7f90a299d912140b5d38484c92f91830N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

7f90a299d912140b5d38484c92f91830N.exe
Size

1.3MB
MD5

7f90a299d912140b5d38484c92f91830
SHA1

2509a70436fdcc0b336108ae48352d7d4d6110b5
SHA256

e275203b35df1eef2bdbcc7e17f5f72991feec9144d0c411577f7a77ea7c6492
SHA512

032e31fb050e94ebb27d89cede10fa2671593485d2413fd0786d1695cb7944f2c2049e19876d45e87f556e1b20bb0580e85f2348a147272074805fed37079212
SSDEEP

24576:L0DlBg60j+MVJpqOyZdlPbM1AI0VE0V07snKe4TU:N63kJpqOyNgOIu3TKe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7f90a299d912140b5d38484c92f91830N.exe

Files

7f90a299d912140b5d38484c92f91830N.exe
.dll regsvr32 windows:10 windows x86 arch:x86

f01df22d0a199849ba899bf29089a11e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

sapi.pdb

Imports

kernel32

GetCurrentProcess
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
GetCurrentThread
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
HeapCreate
HeapDestroy
VirtualFree
GetStdHandle
GetFileType
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlUnwind
OutputDebugStringA
WriteFile
HeapReAlloc
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LoadLibraryExA
IsValidLocale
GetStringTypeW
LCMapStringW
SetUnhandledExceptionFilter
HeapFree
HeapAlloc
GetCommandLineA
WideCharToMultiByte
CompareStringW
ResetEvent
Sleep
GetTickCount
LoadLibraryW
GetSystemDirectoryW
SetEvent
WaitForSingleObject
CreateEventW
GetVersionExW
SetLastError
ReleaseMutex
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
FindResourceExW
LoadResource
SizeofResource
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
RaiseException
lstrcmpiW
GetModuleHandleW
LoadLibraryExW
GetProcAddress
GetLastError
GetCurrentProcessId
FreeLibrary
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
LocalFree
CreateFileW
DuplicateHandle
GetFileInformationByHandle
UnlockFileEx
LockFileEx
SetFilePointer
SetEndOfFile
ReadFile
GetUserDefaultUILanguage
CreateMutexW
OpenMutexW
ConnectNamedPipe
GetOverlappedResult
SetProcessShutdownParameters
CreateNamedPipeW
FlushFileBuffers
SearchPathW
WaitNamedPipeW
SetNamedPipeHandleState
WaitForMultipleObjects
CancelIo
OpenEventW
CreateDirectoryW
GetFileAttributesW
DeleteFileW
ExpandEnvironmentStringsW
UnmapViewOfFile
GetFileSize
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
GetTempPathW
GetTempFileNameW
MoveFileExW
GlobalMemoryStatus
FindResourceW
LockResource
GetFullPathNameW
LocalAlloc
GetTickCount64
TryEnterCriticalSection
GetUserDefaultLangID
GetSystemTime
SystemTimeToFileTime
CreateSemaphoreW
ReleaseSemaphore
GetThreadPriority
CreateIoCompletionPort
PostQueuedCompletionStatus
SetThreadPriority
GetQueuedCompletionStatus
GlobalLock
GlobalUnlock
GlobalSize
FormatMessageW
GetProcessHeap
GetModuleHandleExW
DebugBreak
IsDebuggerPresent
OutputDebugStringW
AcquireSRWLockShared
ReleaseSRWLockShared
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForSingleObjectEx
InitializeCriticalSectionEx
OpenSemaphoreW
CreateMutexExW
CreateSemaphoreExW
CreateThreadpoolTimer
lstrlenA
CreateThread
ExitThread
LocaleNameToLCID

user32

DefWindowProcW
CharNextW
SendMessageW
MsgWaitForMultipleObjects
SetTimer
MsgWaitForMultipleObjectsEx
CharLowerW
UnregisterClassA
DispatchMessageW
PeekMessageW
KillTimer
LoadStringW
RegisterWindowMessageW
SetWindowTextW
PostMessageW
SendMessageTimeoutW
IsWindow
SendNotifyMessageW
CreateWindowExW
DestroyWindow
RegisterClassW
UnregisterClassW
SetWindowLongW
GetWindowLongW
ord2597

advapi32

TraceMessage
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
GetLengthSid
CopySid
ImpersonateNamedPipeClient
OpenThreadToken
RevertToSelf
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegDeleteKeyW
RegEnumValueW
EqualSid
GetSidSubAuthority
GetSidSubAuthorityCount
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
IsValidSid
InitializeAcl
SetSecurityInfo
GetKernelObjectSecurity
GetSecurityDescriptorSacl
GetAce
ConvertStringSidToSidW
RegNotifyChangeKeyValue
ConvertStringSecurityDescriptorToSecurityDescriptorW

ole32

StringFromCLSID
PropVariantClear
StringFromGUID2
CreateStreamOnHGlobal
StringFromIID
CLSIDFromString
CoCreateGuid
CoInitializeEx
CoUninitialize
GetHGlobalFromStream
CLSIDFromProgID
IIDFromString
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoCreateFreeThreadedMarshaler

oleaut32

SafeArrayDestroy
SafeArrayRedim
SafeArrayUnaccessData
CreateErrorInfo
SetErrorInfo
VarBstrCmp
VarBstrCat
SysAllocStringLen
VariantCopy
SysAllocStringByteLen
SysStringByteLen
SafeArrayAccessData
SafeArrayCreateVector
UnRegisterTypeLi
SysAllocString
RegisterTypeLi
VariantClear
VariantInit
LoadTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
SysFreeString
VarDecRound
VariantChangeType

winmm

waveInMessage
waveOutMessage
waveOutUnprepareHeader
waveOutWrite
waveOutPrepareHeader
waveOutGetNumDevs
waveInGetNumDevs
mixerOpen
mixerClose
waveInGetDevCapsW
waveOutGetDevCapsW
mixerGetID
waveInOpen
waveInStop
waveInReset
waveInStart
waveInClose
waveOutOpen
waveOutPause
waveOutReset
waveOutRestart
waveOutClose
waveOutGetPosition
mixerGetLineInfoW
mixerGetLineControlsW
mixerGetControlDetailsW
mixerSetControlDetails
mmioOpenW
mmioClose
mmioSeek
mmioRead
mmioWrite
mmioDescend
mmioAscend
mmioCreateChunk
waveInPrepareHeader
waveInAddBuffer
waveInUnprepareHeader

msacm32

acmStreamSize
acmFormatSuggest
acmStreamOpen
acmStreamPrepareHeader
acmStreamUnprepareHeader
acmStreamConvert
acmStreamClose

msdmo

MoInitMediaType
MoFreeMediaType

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
CryptCATAdminCalcHashFromFileHandle
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
WinVerifyTrust

crypt32

CertGetCertificateContextProperty
CertFreeCertificateContext

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 864KB - Virtual size: 863KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 363KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f01df22d0a199849ba899bf29089a11e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

winmm

msacm32

msdmo

wintrust

crypt32

Exports

Exports

Sections

.text Size: 864KB - Virtual size: 863KB

.data Size: 8KB - Virtual size: 15KB

.idata Size: 8KB - Virtual size: 8KB

.didat Size: 512B - Virtual size: 56B

.rsrc Size: 363KB - Virtual size: 362KB

.reloc Size: 44KB - Virtual size: 43KB

.text
Size: 864KB - Virtual size: 863KB

.data
Size: 8KB - Virtual size: 15KB

.idata
Size: 8KB - Virtual size: 8KB

.didat
Size: 512B - Virtual size: 56B

.rsrc
Size: 363KB - Virtual size: 362KB

.reloc
Size: 44KB - Virtual size: 43KB