a7afdec808c1074cb8cac4aa1194a470N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a7afdec808c1074cb8cac4aa1194a470N.exe
Size

295KB
MD5

a7afdec808c1074cb8cac4aa1194a470
SHA1

cdf15bdc1e40453933a9d418f5f5c4edd82853bf
SHA256

f4ddd7eadb4a9de858482def39ee7ff7a2c134466ec9051b7a6abc0437d4a471
SHA512

7dda36dc675949d8493f723a16a27f0b6093cf7260bdeb826572ccedee92c7e8503ed2a19497b79087597d49f92f2f43d0317c34330e521d2588524cbc3b1e0f
SSDEEP

3072:Ky1/QK6W6IF5odhJmWJzupw/vdKW6BE4gM7lwifEtJBA+HTkAmHpPndRrljJZ:P/QWIhAY4w9d6ynM7e9A+TkAcVDjJZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7afdec808c1074cb8cac4aa1194a470N.exe

Files

a7afdec808c1074cb8cac4aa1194a470N.exe
.dll windows:5 windows x86 arch:x86

7e200eb93bc34dc6d18192a2cd3463d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

aeinv.pdb

Imports

msvcrt

malloc
_XcptFilter
_initterm
_amsg_exit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_unlock
__dllonexit
_callnewh
free
memset
_purecall
_lock
_onexit
??0exception@@QAE@XZ
_CxxThrowException
_except_handler4_common
memmove_s
_vsnwprintf
_wcsicmp
towlower
wcstoul
_wcslwr_s
wcsncmp
_wcsnicmp
wcstol
iswalpha
calloc
_vscwprintf
_wtoi
memcpy
wcschr
__CxxFrameHandler3
memcpy_s
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
iswdigit

advapi32

CloseServiceHandle
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
QueryServiceConfigW
OpenServiceW
EnumServicesStatusW
OpenSCManagerW
RegEnumValueW
RegGetValueW
RegEnumKeyExW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage

shlwapi

PathCombineW
PathRemoveFileSpecW
PathFileExistsW
PathFindFileNameW
PathIsNetworkPathW
PathUnquoteSpacesW
SHGetValueW
ord225
ord487
PathStripToRootW
PathIsUNCW
PathFindExtensionW
StrRetToBufW
PathIsRootW
PathIsSameRootW
PathSkipRootW
PathIsRelativeW

kernel32

GetLongPathNameW
ExpandEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetFullPathNameW
SearchPathW
GetProcAddress
GetModuleHandleW
FindClose
FindNextFileW
FindFirstFileW
GetVersionExW
GetFileAttributesW
HeapFree
GetProcessHeap
DeleteFileW
GetLastError
lstrcmpiW
GetTempPathW
InterlockedExchange
Sleep
InterlockedCompareExchange
OutputDebugStringA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DeleteCriticalSection
HeapAlloc
CreateFileW
ReadFile
GetFileSizeEx
CloseHandle
LoadLibraryW
CreateActCtxW
QueryActCtxW
ReleaseActCtx
FreeLibrary
GetBinaryTypeW
GetSystemDirectoryW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
VirtualQuery
FileTimeToSystemTime
GetTempFileNameW
WriteFile

ole32

CoUninitialize
CoInitializeEx
StringFromGUID2
CoCreateInstance
CoGetTreatAsClass

oleaut32

SysFreeString
SysAllocString
SysAllocStringByteLen
SysStringByteLen

msi

ord17
ord125
ord70
ord92
ord32
ord159
ord8
ord248
ord150
ord78
ord173
ord113
ord37
ord41
ord141
ord246
ord158
ord160
ord118
ord115
ord166

sfc

SfcIsFileProtected

shell32

SHGetFolderPathW
SHBindToParent
SHGetDesktopFolder
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW

apphelp

SdbInitDatabase
SdbGetMatchingExe
SdbReleaseDatabase

ntdll

NtQueryInformationFile
EtwTraceMessage
RtlGetVersion
RtlFreeHeap
RtlAllocateHeap

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

CollectMatchingInfo
CollectMatchingInformation
CreateSoftwareInventory

Sections

.text
Size: 273KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e200eb93bc34dc6d18192a2cd3463d5

Headers

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

shlwapi

kernel32

ole32

oleaut32

msi

sfc

shell32

apphelp

ntdll

version

Exports

Exports

Sections

.text Size: 273KB - Virtual size: 272KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 273KB - Virtual size: 272KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 16KB