ExeFile (291)[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ExeFile (291).exe
Size

496KB
MD5

1c7859bc1a692b0b2a1708a939946e4f
SHA1

3dfbac1448e003d572dfffe8c60e172b76ab6a16
SHA256

b6a24e7bfbf044353d40863b1f63da760249344b453a267faeaeabd4b7ab6268
SHA512

713a8b19f6f03105be8931b8ae865136365aeaa91b42c76c773c5252e651a726eab309fdd6329ba2250b09cc30aeee52a801aa0e31710c06d2fcd57ec6af390c
SSDEEP

12288:TjL09PkEWKSlFCJQyLb1liRKbqh0DqH5wDcaYCefjR7:qfWKSGbIR8qhjaYCgjR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ExeFile (291).exe

Files

ExeFile (291).exe
.exe windows:5 windows x86 arch:x86

79e575d2c38e427e42e4cab6ec1255e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\proj\src\MyUtility\Release\Single.pdb

Imports

kernel32

FileTimeToLocalFileTime
GetCommandLineA
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
GetSystemTimeAsFileTime
ExitThread
GetFileInformationByHandle
GetDriveTypeA
FindFirstFileA
RtlUnwind
RaiseException
HeapSize
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
VirtualAlloc
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetStdHandle
GetFullPathNameA
GetCurrentDirectoryA
GetTimeZoneInformation
GetLocaleInfoA
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableA
GetProcessHeap
lstrlenA
FileTimeToSystemTime
FindClose
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
GlobalFindAtomW
GetVersionExA
GetCurrentProcessId
GlobalAddAtomW
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalFree
LocalAlloc
CompareStringW
GlobalFlags
GlobalFree
GlobalUnlock
GetModuleHandleA
InterlockedDecrement
SetErrorMode
lstrlenW
GlobalDeleteAtom
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryW
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
ExpandEnvironmentStringsA
LoadLibraryA
GetProcAddress
FreeLibrary
GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetTickCount
FormatMessageA
CloseHandle
SleepEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
WritePrivateProfileStringW
GetPrivateProfileStringW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
Sleep
DeleteFileW
WideCharToMultiByte
CreateThread
WaitForSingleObject
GetLastError
CreateMutexW
GetCommandLineW
ExitProcess
GetModuleHandleW
GetModuleFileNameW
GetCurrentThread
SetThreadPriority
GetCurrentProcess
GetStartupInfoA
SetPriorityClass

user32

RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
EnableWindow
GetMenuItemID
GetPropW
GetWindow
GetDlgCtrlID
GetWindowRect
GetWindowLongW
GetClassNameW
PtInRect
GetWindowTextW
SetWindowTextW
GetSysColor
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
UnhookWindowsHookEx
GetMenuItemCount
SetCursor
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
wsprintfW
MessageBoxW
GetParent
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
SendMessageW
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
PostQuitMessage
PostMessageW
SetPropW
DestroyMenu
LoadCursorW
GetSysColorBrush
ShowWindow
RegisterWindowMessageW
LoadIconW
GetClassLongW
WinHelpW
GetSubMenu
GetCapture

gdi32

DeleteObject
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
GetDeviceCaps
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
CreateBitmap
SaveDC

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptAcquireContextA
CryptCreateHash

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHGetFolderPathW
ShellExecuteExW
SHChangeNotify

shlwapi

PathFindExtensionW
PathFindFileNameW
PathFileExistsW

oleaut32

VariantInit
VariantChangeType
VariantClear

ws2_32

send
recv
getsockname
ntohs
bind
htons
getsockopt
getpeername
closesocket
socket
connect
WSASetLastError
freeaddrinfo
getaddrinfo
sendto
recvfrom
accept
listen
__WSAFDIsSet
select
ioctlsocket
gethostname
WSAGetLastError
WSAStartup
WSACleanup
setsockopt

wldap32

ord22
ord211
ord60
ord50
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord143
ord27
ord41
ord46
ord301

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 361KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79e575d2c38e427e42e4cab6ec1255e0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

oleaut32

ws2_32

wldap32

version

iphlpapi

Sections

.text Size: 361KB - Virtual size: 361KB

.rdata Size: 67KB - Virtual size: 66KB

.data Size: 9KB - Virtual size: 24KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 39KB - Virtual size: 38KB

.text
Size: 361KB - Virtual size: 361KB

.rdata
Size: 67KB - Virtual size: 66KB

.data
Size: 9KB - Virtual size: 24KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 39KB - Virtual size: 38KB