e52c7ee2e12c78f79dd30bdb02a7e1e0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

e52c7ee2e12c78f79dd30bdb02a7e1e0N.exe
Size

128KB
MD5

e52c7ee2e12c78f79dd30bdb02a7e1e0
SHA1

19d9915e89e84c9bb9e7f61eac8b0827e0036b23
SHA256

204fce7d9d970626371d8d20cd7be20cc2163bdb3fd1a649d628531a15c60bca
SHA512

6d8d8dd7ab3d1ae37b8a5cca76ec881116fb27ea789c427f1aa3150f9f5423e57349894a84bd4594141f75d57ebe696db9c900618a1b6ede6e82b60287917220
SSDEEP

3072:e7EDwoxqKMbGezpqCZjAQcu7sJcEUyOaeG30zVZtFPk3:eQEKs0CZEQcUxEUyOaeG3iF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e52c7ee2e12c78f79dd30bdb02a7e1e0N.exe

Files

e52c7ee2e12c78f79dd30bdb02a7e1e0N.exe
.dll regsvr32 windows:4 windows x86 arch:x86

21ad36a97e8dc35356021d0f41fb9309

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
GetSystemInfo
GetVersionExA
HeapCreate
WaitForSingleObject
OpenProcess
LeaveCriticalSection
EnterCriticalSection
lstrlenW
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
FlushInstructionCache
GetCurrentProcess
WideCharToMultiByte
SetFilePointer
InterlockedExchange
MultiByteToWideChar
GlobalFree
DisableThreadLibraryCalls
GetCurrentThreadId
GetProcAddress
LoadLibraryW
ExpandEnvironmentStringsW
MapViewOfFile
CreateFileMappingA
SetEndOfFile
GetTempPathA
OpenFileMappingA
UnmapViewOfFile
GetPrivateProfileStringA
GetPrivateProfileIntA
ExitProcess
GetModuleHandleA
Module32Next
Module32First
VirtualQuery
WriteProcessMemory
lstrcmpiA
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LocalFree
GetModuleFileNameA
GetCommandLineA
CreateThread
CreateEventA
GetLastError
GetLocalTime
CreateToolhelp32Snapshot
GetCurrentProcessId
Process32First
Process32Next
CreateProcessA
SetEvent
Sleep
TerminateThread
GetModuleFileNameW
CreateFileA
CloseHandle
WriteFile
DeleteFileA
GlobalAlloc

user32

GetSystemMetrics
PostMessageA
KillTimer
SetWindowLongA
MoveWindow
wvsprintfW
SendMessageA
EndDialog
BringWindowToTop
CreateWindowExA
SetTimer
GetDesktopWindow
ShowWindow
CallNextHookEx
UnhookWindowsHookEx
GetMessageA
TranslateMessage
DestroyWindow
SetWindowsHookExA
MessageBoxA
GetWindowThreadProcessId
wvsprintfA
DispatchMessageA
SetForegroundWindow

advapi32

CreateProcessAsUserA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegQueryInfoKeyW
RegOpenKeyExW
OpenProcessToken

shell32

ShellExecuteA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysFreeString
SysAllocString
VariantInit
LoadRegTypeLi
SysStringLen
VariantClear
DispCallFunc

atl

ord23
ord21
ord10
ord15
ord18
ord57
ord47
ord38
ord43
ord58
ord30
ord32
ord44
ord31
ord11
ord16

msvcp60

??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@IIABV?$allocator@G@1@@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ

iphlpapi

GetAdaptersInfo

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

msvcrt

_purecall
strlen
??2@YAPAXI@Z
memcmp
wcsncpy
memcpy
memset
strcpy
rand
srand
time
sprintf
_except_handler3
atoi
tolower
strcmp
toupper
wcscpy
wcslen
fclose
fread
ftell
fseek
fopen
free
__dllonexit
_onexit
_initterm
malloc
_adjust_fdiv
_itoa
_CxxThrowException
??1type_info@@UAE@XZ

ws2_32

inet_addr
htons
WSCWriteProviderOrder
WSCInstallProvider
send
gethostbyname
WSACleanup
WSAStartup
WSCEnumProtocols
htonl
socket
WSAGetLastError
connect
WSCDeinstallProvider
closesocket
recv
WSCGetProviderPath

wininet

FindNextUrlCacheEntryA
FindCloseUrlCache
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA

imagehlp

ImageDirectoryEntryToData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetYzInterface
WSPStartup

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21ad36a97e8dc35356021d0f41fb9309

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

atl

msvcp60

iphlpapi

version

msvcrt

ws2_32

wininet

imagehlp

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 79KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 12KB - Virtual size: 10KB

Shared Size: 4KB - Virtual size: 202B

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 12KB - Virtual size: 10KB

Shared
Size: 4KB - Virtual size: 202B

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 8KB - Virtual size: 7KB