f5d73e723e15f77370a01603df1ccff0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

f5d73e723e15f77370a01603df1ccff0N.exe
Size

296KB
MD5

f5d73e723e15f77370a01603df1ccff0
SHA1

81d66183042e2f5fc59ff4eccbd3208c5b55b7ee
SHA256

8c27af8157f73914b125c5c4dd56e0279c5130c7238770241650141da7cbaf3b
SHA512

8a36082964765b2826c794a10431306af3a28ee405b3206f7e4f35d4f67b409aea0d74a887bb160a480d509f441ae521df257efff673b8e0176def68d62a4411
SSDEEP

6144:AoR/KzHYTm7fbozos+b3WCIGifqihpfqrGta:AG/GHYio+bQGihKGt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5d73e723e15f77370a01603df1ccff0N.exe

Files

f5d73e723e15f77370a01603df1ccff0N.exe
.dll regsvr32 windows:10 windows x86 arch:x86

164b3544a9e84efbb854d650748aa154

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msorcl32.pdb

Imports

msvcrt

fclose
ftell
strstr
isspace
_fdopen
_wsplitpath_s
_wmakepath_s
isdigit
atol
fseek
_open
fwrite
free
_tempnam
fread
_endthreadex
isxdigit
strchr
strcspn
strncmp
bsearch
_beginthreadex
_stricmp
strtoul
_ultoa_s
atoi
_HUGE
_gcvt
strtod
tolower
localeconv
atof
_XcptFilter
_amsg_exit
malloc
_initterm
_except_handler4_common
strrchr
floor
_ftol2_sse
isalnum
_strnicmp
isalpha
toupper
_vsnprintf
memcpy
memset

kernel32

ExpandEnvironmentStringsA
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
GetLocalTime
GlobalUnlock
lstrcmpiA
GlobalLock
GlobalFree
GlobalAlloc
lstrcmpA
CreateEventA
FreeLibrary
GetProcAddress
ResetEvent
SetEvent
HeapDestroy
HeapAlloc
HeapCreate
GetTempPathA
LoadLibraryExW
DeleteCriticalSection
GetSystemInfo
DisableThreadLibraryCalls
CreateMutexA
InitializeCriticalSection
GetModuleFileNameW
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
IsDBCSLeadByte
HeapReAlloc
CloseHandle
WaitForSingleObject
LoadLibraryExA
HeapFree
ReleaseMutex

user32

GetWindowRect
SetWindowPos
MapWindowPoints
MoveWindow
IsDlgButtonChecked
SetFocus
SendDlgItemMessageA
GetClientRect
GetDlgItem
CheckDlgButton
GetDesktopWindow
GetParent
EnableWindow
DispatchMessageA
CharUpperA
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageA
LoadStringW
MessageBoxA
LoadStringA
GetCursor
EndDialog
DialogBoxParamA
GetDlgItemTextA
SetWindowLongA
GetWindowLongA
SetWindowTextA
SetDlgItemTextA
SetCursor
MessageBoxW

ntdll

_vsnwprintf_s

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

Exports

Exports

ConfigDSN
DllMain
DllRegisterServer
DllUnregisterServer
LoadByOrdinal
SQLAllocConnect
SQLAllocEnv
SQLAllocStmt
SQLBindCol
SQLBindParameter
SQLBrowseConnect
SQLCancel
SQLColAttributes
SQLColumns
SQLConnect
SQLDescribeCol
SQLDescribeParam
SQLDisconnect
SQLDriverConnect
SQLError
SQLExecDirect
SQLExecute
SQLExtendedFetch
SQLFetch
SQLForeignKeys
SQLFreeConnect
SQLFreeEnv
SQLFreeStmt
SQLGetConnectOption
SQLGetCursorName
SQLGetData
SQLGetInfo
SQLGetStmtOption
SQLGetTypeInfo
SQLMoreResults
SQLNativeSql
SQLNumParams
SQLNumResultCols
SQLParamData
SQLPrepare
SQLPrimaryKeys
SQLProcedureColumns
SQLProcedures
SQLPutData
SQLRowCount
SQLSetConnectOption
SQLSetCursorName
SQLSetPos
SQLSetScrollOptions
SQLSetStmtOption
SQLSpecialColumns
SQLStatistics
SQLTables
SQLTransact

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

164b3544a9e84efbb854d650748aa154

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

ntdll

advapi32

Exports

Exports

Sections

.text Size: 134KB - Virtual size: 134KB

.data Size: 10KB - Virtual size: 14KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 145KB - Virtual size: 145KB

.text
Size: 134KB - Virtual size: 134KB

.data
Size: 10KB - Virtual size: 14KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 145KB - Virtual size: 145KB