5fdc853c0c2df3f9b381c7aeda7f7690N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

5fdc853c0c2df3f9b381c7aeda7f7690N.exe
Size

1.9MB
MD5

5fdc853c0c2df3f9b381c7aeda7f7690
SHA1

3dcd465341fc3d80e8dc27ef882f65f1eae6e11b
SHA256

06f05c196591c3540b3e826dc8edc0d9755dfce0d894623237ac9a1afc0febc7
SHA512

9907a3600223230fc5ed757d35f9bea168825e854e1abcf1a8831a6493f506f21d386fbfa19d6bf1dc95ba21afcebf093086f83f2112499f897b37f74e06f759
SSDEEP

49152:BPLr2ea3D39iL+p9j3FvRD/x0ZHBZGL5mqvk:BLhYDNo+bhdL5mn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5fdc853c0c2df3f9b381c7aeda7f7690N.exe

Files

5fdc853c0c2df3f9b381c7aeda7f7690N.exe
.dll windows:5 windows x86 arch:x86

b881671bfb060a53c831d55b6587aa76

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

SafeArrayCreate
SafeArrayDestroyDescriptor
SysAllocStringLen
VarI2FromI4
BstrFromVector

setupapi

SetupOpenInfFileW
SetupDiGetSelectedDevice
SetupPrepareQueueForRestoreW
CM_Get_Resource_Conflict_DetailsW
SetupQueueDeleteW
CM_Set_HW_Prof_Flags_ExW
CM_Query_Resource_Conflict_List
CM_Add_Res_Des
SetupDiDestroyDeviceInfoList
CM_Is_Dock_Station_Present
SetupInitDefaultQueueCallback

wintrust

WintrustGetDefaultForUsage

crypt32

CertGetCertificateChain
CryptVerifyMessageSignature
CertGetPublicKeyLength
CertCreateCTLContext

imm32

ImmGetCandidateListW
ImmSetCompositionStringW
ImmGetContext
ImmGetConversionStatus

rasapi32

RasHangUpW
RasGetSubEntryPropertiesW

clusapi

ClusterRegSetValue

comdlg32

PageSetupDlgA

wininet

InternetOpenA
InternetCrackUrlA
InternetTimeFromSystemTimeW
RetrieveUrlCacheEntryStreamA
PrivacyGetZonePreferenceW
InternetOpenUrlA
InternetReadFile
UnlockUrlCacheEntryFile
GetUrlCacheEntryInfoA

ntdsapi

DsFreeNameResultW

iphlpapi

SendARP
GetTcpStatistics

rpcrt4

I_RpcAsyncAbortCall
RpcServerInqDefaultPrincNameW
NdrSimpleTypeUnmarshall
RpcServerUnregisterIfEx
RpcMgmtEpEltInqDone
UuidEqual

msvcrt

iswlower
fwprintf
wcscoll
fgets
towlower

ole32

StgCreatePropStg
StgSetTimes
MonikerRelativePathTo
OleCreateEmbeddingHelper
OleRegEnumFormatEtc
OleConvertOLESTREAMToIStorage
ReadFmtUserTypeStg
StgOpenStorageOnILockBytes
PropVariantClear
SetConvertStg
CoMarshalInterface
OleCreateStaticFromData
STGMEDIUM_UserFree

urlmon

URLDownloadToCacheFileA

mprapi

MprConfigTransportGetHandle
MprAdminInterfaceSetInfo

msacm32

acmFormatTagEnumW
acmStreamOpen

opengl32

glPopAttrib

comctl32

ImageList_GetImageInfo

kernel32

GetPrivateProfileSectionA
OpenEventA
SetProcessAffinityMask
EnumSystemLocalesA
GetNativeSystemInfo
WriteConsoleOutputAttribute
GetTapeStatus
GetDefaultCommConfigA
GetTapeParameters
InterlockedFlushSList
LCMapStringA
FillConsoleOutputAttribute
GetUserDefaultLangID
SetUnhandledExceptionFilter
RaiseException
GetLastError
TerminateThread
IsBadWritePtr
GetDateFormatW
GetPrivateProfileStructW
GlobalUnlock
SetComputerNameA
GetProcessTimes
GetBinaryTypeW
GetModuleFileNameA
GetConsoleScreenBufferInfo
SetThreadPriority
ContinueDebugEvent
GetModuleFileNameW
GetStringTypeExW

user32

GetUpdateRgn
OemToCharA
CreateWindowStationA
MonitorFromWindow
GetFocus
RegisterRawInputDevices
LockWindowUpdate
RegisterDeviceNotificationA
GetSubMenu
CreateCursor
FindWindowW
SetMenu
ActivateKeyboardLayout
EqualRect
UpdateWindow
OpenClipboard
ChangeDisplaySettingsA
ClientToScreen
CreateMDIWindowA
GetMenuItemID
CountClipboardFormats
CreateDialogIndirectParamA
WindowFromDC
FreeDDElParam
ArrangeIconicWindows
DrawStateA
SetCursor

shell32

SHGetPathFromIDListA
Shell_NotifyIconA
SHGetFileInfoA
SHBrowseForFolderW
SHAppBarMessage
CommandLineToArgvW

pdh

PdhCloseLog

netapi32

NetUserDel
NetGroupSetUsers
NetUserSetInfo
NetServerDiskEnum
NetGroupAdd
NetShareDelSticky
NetApiBufferSize
NetSessionGetInfo

advapi32

GetNamedSecurityInfoW
RegisterServiceCtrlHandlerA
CryptExportKey
CryptContextAddRef
CreateProcessAsUserA
RegConnectRegistryA
GetWindowsAccountDomainSid
RegCreateKeyExW
RegisterEventSourceW
PrivilegeCheck
CryptDestroyKey
RegSaveKeyExW
RegQueryInfoKeyW
SetThreadToken
QueryServiceLockStatusA
RegQueryValueW
GetCurrentHwProfileW
GetNamedSecurityInfoA

ws2_32

WSAIsBlocking
ntohl
bind
htonl

shlwapi

SHRegDeleteEmptyUSKeyW
StrChrA
PathGetDriveNumberW
PathQuoteSpacesW
SHRegEnumUSValueW
PathRemoveBackslashA
PathUnExpandEnvStringsA
UrlIsNoHistoryW
PathFindFileNameA
SHRegWriteUSValueW
StrChrIA
SHRegCloseUSKey
ColorRGBToHLS

gdi32

Polygon
OffsetClipRgn
SetWindowOrgEx
PolyDraw
GetFontLanguageInfo
SetRectRgn
CreateColorSpaceW
RealizePalette
StartDocW
GetCharWidth32W
GdiComment
AngleArc
GetCharABCWidthsA
GetPath

msvfw32

DrawDibDraw
ICDraw
ICSeqCompressFrameStart

avifil32

AVIStreamLength

winspool.drv

DocumentPropertiesA
DeviceCapabilitiesW
SetPrinterDataW
ScheduleJob
AddFormW
EnumJobsW
AddMonitorA

winscard

SCardLocateCardsA

lz32

GetExpandedNameW
LZOpenFileA
LZRead

secur32

DeleteSecurityContext
EncryptMessage

winmm

midiOutCachePatches
waveOutGetPlaybackRate
midiStreamPosition
GetDriverModuleHandle
midiInUnprepareHeader
midiOutGetNumDevs
midiStreamOut
midiStreamRestart
timeEndPeriod
midiStreamProperty
waveOutSetPitch
timeGetTime
waveOutGetDevCapsW

Exports

Exports

HnebhrnndjehRerazg

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CODE
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

3q
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

3l4Q
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

I4B*YPa
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b881671bfb060a53c831d55b6587aa76

Headers

File Characteristics

Imports

oleaut32

setupapi

wintrust

crypt32

imm32

rasapi32

clusapi

comdlg32

wininet

ntdsapi

iphlpapi

rpcrt4

msvcrt

ole32

urlmon

mprapi

msacm32

opengl32

comctl32

kernel32

user32

shell32

pdh

netapi32

advapi32

ws2_32

shlwapi

gdi32

msvfw32

avifil32

winspool.drv

winscard

lz32

secur32

winmm

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

CODE Size: 8KB - Virtual size: 5KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 68KB - Virtual size: 72KB

.CODE Size: 12KB - Virtual size: 10KB

3q Size: 32KB - Virtual size: 28KB

.code Size: 44KB - Virtual size: 43KB

3l4Q Size: 24KB - Virtual size: 20KB

I4B*YPa Size: 24KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 872B

.reloc Size: 20KB - Virtual size: 17KB

.text
Size: 1.6MB - Virtual size: 1.6MB

CODE
Size: 8KB - Virtual size: 5KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 68KB - Virtual size: 72KB

.CODE
Size: 12KB - Virtual size: 10KB

3q
Size: 32KB - Virtual size: 28KB

.code
Size: 44KB - Virtual size: 43KB

3l4Q
Size: 24KB - Virtual size: 20KB

I4B*YPa
Size: 24KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 872B

.reloc
Size: 20KB - Virtual size: 17KB