4c264f11ee743a1529c1adc7df97081f0740d3e22a87b3004b060fe645036663[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4c264f11ee743a1529c1adc7df97081f0740d3e22a87b3004b060fe645036663.exe
Size

706KB
MD5

1a397c299594594389c2f1739fb9b163
SHA1

459e3dd065a7e7cac517a3de02cbe1e0de9158f9
SHA256

4c264f11ee743a1529c1adc7df97081f0740d3e22a87b3004b060fe645036663
SHA512

069f3f954433c74da9cebccd40e40bfb79c6225268aa1add6146fd3c139431dbcb741cf8708183da6b58149c673c309c2df8cd68c0f9fd71954458dc754507c4
SSDEEP

12288:sh3rELUPoGAiiBDHtAggOnN3Fn39sQaWE0jas4Pzkqj9Jv4GC1RtKt8jlaIDGjo:shxcN9sSa/zkqj9JIa8jlHkoB6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c264f11ee743a1529c1adc7df97081f0740d3e22a87b3004b060fe645036663.exe

Files

4c264f11ee743a1529c1adc7df97081f0740d3e22a87b3004b060fe645036663.exe
.exe windows:6 windows x86 arch:x86

36218d8b905362c7cc11ea6de48b5116

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Lenovo\Desktop\AID\Project1\Release\Project1.pdb

Imports

ws2_32

WSACloseEvent
gethostname
ioctlsocket
sendto
recvfrom
freeaddrinfo
getaddrinfo
listen
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
send

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

wldap32

ord217
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord143

normaliz

IdnToAscii

kernel32

GetConsoleOutputCP
ReadConsoleW
GetDateFormatW
GetCommandLineW
GetCommandLineA
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
DeleteFileW
GetExitCodeProcess
CreateProcessW
GetFileAttributesExW
GetCurrentDirectoryW
GetConsoleMode
GetFullPathNameW
WriteFile
GetModuleFileNameW
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
GetModuleHandleExW
SetStdHandle
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
HeapFree
CreateMutexW
InitializeCriticalSectionEx
WaitForSingleObject
HeapSize
Sleep
GetLastError
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
SetLastError
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
QueryPerformanceCounter
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
MoveFileExA
CloseHandle
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
WriteConsoleW
ReadFile
PeekNamedPipe
WaitForMultipleObjects
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
SetEndOfFile
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
ExitProcess
GetFileType
GetCurrentProcessId
GetStartupInfoW
EncodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteW

Sections

.text
Size: 557KB - Virtual size: 557KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36218d8b905362c7cc11ea6de48b5116

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

crypt32

wldap32

normaliz

kernel32

advapi32

shell32

Sections

.text Size: 557KB - Virtual size: 557KB

.rdata Size: 119KB - Virtual size: 118KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 23KB - Virtual size: 23KB

.text
Size: 557KB - Virtual size: 557KB

.rdata
Size: 119KB - Virtual size: 118KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 23KB - Virtual size: 23KB