9b151f3c03974764c0cf75ec1ea7a5b0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

9b151f3c03974764c0cf75ec1ea7a5b0N.exe
Size

148KB
MD5

9b151f3c03974764c0cf75ec1ea7a5b0
SHA1

97c8b8abd31c9a65ffbb1377adab90dc8e48eb35
SHA256

d6e24f700572342e00a92dd03e946128cb76d2d021a7e0045c934855b3cdeba8
SHA512

9b234ebf684243047f8c156b7c9a00af8f838fac51f6bce58bb3383d771b85f3aac059c615a34e4e201e2cfd697e7ab1d47d4c9264a2f55fc4df69bd45470c72
SSDEEP

1536:rwNviKXA7O/MqWVI7ajhPaV4BRhouSIhSRIHRwvLMENx61XCedv8FkP9HQbVFN:MNXA7OwVFIUyuS/gRYRCXHdvSE9Hi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9b151f3c03974764c0cf75ec1ea7a5b0N.exe

Files

9b151f3c03974764c0cf75ec1ea7a5b0N.exe
.exe windows:4 windows x86 arch:x86

c7135f4e286be3bd0f7aa6688fb737d6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winspool.drv

EnumPrintProcessorsW
EndPagePrinter
AddPrintProvidorA
EnumPrinterDriversA
AddMonitorW
DeletePrinterDriverExW
OpenPrinterW
EndDocPrinter
GetPrinterDataW
SetPrinterDataA
FreePrinterNotifyInfo
DeleteMonitorA
PrinterProperties
ScheduleJob
ReadPrinter
SetPrinterDataExW
SetPrinterDataExA
AdvancedDocumentPropertiesA

user32

CreateDialogParamA
UnregisterHotKey
DrawStateA
GetDialogBaseUnits
GetMenuState
EnumClipboardFormats
DdeFreeDataHandle
CharLowerBuffW
DlgDirListComboBoxA
DefDlgProcA
DdeConnectList
GetCaretBlinkTime
SetClassLongW
DdeUnaccessData
CreateCaret
DrawCaption
ValidateRect
DestroyCursor
OpenWindowStationA
DdeSetQualityOfService
NotifyWinEvent
GetKeyboardLayout
DrawTextExW
TrackPopupMenu
GetClipboardData
InsertMenuItemW
GetKeyboardLayoutList
GetWindowModuleFileNameA
OpenInputDesktop
EnableWindow

rpcns4

RpcIfIdVectorFree

rasapi32

RasGetCountryInfoW
RasEnumConnectionsA
RasGetConnectStatusA
RasCreatePhonebookEntryA
RasEditPhonebookEntryA

msvcrt

__p__commode
__p__fmode
_adjust_fdiv
_controlfp
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_except_handler3
__set_app_type

rpcrt4

RpcAsyncAbortCall
NdrServerContextUnmarshall
I_RpcFreePipeBuffer
RpcServerUseProtseqIfW
I_RpcGetBuffer
RpcBindingServerFromClient
NdrMesTypeDecode
NdrFixedArrayFree
RpcBindingInqAuthInfoExW
NdrNonConformantStringBufferSize
I_RpcFreeBuffer
NdrUserMarshalMarshall
IUnknown_QueryInterface_Proxy
RpcSsDestroyClientContext
RpcMgmtInqStats
RpcBindingInqOption
RpcSsEnableAllocate
NdrPointerMemorySize
NdrFullPointerQueryRefId
I_RpcAsyncSetHandle
NdrContextHandleSize
NDRSContextMarshallEx
RpcServerInqBindings
I_RpcPauseExecution
RpcBindingInqAuthClientA

msi

ord46
ord22
ord169
ord19
ord165
ord43
ord15
ord49
ord56
ord8

winmm

mciGetErrorStringW
midiOutPrepareHeader
midiOutGetDevCapsA
waveOutGetPosition
waveOutClose
mixerClose
mixerGetControlDetailsW
PlaySoundW
PlaySoundA
waveInReset
midiInAddBuffer
midiInOpen
mmioInstallIOProcA
midiOutCacheDrumPatches

mpr

WNetGetNetworkInformationA
WNetUseConnectionW
WNetGetProviderNameA
WNetDisconnectDialog1A
WNetCancelConnectionA
WNetEnumResourceW
WNetConnectionDialog
WNetCancelConnection2A
WNetGetConnectionA
MultinetGetConnectionPerformanceA

kernel32

GetProcessHeaps
GetUserDefaultLCID
FileTimeToSystemTime
GetStartupInfoA
GetModuleHandleA
GlobalUnlock
GetCommandLineA
CreateTapePartition
GetTempFileNameA
CreateToolhelp32Snapshot
GetConsoleOutputCP
GetLongPathNameW
EnumTimeFormatsW
CreateMutexA
GlobalMemoryStatus
GetAtomNameW
FindFirstFileA
GetCommandLineW
GetFileAttributesExA
CreateNamedPipeW
EnumSystemCodePagesA

urlmon

IsValidURL
CoInternetParseUrl
UrlMkGetSessionOption

setupapi

SetupGetFieldCount

resutils

ResUtilVerifyPrivatePropertyList
ResUtilGetDwordProperty
ResUtilGetProperties

gdi32

GetEnhMetaFilePaletteEntries

comctl32

ImageList_DragEnter
ImageList_Draw
ord4
ImageList_DragLeave
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_Add
ord6
ImageList_Write
FlatSB_SetScrollRange
InitializeFlatSB
ord13
ImageList_EndDrag
ImageList_DragShowNolock
FlatSB_SetScrollInfo
ImageList_Destroy
ImageList_GetImageInfo
ImageList_LoadImageA

oleaut32

VarI2FromCy
VarUI1FromI2

clusapi

DeleteClusterGroup
EvictClusterNode
GetClusterNetworkKey
OpenClusterNode

version

VerFindFileA

wininet

GopherOpenFileA
FtpFindFirstFileW
InternetReadFileExA
DeleteUrlCacheEntry
InternetQueryDataAvailable
GetUrlCacheEntryInfoExW
GopherFindFirstFileA
FtpRemoveDirectoryW
RetrieveUrlCacheEntryFileA
InternetSetOptionExW
FindFirstUrlCacheEntryExW
InternetGetConnectedState
InternetConnectA
InternetOpenUrlA
GetUrlCacheEntryInfoExA

advapi32

GetTrusteeTypeA
CreateServiceA
RegOverridePredefKey
AreAnyAccessesGranted

lz32

LZOpenFileW
LZCopy

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata�r
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7135f4e286be3bd0f7aa6688fb737d6

Headers

File Characteristics

Imports

winspool.drv

user32

rpcns4

rasapi32

msvcrt

rpcrt4

msi

winmm

mpr

kernel32

urlmon

setupapi

resutils

gdi32

comctl32

oleaut32

clusapi

version

wininet

advapi32

lz32

Sections

.text Size: 88KB - Virtual size: 85KB

.rdata�r Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 240KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 88KB - Virtual size: 85KB

.rdata�r
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 240KB

.rsrc
Size: 4KB - Virtual size: 1KB