dba9134b3217274cd0f4ee07a800b8e0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

dba9134b3217274cd0f4ee07a800b8e0N.exe
Size

357KB
MD5

dba9134b3217274cd0f4ee07a800b8e0
SHA1

224d2112f51d4744cde37080a6e2b2bc01a3c701
SHA256

f5bc190e9375c8f39a113db3f40ebbf95bf9c713e31d1b365720b616fc254c0f
SHA512

17d4df2d330397fb6859cd4354a9640b9ddd13e8e4f04b6b198b5983be6b508ee03ff6bdf6f3dbf8404a4b12f8c0164e36e1694e48e58744cb8fef5e8a51f55b
SSDEEP

6144:euvh/NB4UbnaV7KBHaHt3PsBmXngcUsERRvbQBTpXr360cIBaTsV+PYQRp3S2aSl:b/NB9jaV7KBHaHtfsBmXrUtFbQG0VgPj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dba9134b3217274cd0f4ee07a800b8e0N.exe

Files

dba9134b3217274cd0f4ee07a800b8e0N.exe
.exe windows:4 windows x86 arch:x86

71de29e4d2a83548374f60741ffd0927

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mciSendCommandA
sndPlaySoundA
waveOutGetVolume
waveOutGetDevCapsA
waveOutSetVolume
auxGetDevCapsA
auxGetNumDevs
auxGetVolume
auxSetVolume
mciSendStringA

wsock32

WSAStartup
ioctlsocket
htons
bind
gethostbyaddr
shutdown
connect
accept
WSAAsyncSelect
closesocket
socket
select
send
gethostname
getservbyport
htonl
inet_addr
ntohs
getpeername
listen
recv
gethostbyname

wininet

InternetSetDialState
FtpPutFileA
InternetConnectA
FtpFindFirstFileA
FtpGetFileA
InternetHangUp
InternetReadFile
InternetDial
InternetOpenA
InternetTimeFromSystemTime
InternetOpenUrlA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetSetFilePointer

kernel32

FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr
IsBadWritePtr
ExitProcess
GetFileType
SetFilePointer
SetConsoleCtrlHandler
WinExec
_lclose
_lwrite
SetHandleCount
RtlUnwind
GetModuleFileNameA
GetTempFileNameA
_lopen
FindFirstFileA
SetCurrentDirectoryA
GetCurrentDirectoryA
CloseHandle
lstrcpyA
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
GetLastError
GetCurrentProcess
TerminateProcess
OpenProcess
MoveFileA
GetTempPathA
_lread
GetFileSize
Sleep
GetCommandLineA
HeapValidate
GetStartupInfoA
GetTickCount
CreateEventA
FreeLibrary
LoadLibraryA
GetDriveTypeA
GetLogicalDrives
_lcreat
DeleteFileA
SetFileTime
SystemTimeToFileTime
GetLocalTime
GetCurrentProcessId
GetVersionExA
SetFileAttributesA
CopyFileA
GetFileTime
FindClose
RemoveDirectoryA
CreateDirectoryA
GetDiskFreeSpaceA
GetVolumeInformationA
SetVolumeLabelA
SetComputerNameA
SetSystemTime
GetSystemTime
CreateThread
LocalAlloc
GlobalFree
WriteFile
CreateFileA
Beep
GetCPInfo
GetSystemDirectoryA
SetEndOfFile
GetACP
GetOEMCP
SetStdHandle
GetStdHandle
GetVersion
DebugBreak
InterlockedIncrement
InterlockedDecrement
OutputDebugStringA
HeapFree
HeapAlloc
HeapReAlloc
VirtualFree
HeapDestroy
HeapCreate
GetStringTypeA
VirtualAlloc
MultiByteToWideChar
GlobalLock
LCMapStringW
GetStringTypeW
FlushFileBuffers
LCMapStringA
GlobalAlloc
UnhandledExceptionFilter
_llseek
FindNextFileA
FileTimeToSystemTime
GetWindowsDirectoryA

user32

EnumChildWindows
mouse_event
GetCursorPos
keybd_event
VkKeyScanA
GetSystemMetrics
LoadImageA
MessageBoxA
wvsprintfA
FindWindowA
GetKeyState
CallNextHookEx
GetKeyNameTextA
SystemParametersInfoA
GetDlgItem
SetFocus
SetActiveWindow
SetForegroundWindow
ClipCursor
CreateDialogParamA
SetWindowTextA
IsCharAlphaNumericA
GetForegroundWindow
GetDesktopWindow
ExitWindowsEx
SwapMouseButton
EnableWindow
GetActiveWindow
SetDlgItemTextA
SetWindowsHookExA
UnhookWindowsHookEx
WindowFromPoint
SetCursorPos
DispatchMessageA
TranslateMessage
UpdateWindow
CloseWindow
IsWindowVisible
GetDlgItemTextA
BringWindowToTop
GetCapture
IsCharAlphaA
CharToOemA
IsWindow
GetClassNameA
SendMessageA
FrameRect
LoadIconA
DrawIcon
LoadCursorA
CreateWindowExA
ShowWindow
GetDC
SetWindowPos
DrawTextA
FillRect
ReleaseDC
SetTimer
CopyRect
WindowFromDC
GetWindowRect
KillTimer
DestroyWindow
BeginPaint
GetClientRect
EndPaint
DefWindowProcA
GetWindowThreadProcessId
GetWindowTextA
EnumWindows
PostMessageA
GetMessageA
IsWindowEnabled
RegisterClassA

gdi32

RestoreDC
MoveToEx
CreatePen
SelectObject
SetBkMode
SetTextColor
GetTextExtentPoint32A
CreateSolidBrush
SetBkColor
CreateFontIndirectA
StretchBlt
CreateCompatibleDC
GetStockObject
UpdateColors
GetObjectA
Rectangle
BitBlt
CreateCompatibleBitmap
GetDIBits
CreateDCA
GetDeviceCaps
DeleteObject
LineTo
SaveDC

advapi32

RegOpenKeyA
RegEnumValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
OpenProcessToken
RegQueryInfoKeyA
LookupPrivilegeValueA
RegEnumKeyA
RegSetValueExA
RegDeleteValueA
GetUserNameA
AdjustTokenPrivileges

shell32

ShellExecuteA

Sections

.text
Size: 276KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71de29e4d2a83548374f60741ffd0927

Headers

File Characteristics

Imports

winmm

wsock32

wininet

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 276KB - Virtual size: 274KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 48KB - Virtual size: 188KB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 8KB - Virtual size: 6KB

.reloc Size: 20KB - Virtual size: 16KB

.text
Size: 276KB - Virtual size: 274KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 48KB - Virtual size: 188KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 20KB - Virtual size: 16KB