4d9393fdb71b316a98b5df71c52d82c0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4d9393fdb71b316a98b5df71c52d82c0N.exe
Size

608KB
MD5

4d9393fdb71b316a98b5df71c52d82c0
SHA1

918795df4e888355a6fd3199dfefa642c6afafd6
SHA256

eb6da04407da423a9dd40fb499349ed199b5d803fa6ca3e54158c3ef65692211
SHA512

14620be38843f252902f92ab921da9bc759b601d791bf72ca4fb5b0513f036d84f0a4dbc0d6a521e8ae6f5e61b4fa905c0a04fd78ccc76bf886e0bb1938033ca
SSDEEP

12288:WvoqaqzPTY53of4XgbXZqHfdQCaIY//RnhOWrZVoexdqCLH31Ii3Dn:WQEPYPwbXZq6C7Y/5kWrZVoe/1LH3bDn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d9393fdb71b316a98b5df71c52d82c0N.exe

Files

4d9393fdb71b316a98b5df71c52d82c0N.exe
.exe windows:10 windows x64 arch:x64

90ac86a122e388fc7e7952289389e5b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

auditpol.pdb

Imports

msvcrt

_onexit
__dllonexit
_unlock
??1type_info@@UEAA@XZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
?terminate@@YAXXZ
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_purecall
_callnewh
malloc
_wcsnicmp
??_V@YAXPEAX@Z
_wsetlocale
_lock
__CxxFrameHandler3
_wcsicmp
??3@YAXPEAX@Z
wprintf
__iob_func
_vsnwprintf

auditpolcore

LoadFormatStringAndPrintToConsole
DisplayMessage
GetDisplayPolicy
AdtRemoveBasePolicy
AdtSetSystemPolicy
AdtRestorePolicy
AdtRemoveAllUsers
AdtEnableSinglePrivilege
AuditPolicyData_DeleteAuditDataInstance
SetDisplayPolicy
AdtParseGuidOrNameArray
AdtClearPolicy
AdtListCategories
AdtLoadStringEx
AdtGetOption
AdtSetPerUserPolicy
AdtBackupPolicy
AdtGetPerUserPolicy
AdtSetOption
DisplayMessageToSpecificConsoleHandle
AdtGetSystemPolicy
AdtParseAuditOptionName
AdtListSubCategories

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-localization-l1-2-0

SetThreadPreferredUILanguages
FormatMessageW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW
LookupAccountNameW

api-ms-win-security-base-l1-1-0

GetLengthSid
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
GetAclInformation
InitializeSecurityDescriptor
GetAce
EqualSid
DeleteAce

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-security-audit-l1-1-1

AuditQuerySecurity
AuditSetGlobalSaclW
AuditSetSecurity
AuditQueryGlobalSaclW
AuditEnumeratePerUserPolicy

api-ms-win-security-lsapolicy-l1-1-0

LsaClose
LsaFreeMemory
LsaLookupSids
LsaOpenPolicy

api-ms-win-security-audit-l1-1-0

AuditFree

api-ms-win-security-sddlparsecond-l1-1-0

LocalGetStringForCondition

ntdll

RtlNtStatusToDosError
RtlImageNtHeader

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

90ac86a122e388fc7e7952289389e5b0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

auditpolcore

api-ms-win-core-string-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-security-audit-l1-1-1

api-ms-win-security-lsapolicy-l1-1-0

api-ms-win-security-audit-l1-1-0

api-ms-win-security-sddlparsecond-l1-1-0

ntdll

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 1024B - Virtual size: 912B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 1024B - Virtual size: 912B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 568KB - Virtual size: 572KB