97ba3ececc61db1f52615c3e6ca180a0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

97ba3ececc61db1f52615c3e6ca180a0N.exe
Size

1.9MB
MD5

97ba3ececc61db1f52615c3e6ca180a0
SHA1

193061c32c89f30f18fc83763a0706146b218b28
SHA256

1bbbdb7845305f3076c29338c6c40ea183dc1767b49480fff6001c593f216d15
SHA512

9e300bce1503d7fb732ece2d82d61699fd575c66b3eedc1ec92911bcb5dd7db35537d8d8c17adcab3db8057c0ceb5711167961173b0277e12bdbbbf9a49f1000
SSDEEP

24576:FWu79SKwFLt/cFabsjjemADmJW9Gp8AxvGKWjBWIEIzdKzBGcfUyFOB5YZ5BIYEu:FP77wFZxOQQ84uvjBWIEXsaUyLq1TBa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97ba3ececc61db1f52615c3e6ca180a0N.exe

Files

97ba3ececc61db1f52615c3e6ca180a0N.exe
.dll windows:5 windows x86 arch:x86

480de170fba966f1c739bfa384c333c9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

waveInClose
waveInOpen

comdlg32

FindTextW

ws2_32

select

msvcrt

strspn
wcscoll

wininet

InternetErrorDlg

netapi32

NetGetAnyDCName

winspool.drv

FreePrinterNotifyInfo
EndDocPrinter
DeletePrinterDriverExW

mprapi

MprInfoBlockRemove

urlmon

IsValidURL

secur32

MakeSignature
QuerySecurityPackageInfoA

winscard

SCardGetCardTypeProviderNameA
SCardListReadersW

shell32

ExtractAssociatedIconExW
FindExecutableA
SHGetSpecialFolderLocation
SHAddToRecentDocs
SHLoadInProc
ShellExecuteExW
SHCreateDirectoryExW

rpcrt4

RpcAsyncCancelCall
NdrOleFree
NdrAsyncClientCall
RpcEpUnregister
RpcBindingFromStringBindingA
NdrInterfacePointerUnmarshall

gdi32

PlayEnhMetaFile
GetTextFaceA
GetPath
GetWinMetaFileBits
GetKerningPairsW

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext
CryptCATOpen

ole32

RevokeDragDrop
PropVariantClear

setupapi

SetupDiEnumDeviceInfo

user32

ChangeMenuW
RegisterHotKey
CloseWindowStation
ShowWindow
RegisterClassExA
SetMenuItemInfoA
SetWindowsHookA
BlockInput
PostQuitMessage
SetPropW
SetActiveWindow
UpdateWindow

msacm32

acmFormatTagEnumW

comctl32

ImageList_LoadImageW
ImageList_AddMasked

lz32

GetExpandedNameW

oleaut32

GetErrorInfo

kernel32

CompareStringW
SetEvent
SetStdHandle
VirtualAlloc
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringA
GetUserDefaultLCID
LoadLibraryW
WaitForSingleObject
GetExitCodeProcess
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
Process32FirstW

shlwapi

StrChrA

advapi32

RegCloseKey
CryptSignHashA
SetSecurityInfo
SetNamedSecurityInfoW
GetTokenInformation
NotifyBootConfigStatus

rasapi32

RasSetEapUserDataW
RasGetSubEntryHandleA
RasGetConnectionStatistics

Exports

Exports

FymaNptrxehutsqrn

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.erloc
Size: 588KB - Virtual size: 585KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

480de170fba966f1c739bfa384c333c9

Headers

File Characteristics

Imports

winmm

comdlg32

ws2_32

msvcrt

wininet

netapi32

winspool.drv

mprapi

urlmon

secur32

winscard

shell32

rpcrt4

gdi32

wintrust

ole32

setupapi

user32

msacm32

comctl32

lz32

oleaut32

kernel32

shlwapi

advapi32

rasapi32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.erloc Size: 588KB - Virtual size: 585KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 144KB - Virtual size: 140KB

.rdata Size: 4KB - Virtual size: 952B

.reloc Size: 56KB - Virtual size: 53KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.erloc
Size: 588KB - Virtual size: 585KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 144KB - Virtual size: 140KB

.rdata
Size: 4KB - Virtual size: 952B

.reloc
Size: 56KB - Virtual size: 53KB