15c6632372d972c90d68630c080b53b0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

15c6632372d972c90d68630c080b53b0N.exe
Size

2.2MB
MD5

15c6632372d972c90d68630c080b53b0
SHA1

a7f814f2ce6b3dd23bbf3291c99434f04d8131b3
SHA256

78f93e2b8e0c64885111066414722329d65e071fc9cab77efbd8d17305f6ddc2
SHA512

a5f2b88be24700ae1049e7c30e57c67ca54657de2df2bf3737dbb959d53f310d631938cddffccbc2d8a01a0723497f61df5b04908376b10a22f23201dbffd2f2
SSDEEP

49152:w9iR1wZWx7qZymLUuF+8X0Dnkb9fQcs0xw3:w0R1jeNUuFHkDkb2x3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15c6632372d972c90d68630c080b53b0N.exe

Files

15c6632372d972c90d68630c080b53b0N.exe
.exe windows:5 windows x86 arch:x86

bba6337e2d0a503ba98e9cb74d7e5ef3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\tmpclient\client\InstallStub\Release\PlaxoHelper.pdb

Imports

setupapi

SetupIterateCabinetW

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA

wininet

InternetCloseHandle
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetSetCookieA
InternetGetCookieW

ws2_32

ntohl
htonl
htons
ntohs

shlwapi

AssocQueryStringW

kernel32

Sleep
GetComputerNameW
CreateThread
GetProcAddress
LoadLibraryW
FreeLibrary
GetTempPathW
RaiseException
MultiByteToWideChar
OutputDebugStringW
CreateEventW
MoveFileW
GetSystemDirectoryW
GetModuleHandleW
lstrlenA
InterlockedIncrement
lstrcmpiW
FindClose
FindNextFileW
CreateProcessW
FindFirstFileW
LoadLibraryExW
SetEvent
SizeofResource
LoadResource
FindResourceW
GetModuleFileNameW
DeleteFileW
GetFileSize
CreateFileW
CopyFileW
ResetEvent
GetCommandLineW
MulDiv
ExpandEnvironmentStringsW
ReleaseMutex
CreateMutexW
FlushInstructionCache
GetCurrentProcess
lstrcmpW
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentThreadId
SetLastError
LockResource
DebugBreak
GetTickCount
ReadFile
RemoveDirectoryW
CreateDirectoryW
GetDriveTypeW
GetDiskFreeSpaceExW
GetWindowsDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetCurrentProcessId
SetEndOfFile
WriteFile
SetFilePointer
OpenProcess
LoadLibraryA
GetVersionExW
WaitForSingleObject
HeapFree
HeapAlloc
GetModuleFileNameA
HeapDestroy
HeapCreate
GetSystemTimeAsFileTime
WaitForMultipleObjects
GetExitCodeProcess
GetFileAttributesW
FormatMessageW
OutputDebugStringA
GetSystemPowerStatus
QueryPerformanceCounter
LocalFree
SetUnhandledExceptionFilter
GetProcessHeap
IsBadWritePtr
ReadProcessMemory
IsBadReadPtr
lstrcpynW
IsBadCodePtr
GetCurrentThread
GetModuleHandleA
TlsAlloc
TlsGetValue
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoA
GetCommandLineA
HeapReAlloc
GetConsoleMode
GetConsoleCP
SetEnvironmentVariableW
FileTimeToLocalFileTime
FileTimeToSystemTime
ExitProcess
IsDebuggerPresent
UnhandledExceptionFilter
RtlUnwind
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
CloseHandle
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
InterlockedDecrement
GetLastError
TlsSetValue
TlsFree
CreateFileA
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetLocaleInfoA
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
HeapSize
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
GetFullPathNameW
GetCurrentDirectoryA
SetHandleCount
GetFileType
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetStringTypeExW
GetStdHandle
TerminateProcess
GetTimeZoneInformation

user32

MsgWaitForMultipleObjectsEx
CallMsgFilterW
PostQuitMessage
GetKeyState
PeekMessageW
CharLowerW
wvsprintfW
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
RegisterWindowMessageW
SendDlgItemMessageW
DestroyCursor
TrackMouseEvent
SetCursor
LoadImageW
wsprintfW
CreateAcceleratorTableW
RegisterClassExW
GetClassInfoExW
IsWindow
GetFocus
GetWindow
DestroyAcceleratorTable
BeginPaint
EndPaint
CallWindowProcW
ReleaseCapture
GetClassNameW
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
ScreenToClient
SetLastErrorEx
MoveWindow
GetSysColor
KillTimer
DrawTextW
FindWindowExW
SetForegroundWindow
FindWindowW
UnregisterClassW
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
LoadIconW
LoadCursorW
RegisterClassW
CreateWindowExW
GetWindowLongW
SetWindowLongW
FillRect
DefWindowProcW
GetDC
ReleaseDC
SendMessageW
EnableWindow
SetWindowTextW
GetClientRect
InvalidateRect
ShowWindow
GetWindowRect
GetSystemMetrics
SetWindowPos
DestroyWindow
GetDesktopWindow
MessageBoxW
CharNextW
DialogBoxParamW
SetFocus
EndDialog
GetDlgItem
GetWindowTextLengthW
GetWindowTextW
GetWindowPlacement
PostMessageW
PostThreadMessageW
LoadStringW
ClientToScreen
UnregisterClassA
SetTimer

gdi32

SetWindowOrgEx
SetBkColor
SetTextColor
GetWindowExtEx
SetWindowExtEx
GetViewportExtEx
DeleteObject
GetStockObject
CreateFontIndirectW
GetDeviceCaps
SetPixel
GetClipBox
CreateSolidBrush
SelectObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetObjectW
SetViewportExtEx

advapi32

RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
GetUserNameW

shell32

SHFileOperationW
SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteW
SHGetPathFromIDListW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
OleInitialize
OleUninitialize

oleaut32

SysAllocStringLen
VariantInit
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysAllocStringByteLen
SysStringByteLen
VarBstrCmp
DispCallFunc
SysStringLen
SysFreeString
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
OleLoadPicture
VarUI4FromStr
SysAllocString
SafeArrayDestroy

Exports

Exports

_AddCrashHandlerLimitModule@4
_BSUGetModuleBaseName@16
_BSUGetModuleFileNameEx@20
_BSUSymInitialize@16
_GetFaultReason@4
_GetFaultReasonVB@12
_GetFirstStackTraceString@8
_GetFirstStackTraceStringVB@16
_GetLimitModuleCount@0
_GetLimitModulesArray@8
_GetLoadedModules@16
_GetNextStackTraceString@8
_GetNextStackTraceStringVB@16
_GetRegisterString@4
_GetRegisterStringVB@12
_IsNT@0
_SetCrashHandlerFilter@4

Sections

.text
Size: 529KB - Virtual size: 529KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bba6337e2d0a503ba98e9cb74d7e5ef3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

version

wininet

ws2_32

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 529KB - Virtual size: 529KB

.rdata Size: 115KB - Virtual size: 115KB

.data Size: 16KB - Virtual size: 31KB

.rsrc Size: 88KB - Virtual size: 87KB

.text
Size: 529KB - Virtual size: 529KB

.rdata
Size: 115KB - Virtual size: 115KB

.data
Size: 16KB - Virtual size: 31KB

.rsrc
Size: 88KB - Virtual size: 87KB