ea48d90150e1a752fbcfcf1fef6e3260N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ea48d90150e1a752fbcfcf1fef6e3260N.exe
Size

1.6MB
MD5

ea48d90150e1a752fbcfcf1fef6e3260
SHA1

50f5c754050e70866f4409a51c2fe35cd7241b44
SHA256

d44a2b42fde45b06644c7c0bc830aa8fdd16615b8e9cd7ba2a55115d344bffac
SHA512

d44c8073343688eef3e55b80efbc9f504e9792b11b58c31169bcb3f0aa10cc8c680395a56a1dc365d36393f4984b18a0fde938479497b5e0c5024c2bfac89972
SSDEEP

24576:/65CkAKLY1ZQWEHTviCal7hmAUA/JVjrEH7Gb:/ACv216HlgAUA/Jnb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea48d90150e1a752fbcfcf1fef6e3260N.exe

Files

ea48d90150e1a752fbcfcf1fef6e3260N.exe
.exe windows:4 windows x86 arch:x86

ff4e581887fa7bae3ddc888835f3aeb1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostname
gethostbyname
recv
WSAStartup
socket
WSAGetLastError
inet_addr
send
getsockname
getpeername
getsockopt
setsockopt
accept
listen
ioctlsocket
connect
htons
htonl
bind
shutdown
closesocket
WSACleanup

winmm

timeSetEvent
timeGetTime
PlaySoundA
timeKillEvent

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

userenv

ExpandEnvironmentStringsForUserA
DestroyEnvironmentBlock
CreateEnvironmentBlock

kernel32

SetEvent
OpenEventA
GetExitCodeProcess
CreateEventA
OutputDebugStringA
SetCurrentDirectoryA
ResumeThread
CreateThread
CompareFileTime
GetFileTime
GetFileSize
CreateFileA
MoveFileExA
SetFileAttributesA
GetFileAttributesA
GetSystemTime
SetFilePointer
CreateDirectoryA
SetErrorMode
SetFileTime
SystemTimeToFileTime
FlushFileBuffers
SetEndOfFile
MoveFileA
GetDriveTypeA
GetLogicalDriveStringsA
FileTimeToSystemTime
SetThreadPriority
GetCurrentThread
GlobalUnlock
GlobalLock
GlobalAlloc
TerminateProcess
CreateProcessA
SetProcessShutdownParameters
GetLocalTime
TerminateThread
ResetEvent
WaitForMultipleObjects
LockResource
LoadResource
SizeofResource
FindResourceA
WriteConsoleA
GetStdHandle
Process32Next
AllocConsole
GlobalDeleteAtom
CreateToolhelp32Snapshot
GlobalAddAtomA
GlobalFree
HeapSize
ExitThread
PeekNamedPipe
GetFileInformationByHandle
GetCurrentDirectoryA
SetEnvironmentVariableA
GetCPInfo
HeapReAlloc
GetTimeZoneInformation
InterlockedDecrement
InterlockedIncrement
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetCommandLineA
SetStdHandle
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
RaiseException
TlsAlloc
DuplicateHandle
TlsSetValue
TlsFree
TlsGetValue
CreateSemaphoreA
ReleaseSemaphore
GetFileType
lstrcatA
lstrcmpiA
lstrcpynA
InterlockedExchange
GetProcessHeap
HeapAlloc
HeapFree
SetVolumeLabelA
DosDateTimeToFileTime
GetLocaleInfoA
GetFullPathNameA
GetVolumeInformationA
FileTimeToLocalFileTime
LocalFileTimeToFileTime
lstrcpyA
GlobalGetAtomNameA
Process32First
GetVersionExA
GetSystemDirectoryW
lstrcatW
LoadLibraryW
CreateFileW
WaitNamedPipeW
GetCurrentProcessId
WriteFile
Sleep
ReadFile
MultiByteToWideChar
SetLastError
GetStringTypeA
GetStringTypeW
LCMapStringW
HeapDestroy
HeapCreate
ReleaseMutex
CreateMutexA
WaitForSingleObject
UnmapViewOfFile
OpenFileMappingA
MapViewOfFile
CreateFileMappingA
WritePrivateProfileSectionA
WritePrivateProfileStructA
GetPrivateProfileStructA
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
OpenProcess
CloseHandle
WinExec
GetLastError
GetComputerNameA
GetVersion
GetSystemInfo
lstrlenA
GetTempPathA
CopyFileA
FreeLibrary
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
WideCharToMultiByte
EnterCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcess
GetProcessTimes
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetTickCount
GetCurrentThreadId
LoadLibraryA
GetProcAddress
GetModuleFileNameA
GetModuleHandleA
MulDiv
VirtualFree
VirtualAlloc
SetHandleCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetConsoleOutputCP
WriteConsoleW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetEnvironmentVariableW
GetLocaleInfoW
CompareStringA
CompareStringW
GetACP
GetOEMCP
LCMapStringA
FormatMessageA
RemoveDirectoryA

user32

LoadMenuA
GetSubMenu
SetMenuDefaultItem
TrackPopupMenu
GetMenuItemID
EnableMenuItem
RemoveMenu
EnableWindow
GetKeyState
VkKeyScanA
ToAscii
GetAsyncKeyState
MapVirtualKeyA
SetRect
IsIconic
SetClipboardViewer
PeekMessageA
WaitMessage
ChangeClipboardChain
DestroyWindow
GetClipboardOwner
GetClipboardData
PostThreadMessageA
DestroyMenu
WindowFromPoint
EnumWindows
WaitForInputIdle
IsWindowVisible
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindow
GetWindowTextA
OpenDesktopA
EnumDesktopWindows
GetClassNameA
GetUpdateRect
BeginPaint
IntersectRect
DrawIconEx
EndPaint
DestroyIcon
mouse_event
GetKeyboardState
keybd_event
SetDlgItemInt
CheckDlgButton
IsDlgButtonChecked
GetDlgItemInt
ExitWindowsEx
RegisterWindowMessageA
GetProcessWindowStation
SetActiveWindow
MessageBeep
GetDesktopWindow
ChangeDisplaySettingsExA
GetIconInfo
EnumDisplaySettingsA
PostMessageA
DialogBoxParamA
EndDialog
SetWindowTextA
LoadStringA
GetWindowRect
InvalidateRect
GetDlgItemTextA
SetFocus
GetCursorPos
ScreenToClient
SetCursor
SetCapture
GetCaretBlinkTime
SetCaretBlinkTime
ReleaseCapture
MoveWindow
CallWindowProcA
GetParent
GetClientRect
SetDlgItemTextA
GetScrollInfo
GetDlgItem
SendDlgItemMessageA
SetForegroundWindow
wsprintfA
FindWindowA
GetWindowThreadProcessId
SystemParametersInfoA
MessageBoxA
GetForegroundWindow
SendMessageA
OpenInputDesktop
GetThreadDesktop
GetUserObjectInformationA
SetThreadDesktop
GetMessageA
TranslateMessage
DispatchMessageA
CloseDesktop
LoadIconA
LoadCursorA
RegisterClassExA
AdjustWindowRect
CreateWindowExA
GetWindowLongA
SetWindowLongA
ShowWindow
KillTimer
PostQuitMessage
SetTimer
DefWindowProcA
SetWindowPos
IsRectEmpty
LoadImageA
GetDC
GetSystemMetrics
ReleaseDC
OemToCharA
CharToOemA
wvsprintfA
FlashWindow

gdi32

GetBitmapBits
SelectPalette
RealizePalette
SetDIBColorTable
GdiFlush
CreateDIBSection
CreateCompatibleBitmap
GetDeviceCaps
GetPixel
GetObjectA
CreateFontIndirectA
BitBlt
ExtEscape
GetSystemPaletteEntries
SetROP2
MoveToEx
LineTo
GetRegionData
GetRgnBox
OffsetRgn
SetRectRgn
CombineRgn
CreateRectRgn
GetClipBox
DeleteDC
GetDIBits
CreateDCA
DeleteObject
StretchBlt
PatBlt
SelectObject
CreateSolidBrush
CreateCompatibleDC
CreatePalette
SetBkMode
GetStockObject

advapi32

CreateServiceA
GetSecurityDescriptorLength
GetSecurityDescriptorControl
GetKernelObjectSecurity
SetKernelObjectSecurity
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
IsValidAcl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
IsValidSid
GetSecurityDescriptorGroup
CloseServiceHandle
GetUserNameA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenSCManagerA
RegSetValueExA
CreateProcessAsUserA
LookupAccountSidA
RegCreateKeyA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
OpenServiceA
QueryServiceStatus
DeleteService
RegCreateKeyExA
SetServiceStatus
DuplicateTokenEx
SetTokenInformation
LookupPrivilegeValueA
AdjustTokenPrivileges
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
ImpersonateLoggedOnUser
RevertToSelf
OpenProcessToken

shell32

SHAppBarMessage
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHFileOperationA
ShellExecuteA
ShellExecuteExA
Shell_NotifyIconA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

msvfw32

ord2

avifil32

AVIFileInit
AVIFileOpenA
AVIStreamWrite
AVIFileCreateStreamA
AVISaveOptions
AVISaveOptionsFree
AVIMakeCompressedStream
AVIStreamSetFormat
AVIStreamRelease
AVIFileRelease
AVIFileExit

imm32

ImmGetDefaultIMEWnd

Sections

.text
Size: 628KB - Virtual size: 626KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 796KB - Virtual size: 794KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff4e581887fa7bae3ddc888835f3aeb1

Headers

File Characteristics

Imports

wsock32

winmm

version

userenv

kernel32

user32

gdi32

advapi32

shell32

ole32

msvfw32

avifil32

imm32

Sections

.text Size: 628KB - Virtual size: 626KB

.rdata Size: 120KB - Virtual size: 116KB

.data Size: 16KB - Virtual size: 440KB

.rsrc Size: 796KB - Virtual size: 794KB

.text
Size: 628KB - Virtual size: 626KB

.rdata
Size: 120KB - Virtual size: 116KB

.data
Size: 16KB - Virtual size: 440KB

.rsrc
Size: 796KB - Virtual size: 794KB