884885ff4f24aed2094893c80cdffbb0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

884885ff4f24aed2094893c80cdffbb0N.exe
Size

7.9MB
MD5

884885ff4f24aed2094893c80cdffbb0
SHA1

87ea8023477551a4b8a2ea4a4c5be6671c68b640
SHA256

7df1d88e65b1c9ffb4cf4bd058f784ba753a88c51277b206c34fd3c4a101dafd
SHA512

689fc0aa5d0599a55cc1e87c9c92830f5e1f07a05397ba9f90775541e9d8fee9895b23b0222b25bc160387e63ef23c0e41fc56827a490c4ab41037904ff78034
SSDEEP

196608:Nkt9KiFmu5Snz12Bj9pmRD1nkGq655omCsIHnyuwtVOaiJMsPfObXnNDFcSOUi1:NpNu41+UDqBH7arNDFcSHi1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
884885ff4f24aed2094893c80cdffbb0N.exe

Files

884885ff4f24aed2094893c80cdffbb0N.exe
.exe windows:4 windows x86 arch:x86

f184c9f42e11f43fbb5f83aaaf3443b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextA
CryptAcquireContextW
CryptCreateHash
CryptDestroyHash
CryptGenRandom
CryptGetHashParam
CryptHashData
CryptReleaseContext
DeregisterEventSource
RegisterEventSourceW
ReportEventW
SystemFunction036

bcrypt

BCryptGenRandom

comctl32

InitCommonControlsEx

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontA
DeleteDC
DeleteObject
GetDIBits
GetDeviceCaps
GetObjectA
SelectObject
SetBkMode
SetDIBits
SetTextColor

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
AllocConsole
CloseHandle
CompareFileTime
ConvertFiberToThread
ConvertThreadToFiberEx
CreateEventA
CreateFiberEx
CreateProcessA
CreateSemaphoreA
DeleteCriticalSection
DeleteFiber
DuplicateHandle
EnterCriticalSection
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FindResourceA
FormatMessageA
FormatMessageW
FreeLibrary
FreeResource
GetACP
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentVariableA
GetEnvironmentVariableW
GetFileAttributesA
GetFileType
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleExA
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessTimes
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount64
GetTickCount
GetVersion
InitializeCriticalSection
InitializeSRWLock
IsDBCSLeadByteEx
IsDebuggerPresent
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LoadResource
LocalFree
LockResource
MoveFileExA
MulDiv
MultiByteToWideChar
OpenProcess
OutputDebugStringA
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleA
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetConsoleMode
SetConsoleScreenBufferSize
SetEvent
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SleepEx
SuspendThread
SwitchToFiber
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualLock
VirtualProtect
VirtualQuery
VirtualUnlock
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

msimg32

AlphaBlend

msvcrt

__getmainargs
__initenv
__mb_cur_max
__p__acmdln
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_access
_amsg_exit
_assert
_beginthreadex
_cexit
_close
_endthreadex
_errno
_exit
_fdopen
_fdopen
_filelengthi64
_fileno
_fileno
_fstat64
_fstati64
_initterm
_iob
_ismbblead
_lock
_lseeki64
_onexit
_open
_open_osfhandle
_read
_setjmp3
_setmode
_snwprintf
_stat
_stati64
_strdup
_strdup
_strtoi64
_sys_errlist
_sys_nerr
_strtoui64
_ultoa
_unlink
_unlock
_vsnprintf
_vsnwprintf
_wfopen
_write
abort
atoi
calloc
clock
exit
fclose
feof
ferror
fflush
fgetpos
fgets
fopen
fprintf
fputc
fputs
fputwc
fread
free
freopen
fseek
fsetpos
ftell
fwprintf
fwrite
getc
getenv
getwc
gmtime
isspace
iswctype
localtime
isxdigit
localeconv
longjmp
malloc
memchr
memcpy
memmove
memset
memcmp
printf
putc
putwc
qsort
raise
realloc
remove
rename
setlocale
setvbuf
signal
sprintf
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtol
strtoul
strxfrm
time
tolower
towlower
towupper
ungetc
ungetwc
vfprintf
wcscoll
wcscpy
wcsftime
wcslen
wcsstr
wcstombs
wcsxfrm

shell32

SHCreateDirectoryExA
ShellExecuteW

user32

CreateWindowExW
DefWindowProcW
DestroyWindow
DispatchMessageW
DrawTextW
FillRect
GetClientRect
GetDC
GetMessageW
GetMonitorInfoA
GetProcessWindowStation
GetUserObjectInformationW
GetWindowRect
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
MessageBoxA
MessageBoxW
MonitorFromWindow
PostMessageA
PostQuitMessage
RegisterClassExW
ReleaseDC
SendMessageA
SendMessageW
SetTimer
ShowWindow
SystemParametersInfoA
TranslateMessage
UpdateLayeredWindow

wldap32

ber_free
ldap_err2string
ldap_first_attribute
ldap_first_entry
ldap_get_dn
ldap_get_values_len
ldap_init
ldap_memfree
ldap_msgfree
ldap_next_attribute
ldap_next_entry
ldap_search_s
ldap_set_option
ldap_simple_bind_s
ldap_sslinit
ldap_unbind_s
ldap_value_free_len

ws2_32

WSACleanup
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAIoctl
WSAResetEvent
WSASetEvent
WSASetLastError
WSAStartup
WSAWaitForMultipleEvents
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyaddr
gethostbyname
gethostname
getpeername
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 793KB - Virtual size: 792KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 801KB - Virtual size: 800KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f184c9f42e11f43fbb5f83aaaf3443b4

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

bcrypt

comctl32

crypt32

gdi32

kernel32

msimg32

msvcrt

shell32

user32

wldap32

ws2_32

Sections

.text Size: 4.5MB - Virtual size: 4.5MB

.data Size: 24KB - Virtual size: 24KB

.rdata Size: 793KB - Virtual size: 792KB

.eh_fram Size: 801KB - Virtual size: 800KB

.bss Size: - Virtual size: 14KB

.idata Size: 11KB - Virtual size: 10KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.reloc Size: 148KB - Virtual size: 147KB

.text
Size: 4.5MB - Virtual size: 4.5MB

.data
Size: 24KB - Virtual size: 24KB

.rdata
Size: 793KB - Virtual size: 792KB

.eh_fram
Size: 801KB - Virtual size: 800KB

.bss
Size: - Virtual size: 14KB

.idata
Size: 11KB - Virtual size: 10KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.reloc
Size: 148KB - Virtual size: 147KB