aaea0cec2a5086fae4a3ad002a090920N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

aaea0cec2a5086fae4a3ad002a090920N.exe
Size

4.9MB
MD5

aaea0cec2a5086fae4a3ad002a090920
SHA1

81badb80de054c60281279a2550b40342cf8e195
SHA256

dfdb34b43aca738b80ded5cb345e35290ad60c5b9d4ecb507689cac537d25fe5
SHA512

11d82f210e79616c821e0c4e9ca650a4dc45075417200571ff8131c8a6d2dc577c79eb9b3a6036fdd45259a7847a51692a1393a273c00e73fdf3ac346c2d89e7
SSDEEP

49152:8xvUOCy9eUnuqInVH//LxiNoIPOGuoLlNlAMwh9IAp/U3TUqS:aDD9eUnuqInV3tiNgGuoLeMs9ILU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aaea0cec2a5086fae4a3ad002a090920N.exe

Files

aaea0cec2a5086fae4a3ad002a090920N.exe
.exe windows:5 windows x86 arch:x86

39ed78a9e063bcd67c3bc540cc1b9396

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetCapture
ReleaseCapture
GetCapture
MapVirtualKeyA
ToAscii
GetKeyNameTextA
GetKeyState
GetFocus
SetFocus
OemToCharBuffA
EmptyClipboard
GetClipboardData
SetTimer
KillTimer
SetRect
GetNextDlgTabItem
CallWindowProcA
GetDlgCtrlID
PostMessageA
SendMessageA
GetMessagePos
RegisterHotKey
PeekMessageA
DispatchMessageA
TranslateMessage
GetMessageA
DrawFrameControl
DrawEdge
RegisterWindowMessageA
LoadImageA
wsprintfA
FillRect
GetActiveWindow
ReleaseDC
GetDC
EnableWindow
SendDlgItemMessageA
GetDlgItemTextA
SetDlgItemTextA
GetDlgItem
GetDialogBaseUnits
OpenClipboard
IsWindowEnabled
CreateAcceleratorTableA
DestroyAcceleratorTable
TranslateAcceleratorA
GetSystemMetrics
SetMenu
DrawMenuBar
CreateMenu
CreatePopupMenu
EndDialog
SetClipboardData
DefWindowProcA
DialogBoxIndirectParamA
DialogBoxParamA
CreateDialogIndirectParamA
CreateDialogParamA
BringWindowToTop
GetClassInfoA
IsIconic
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetWindowPlacement
SetWindowPos
MoveWindow
AnimateWindow
ShowWindow
DestroyWindow
IsChild
DestroyMenu
CloseClipboard
IsMenu
IsWindow
CreateWindowExA
RegisterClassExA
MessageBoxW
LoadStringA
TrackMouseEvent
UnhookWindowsHookEx
SetWindowsHookExA
SetCursor
MessageBoxIndirectW
GetWindowInfo
GetMonitorInfoA
MonitorFromPoint
SystemParametersInfoA
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
GetScrollInfo
SetScrollInfo
MapDialogRect
IsDialogMessageA
GetIconInfo
DrawIconEx
DestroyIcon
LoadIconA
LoadCursorA
LoadBitmapA
CallNextHookEx
GetWindow
GetWindowThreadProcessId
GetClassNameA
EnumWindows
FindWindowExA
FindWindowA
SetParent
GetParent
GetDesktopWindow
SetClassLongA
GetClassLongA
SetWindowLongA
GetWindowLongA
PtInRect
InflateRect
InvertRect
DrawFocusRect
GetSysColorBrush
GetSysColor
WindowFromPoint
MapWindowPoints
ScreenToClient
ClientToScreen
GetCaretPos
ShowCaret
HideCaret
DestroyCaret
CreateCaret
GetCursorPos
MessageBeep
GetWindowRect
GetClientRect
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
RemovePropA
GetPropA
SetPropA
ScrollWindow
LockWindowUpdate
RedrawWindow
InvalidateRgn
ValidateRect
InvalidateRect
SetWindowRgn
EndPaint
BeginPaint
GetWindowDC
GetDCEx
AllowSetForegroundWindow
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
DrawStateA
DrawTextA
DrawIcon
GetMenuItemRect
SetMenuItemInfoA
GetMenuItemInfoA
InsertMenuItemA
SetMenuInfo
TrackPopupMenu
DeleteMenu
GetMenuItemCount
GetMenuItemID

winspool.drv

GetPrinterW
ClosePrinter
DocumentPropertiesW
OpenPrinterW
EnumPrintersW

ole32

OleUninitialize
OleInitialize
CoInitialize
CoUninitialize
CLSIDFromString
CreateStreamOnHGlobal
PropVariantClear
CLSIDFromProgID
CoCreateInstance

oleaut32

SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayCreateVector
SafeArrayGetDim
SafeArrayDestroy
SafeArrayCreate
SysStringLen
OleCreatePictureIndirect
SafeArrayGetVartype
VariantClear
VariantCopy
VarR8FromCy
VarR8FromDec
VarCyFromR8
VarDecFromR8
OleLoadPicture
GetActiveObject
SysAllocStringLen
VariantInit
SysFreeString
SafeArrayGetElemsize
SafeArrayGetLBound

wsock32

__WSAFDIsSet
closesocket
connect
inet_ntoa
getsockopt
htons
recv
select
setsockopt
shutdown
socket
send
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
htonl

ws2_32

freeaddrinfo
getaddrinfo
inet_ntop
inet_pton

advapi32

GetUserNameW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyW
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
CloseServiceHandle
OpenSCManagerA
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegOpenKeyA
EnumServicesStatusA
CryptAcquireContextW
CryptGenRandom

msimg32

TransparentBlt
AlphaBlend
GradientFill

comctl32

ord17
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_Add
InitCommonControlsEx
ImageList_Destroy
ImageList_Create
_TrackMouseEvent
ImageList_DrawIndirect
ImageList_GetImageCount

comdlg32

GetOpenFileNameA
GetSaveFileNameA
FindTextA
ReplaceTextA
ChooseFontA
PrintDlgA
PageSetupDlgA
ChooseColorA

gdi32

GetTextColor
GetStockObject
GetClipBox
FillRgn
EnumFontsA
EnumFontFamiliesA
CreatePatternBrush
CreatePen
CreateFontIndirectA
CreateDCA
BitBlt
AddFontResourceA
GetTextFaceA
CreateEnhMetaFileA
CloseEnhMetaFile
SelectClipRgn
GetViewportOrgEx
GetPixel
CreateRectRgn
CreateFontA
SetBrushOrgEx
CreateDIBSection
GetEnhMetaFileHeader
SelectObject
GetTextExtentPoint32A
GetBrushOrgEx
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
SetStretchBltMode
StretchDIBits
GetDIBits
PlayEnhMetaFile
GetEnhMetaFileA
DeleteEnhMetaFile
GetDeviceCaps
Rectangle
RealizePalette
RemoveFontResourceA
RoundRect
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetTextColor
SetTextAlign
GetTextMetricsA
ExtCreatePen
MoveToEx
ExtTextOutA
CreatePolygonRgn
DPtoLP
Polygon
Polyline
ExtCreateRegion
SetDIBits
GetTextExtentExPointA
CreateFontIndirectW
GetDIBColorTable
Arc
CreateDCW
Ellipse
GetBkMode
ResetDCW
StartDocW
EndDoc
StartPage
EndPage
AbortDoc
ExtTextOutW
GetTextFaceW
EnumFontsW
GetTextExtentPoint32W
GetTextMetricsW
ExtEscape
StretchBlt
LineTo

shell32

DragQueryFileA
DragQueryPoint
DragAcceptFiles
SetCurrentProcessExplicitAppUserModelID
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetFileInfoA
ShellExecuteExA
SHGetDesktopFolder

winmm

timeGetTime

freeimage

_FreeImage_Initialise@4
_FreeImage_Allocate@24
_FreeImage_Clone@4
_FreeImage_Unload@4
_FreeImage_Load@12
_FreeImage_Save@16
_FreeImage_OpenMemory@8
_FreeImage_CloseMemory@4
_FreeImage_LoadFromMemory@12
_FreeImage_GetFileType@8
_FreeImage_GetFileTypeFromMemory@8
_FreeImage_GetBits@4
_FreeImage_GetBPP@4
_FreeImage_GetWidth@4
_FreeImage_GetHeight@4
_FreeImage_GetInfo@4
_FreeImage_IsTransparent@4
_FreeImage_HasBackgroundColor@4
_FreeImage_ConvertTo24Bits@4
_FreeImage_RotateEx@48
_FreeImage_Rescale@16
_FreeImage_Composite@16
_FreeImage_ConvertToGreyscale@4
_FreeImage_DeInitialise@0

kernel32

LocalFree
GlobalMemoryStatus
LoadLibraryA
LoadLibraryExA
GetProcAddress
GetModuleFileNameA
FreeResource
FreeLibrary
SetSystemTime
GetWindowsDirectoryA
GetSystemDirectoryA
GetTickCount
GetComputerNameW
WriteConsoleW
HeapReAlloc
HeapSize
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
DecodePointer
ReadConsoleW
SetFilePointerEx
GetLocalTime
GetSystemTime
GetProcessId
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
LCMapStringW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
RaiseException
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
Sleep
CreateMutexA
WaitForSingleObject
ReleaseMutex
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapFree
HeapAlloc
GetLastError
OutputDebugStringA
ReadFile
FlushFileBuffers
GetCurrentDirectoryA
WideCharToMultiByte
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
MulDiv
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
LockResource
CloseHandle
WriteFile
CreateFileA
FindResourceA
SizeofResource
LoadResource
GetModuleHandleA
GetTempPathA
GetCommState
WinExec
SetCommState
SetCommTimeouts
FormatMessageA
OpenMutexA
GetLogicalDriveStringsA
GetProfileIntA
GetProfileStringA
WriteProfileStringA
GetProfileSectionA
WriteProfileSectionA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
GetSystemDirectoryW
InitializeCriticalSection
FileTimeToSystemTime
GetStdHandle
LocalFileTimeToFileTime
SetFilePointer
SetFileTime
SetLastError
TerminateProcess
OpenProcess
GetSystemInfo
VirtualFree
GlobalReAlloc
LocalAlloc
SystemTimeToFileTime
K32GetProcessMemoryInfo
CreateToolhelp32Snapshot
Process32First
Process32Next
FileTimeToLocalFileTime
VirtualAlloc
VirtualProtect
lstrcpyA
ExpandEnvironmentStringsA
EnumResourceNamesA
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
GetFileAttributesW
GetFileAttributesExW
GetFileSize
GetFileType
GetFileTime
GetLogicalDrives
LockFile
LockFileEx
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
UnlockFile
UnlockFileEx
SetErrorMode
GetModuleHandleW
MoveFileW
GetTempFileNameW
GetTempPathW
QueryPerformanceCounter
GetDiskFreeSpaceW
ReleaseSemaphore
CreateSemaphoreW
VirtualQuery
GetCommandLineW
GetModuleFileNameW
LoadLibraryW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
OutputDebugStringW
FindNextFileW
GetVolumeInformationW
GetEnvironmentVariableW
GetDriveTypeW
GetProfileStringW
InitializeCriticalSectionAndSpinCount

urlmon

URLDownloadToFileA

ace32

ord65
ord202
ord70
ord204
ord73
ord74
ord195
ord79
ord84
ord85
ord88
ord92
ord101
ord105
ord108
ord116
ord117
ord197
ord13
ord127
ord128
ord135
ord137
ord156
ord140
ord141
ord154
ord201
ord158
ord160
ord216
ord217
ord218
ord219
ord222
ord223
ord263
ord265
ord262
ord273
ord2
ord4
ord10
ord14
ord15
ord16
ord18
ord19
ord380
ord27
ord30
ord31
ord38
ord43
ord45
ord46
ord54
ord56
ord524
ord59
ord60
ord61
ord64
ord67
ord68
ord69
ord71
ord207
ord188
ord189
ord173
ord203
ord75
ord76
ord418
ord77
ord250
ord78
ord80
ord83
ord86
ord87
ord91
ord522
ord94
ord100
ord103
ord104
ord110
ord112
ord113
ord114
ord190
ord121
ord122
ord123
ord124
ord125
ord126
ord130
ord131
ord132
ord136
ord138
ord143
ord193
ord145
ord417
ord249
ord149
ord150
ord151
ord152
ord153
ord155
ord521
ord510
ord161
ord163
ord164
ord258
ord336
ord378
ord488
ord509
ord206
ord328
ord558
ord315
ord21
ord7
ord5
ord3
ord1
ord50
ord40
ord32
ord29
ord321
ord320
ord319
ord351
ord350
ord367
ord312
ord393
ord559
ord58

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 578KB - Virtual size: 610KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39ed78a9e063bcd67c3bc540cc1b9396

Headers

DLL Characteristics

File Characteristics

Imports

user32

winspool.drv

ole32

oleaut32

wsock32

ws2_32

advapi32

msimg32

comctl32

comdlg32

gdi32

shell32

winmm

freeimage

kernel32

urlmon

ace32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 2.7MB - Virtual size: 2.7MB

.data Size: 578KB - Virtual size: 610KB

.rsrc Size: 39KB - Virtual size: 39KB

.reloc Size: 164KB - Virtual size: 163KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 578KB - Virtual size: 610KB

.rsrc
Size: 39KB - Virtual size: 39KB

.reloc
Size: 164KB - Virtual size: 163KB