996184602e47a1b92bf05fe6e448eef0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

996184602e47a1b92bf05fe6e448eef0N.exe
Size

954KB
MD5

996184602e47a1b92bf05fe6e448eef0
SHA1

c9ae33ab5d19994ca81865a938c5e7c053aaa20d
SHA256

a918743fbfa9b166259c3ae4a2fed0a711b74511c7870e9ae870917e78474f13
SHA512

8e9163458720e88c7a689f3692af2de385421aeafb1f373ac1737658b113d4a214e3aadf2d440f4b1de49491f365353bff7f0a9ba6947f2167e5cdc066ee5ffb
SSDEEP

24576:3bBt+RGv4eGlIovZGgLMN9RVmGIbhrbqz:qeMhv5LAbih2z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
996184602e47a1b92bf05fe6e448eef0N.exe

Files

996184602e47a1b92bf05fe6e448eef0N.exe
.dll regsvr32 windows:5 windows x86 arch:x86

7e6fe7de05f55e2688667576b0b572da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetThreadLocale
SetThreadLocale
GetTickCount
LoadLibraryW
GetModuleHandleExW
MultiByteToWideChar
FreeConsole
FindResourceW
ExpandEnvironmentStringsA
WriteConsoleA
GlobalAddAtomW
GetModuleHandleW
lstrcpyW
lstrcmpiW
SizeofResource
LoadResource
Sleep
LeaveCriticalSection
EnterCriticalSection
EncodePointer
GetModuleFileNameW
DeleteCriticalSection
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
InterlockedDecrement
InterlockedIncrement
IsDebuggerPresent
OutputDebugStringW
CloseHandle
DuplicateHandle
WaitForSingleObjectEx
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetNativeSystemInfo
TryEnterCriticalSection
QueryPerformanceCounter
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
WideCharToMultiByte
GetModuleFileNameA
DeleteFileA
MoveFileExA
MoveFileExW
WaitForSingleObject
CreateFileW
GetFullPathNameW
DecodePointer
LoadLibraryA
FileTimeToSystemTime
GetVersionExW
VerSetConditionMask
VerifyVersionInfoA
InitializeCriticalSection
SleepEx
FormatMessageA
WaitForMultipleObjects
GetFileType
GetStdHandle
ReadFile
PeekNamedPipe
CreateMutexW
ReleaseMutex
IsBadReadPtr
ReleaseSemaphore
SetEvent
CreateThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
GetVolumeInformationW
DeviceIoControl
GetSystemDirectoryW
CreateFileA
LocalFree
GetComputerNameW
RtlUnwind
ExitThread
SetFilePointerEx
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
ExitProcess
GetConsoleMode
ReadConsoleW
WriteFile
GetConsoleCP
GetACP
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStringTypeW
GetTimeZoneInformation
SetConsoleCtrlHandler
FlushFileBuffers
SetStdHandle
GetCurrentDirectoryW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
SetEndOfFile
LoadLibraryExW
GetProcAddress
FreeLibrary
InitializeCriticalSectionAndSpinCount
SetLastError
GetLastError

user32

SendMessageW
CharNextW
GetSystemMetrics
WindowFromPoint
wsprintfW
CharUpperA
FindWindowW

advapi32

RegOpenCurrentUser
OpenSCManagerW
EnumServicesStatusW
RegQueryInfoKeyW
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
LookupAccountNameW
ConvertSidToStringSidA

ole32

CoSetProxyBlanket
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoInitializeSecurity
CoInitializeEx

oleaut32

UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysAllocString
SysFreeString
VariantClear

shlwapi

StrStrIA
PathStripPathW
StrIsIntlEqualW
PathStripPathA

dbghelp

MakeSureDirectoryPathExists

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetSetOptionW
InternetOpenA

wldap32

ord301
ord200
ord143
ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30

ws2_32

WSAIoctl
htonl
WSAStartup
WSACleanup
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
recv
send
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
gethostname
getaddrinfo
freeaddrinfo
recvfrom
sendto
accept
listen
ioctlsocket
ntohl

iphlpapi

GetAdaptersInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 653KB - Virtual size: 653KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e6fe7de05f55e2688667576b0b572da

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

dbghelp

wininet

wldap32

ws2_32

iphlpapi

Exports

Exports

Sections

.text Size: 653KB - Virtual size: 653KB

.rdata Size: 177KB - Virtual size: 176KB

.data Size: 10KB - Virtual size: 19KB

.gfids Size: 3KB - Virtual size: 2KB

.rsrc Size: 79KB - Virtual size: 79KB

.reloc Size: 30KB - Virtual size: 30KB

.text
Size: 653KB - Virtual size: 653KB

.rdata
Size: 177KB - Virtual size: 176KB

.data
Size: 10KB - Virtual size: 19KB

.gfids
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 79KB - Virtual size: 79KB

.reloc
Size: 30KB - Virtual size: 30KB