctl32

CreateStatusWindowW
ImageList_LoadImageW

setupapi

SetupDiEnumDeviceInfo

Exports

Exports

FymaNptrxehutsqrn

Sections

.text
Size: 948KB - Virtual size: 944KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.erloc
Size: 508KB - Virtual size: 505KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 180KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d895d199de4b4a601046c95cd57872fc

Headers

File Characteristics

Imports

wintrust

rasapi32

mprapi

winspool.drv

advapi32

secur32

msvcrt

rpcrt4

urlmon

netapi32

winscard

lz32

shell32

kernel32

oleaut32

ws2_32

msacm32

wininet

comdlg32

user32

winmm

gdi32

ole32

comctl32

setupapi

Exports

Exports

Sections

.text Size: 948KB - Virtual size: 944KB

.erloc Size: 508KB - Virtual size: 505KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 180KB - Virtual size: 182KB

.rdata Size: 4KB - Virtual size: 952B

.reloc Size: 68KB - Virtual size: 66KB

.text
Size: 948KB - Virtual size: 944KB

.erloc
Size: 508KB - Virtual size: 505KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 180KB - Virtual size: 182KB

.rdata
Size: 4KB - Virtual size: 952B

.reloc
Size: 68KB - Virtual size: 66KB