39f5a534cbb3c81b531ecd0d36003a80N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

39f5a534cbb3c81b531ecd0d36003a80N.exe
Size

1.1MB
MD5

39f5a534cbb3c81b531ecd0d36003a80
SHA1

a4ea575db10c28cac9b3722cea23198056ef11c4
SHA256

5bce2680565e9ec7a1184d6c4a54a6f421b4163eee3a4608cd8e3b3bad344fca
SHA512

a8ed2dfd60ab38a302bf5ba79fd872e77f03e0b393e64e6f95676defdc2c237832643d7d7328004de71eaf03c751556857a98e8729f28935ad6899b4ecf4dc99
SSDEEP

24576:T4vkmkkFValYBr47rBoq22IiAPWn/aZR9InZk8cKxk/7:T4vOoZ47to8APnwrQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39f5a534cbb3c81b531ecd0d36003a80N.exe

Files

39f5a534cbb3c81b531ecd0d36003a80N.exe
.exe windows:4 windows x86 arch:x86

98b7f925199fea48d9481a190c967902

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\WiFiSrc\wifiday\Debug\netmonitor.pdb

Imports

ws2_32

sendto
WSASocketA
WSAStartup
setsockopt
connect
closesocket
send
recv
WSACleanup
htons
htonl
inet_ntoa
ntohs
getpeername
inet_addr
getservbyname
gethostbyname
WSAGetLastError
shutdown
socket
ntohl

wpcap

pcap_lookupdev
pcap_datalink
pcap_setfilter
pcap_compile
pcap_open_live
pcap_close
pcap_geterr
pcap_loop
pcap_fileno
pcap_next

libnet

libnet_build_arp
libnet_build_udp
libnet_build_tcp_options
libnet_adv_free_packet
libnet_adv_cull_packet
libnet_build_ethernet
libnet_build_dhcpv4
libnet_build_icmpv4_redirect
libnet_getpacket_size
libnet_build_tcp
libnet_build_ipv4
libnet_write
libnet_ifaddrlist
libnet_init
libnet_geterror

zlib

ord20
ord3
ord21
ord19
ord23

psapi

GetModuleBaseNameA
EnumProcessModules
EnumProcesses

wpa

wpa_decrypt
init_wpa_keys

dnsapi

DnsRecordListFree
DnsQuery_A

kernel32

LCMapStringW
LCMapStringA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
VirtualQuery
GetSystemInfo
VirtualProtect
UnhandledExceptionFilter
SetStdHandle
InterlockedExchange
GetProcessHeap
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
SetLastError
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
OutputDebugStringA
GetStdHandle
HeapAlloc
RtlUnwind
FatalAppExitA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
QueryPerformanceCounter
GetACP
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
TerminateProcess
OpenProcess
Sleep
CreateThread
GetVersionExA
GetLastError
CreateMutexA
SetErrorMode
GetVersion
GetCurrentThreadId
GetCurrentThread
WideCharToMultiByte
MultiByteToWideChar
DeviceIoControl
CreateFileA
GetCurrentDirectoryA
GetTickCount
SetNamedPipeHandleState
WaitNamedPipeA
ReadFile
WriteFile
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
DeleteCriticalSection
GetWindowsDirectoryA
SetThreadPriority
CreateSemaphoreA
InterlockedDecrement
WaitForSingleObject
InterlockedIncrement
ReleaseSemaphore
FindNextFileA
FindFirstFileA
GetCommandLineA
GetTimeZoneInformation
GetCurrentProcessId
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
GetLocaleInfoW
SetEnvironmentVariableW
GetDriveTypeA
GetFullPathNameA
SetCurrentDirectoryA
GetFileInformationByHandle
PeekNamedPipe
GetOEMCP
MoveFileA
GetDateFormatA
GetTimeFormatA
ExitThread
ResumeThread
SetConsoleCtrlHandler
CreateDirectoryA
DeleteFileA
GetModuleHandleA
ExitProcess
GetCurrentProcess
LoadLibraryA
GetProcAddress
RaiseException
DebugBreak
GetModuleFileNameA
GetSystemTimeAsFileTime
HeapValidate
IsBadReadPtr
IsBadWritePtr

user32

PeekMessageA
WaitMessage
PostThreadMessageA

advapi32

OpenServiceA
RegEnumValueA
DeleteService
CreateServiceA
StartServiceA
OpenSCManagerA
ControlService
CloseServiceHandle
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

iphlpapi

GetIpNetTable
SendARP
CreateIpNetEntry
DeleteIpNetEntry
GetAdaptersInfo

packet

PacketInitPacket
PacketAllocatePacket
PacketSetBuff
PacketOpenAdapter
PacketFreePacket
PacketSendPacket

Sections

.textbss
Size: - Virtual size: 434KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 888KB - Virtual size: 885KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 7.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

98b7f925199fea48d9481a190c967902

Headers

File Characteristics

PDB Paths

Imports

ws2_32

wpcap

libnet

zlib

psapi

wpa

dnsapi

kernel32

user32

advapi32

shell32

iphlpapi

packet

Sections

.textbss Size: - Virtual size: 434KB

.text Size: 888KB - Virtual size: 885KB

.rdata Size: 100KB - Virtual size: 96KB

.data Size: 100KB - Virtual size: 7.0MB

.idata Size: 8KB - Virtual size: 7KB

.tls Size: 72KB - Virtual size: 72KB

.textbss
Size: - Virtual size: 434KB

.text
Size: 888KB - Virtual size: 885KB

.rdata
Size: 100KB - Virtual size: 96KB

.data
Size: 100KB - Virtual size: 7.0MB

.idata
Size: 8KB - Virtual size: 7KB

.tls
Size: 72KB - Virtual size: 72KB