185d030b25b6fa38a0346c9584b56c70N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

185d030b25b6fa38a0346c9584b56c70N.exe
Size

4.7MB
MD5

185d030b25b6fa38a0346c9584b56c70
SHA1

a589af06e00daf829ed738606d560ac8a6032763
SHA256

863d5f012f37affe1f021e7b7b19274c53c37ac0fe711e0bf8a6b823f0d51e47
SHA512

90b189cb745e55bcccbe38f1d4fb6b26d43506a4c06c0cb5d5f8b8b70777e47b407908a7258f6924854cd8975986cfa70553ec877224bf2d9765fbaabf084785
SSDEEP

49152:9NIU6iOGtlquVwASO3lCgK0oN3+t3RfkUVL2pS4AUAWq0RvfYexRQK+TioFBTFlj:Y+XRM+FRfKJ/TLRvfGKCRITDbja

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
185d030b25b6fa38a0346c9584b56c70N.exe

Files

185d030b25b6fa38a0346c9584b56c70N.exe
.dll windows:6 windows x64 arch:x64

79d2dce55725eb18c372a938601183a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

advapi32

GetTokenInformation
ConvertSidToStringSidW
OpenProcessToken
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
DeregisterEventSource
RegisterEventSourceW
CryptSetHashParam
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptEnumProvidersW

ws2_32

WSAStringToAddressW
WSAAddressToStringW
WSASocketW
WSASend
WSARecv
WSAGetLastError
WSASetLastError
setsockopt
select
ntohl
htonl
recv
send
htons
inet_addr
inet_ntoa
getaddrinfo
gethostbyaddr
gethostbyname
getservbyport
getservbyname
socket
shutdown
getsockopt
getpeername
ioctlsocket
connect
closesocket
__WSAFDIsSet
freeaddrinfo
WSAStartup
WSACleanup
ntohs

kernel32

OpenEventA
CreateEventA
WaitForSingleObjectEx
ResetEvent
FormatMessageA
TlsFree
WideCharToMultiByte
DeleteCriticalSection
LocalFree
QueueUserAPC
CloseHandle
TlsAlloc
TerminateThread
SetEvent
GetLastError
FormatMessageW
PostQueuedCompletionStatus
VerSetConditionMask
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
InitializeCriticalSectionAndSpinCount
SleepEx
CreateEventW
SetWaitableTimer
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
CreateWaitableTimerA
VerifyVersionInfoA
MultiByteToWideChar
GetLocaleInfoEx
GetCurrentDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
AreFileApisANSI
GetModuleHandleW
GetProcAddress
GetFileInformationByHandleEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetCurrentThreadId
RtlPcToFileHeader
RaiseException
QueryPerformanceCounter
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
WaitForSingleObject
GetStringTypeW
GetCPInfo
WakeAllConditionVariable
SleepConditionVariableSRW
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
HeapAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
HeapSize
WriteConsoleW
SetEndOfFile
GetSystemTime
SystemTimeToFileTime
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
VirtualFree
SwitchToFiber
DeleteFiber
CreateFiberEx
GetSystemDirectoryA
LoadLibraryA
GetEnvironmentVariableW
ConvertFiberToThread
ConvertThreadToFiberEx
SetConsoleMode
ReadConsoleA
GetEnvironmentVariableA
LeaveCriticalSection
RtlUnwind
WaitForMultipleObjects
GetCurrentProcess
EnterCriticalSection
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime

shell32

SHGetFolderPathA

bcrypt

BCryptGenRandom

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

crypt32

CertDuplicateCertificateContext
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertFindCertificateInStore

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 944KB - Virtual size: 944KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79d2dce55725eb18c372a938601183a5

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ws2_32

kernel32

shell32

bcrypt

user32

crypt32

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 944KB - Virtual size: 944KB

.data Size: 51KB - Virtual size: 75KB

.pdata Size: 139KB - Virtual size: 138KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 43KB - Virtual size: 43KB

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 944KB - Virtual size: 944KB

.data
Size: 51KB - Virtual size: 75KB

.pdata
Size: 139KB - Virtual size: 138KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 43KB - Virtual size: 43KB