48f89ab796512e992c102ff8725d24c0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

48f89ab796512e992c102ff8725d24c0N.exe
Size

460KB
MD5

48f89ab796512e992c102ff8725d24c0
SHA1

9036361fb22a02bdf7da16eb515fa60e4359e16b
SHA256

121d5c2fe9ddd0d558f7bc8e015907dbe5e5b97f58a85ed50aa01ceeffc88769
SHA512

ada77100bb85312e5b1010588ae7e354dcc86276b215dd018cc889a07a3721bf7f6f3fa2b0f616e8391a5961da2d54c8a90a5597e6c3b64ad7a1469f192edb9f
SSDEEP

12288:7ulkTN0odqnuGqnu5qnuVqnu7qnuEqnuY4uOZqnucqnuW:7uUNfd+uG+u5+uV+u7+uE+uY4uOZ+uc4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48f89ab796512e992c102ff8725d24c0N.exe

Files

48f89ab796512e992c102ff8725d24c0N.exe
.exe windows:4 windows x86 arch:x86

39ec60dfad123afaedcff1700683c46f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GetVolumeInformationA
GetVersionExA
GetCurrentProcess
CreateDirectoryA
LocalFree
LocalAlloc
GetCurrentThread
SizeofResource
LockResource
LoadResource
FindResourceA
SetCurrentDirectoryA
GetCurrentProcessId
CreateMutexA
ReleaseMutex
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
HeapSize
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
GetOEMCP
lstrcpynA
GetTempPathA
GetTempFileNameA
EnumResourceNamesA
GetModuleHandleA
ReadFile
SetFilePointer
GetVersion
lstrlenW
Sleep
WideCharToMultiByte
SetLastError
GetCurrentDirectoryA
lstrcatA
lstrcpyA
CopyFileA
SetFileAttributesA
CreateThread
WaitForSingleObject
TerminateThread
DeleteFileA
lstrcmpA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrlenA
MultiByteToWideChar
GetSystemDirectoryA
GetModuleFileNameA
GetPrivateProfileIntA
GetPrivateProfileStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetTickCount
CreateFileA
WriteFile
GetLastError
CloseHandle
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableA
GetStdHandle
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetStringTypeA
CompareStringW
CompareStringA
GetCPInfo
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
InterlockedIncrement
InterlockedDecrement
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetSystemTimeAsFileTime
GetCommandLineA
GetProcessHeap
GetStartupInfoA
LCMapStringA
LCMapStringW

user32

SendMessageA
LoadBitmapA
wsprintfA
GetDesktopWindow
BeginPaint
GetDlgItem
ShowWindow
LoadIconA
DialogBoxParamA
MessageBoxA
SetWindowTextA
GetDlgItemTextA
EndDialog
SetFocus
SetDlgItemTextA
EndPaint

gdi32

SelectObject
GetObjectA
BitBlt
DeleteObject
DeleteDC
CreateCompatibleDC

advapi32

RegOpenKeyExA
CreateServiceA
StartServiceA
DeleteService
OpenSCManagerA
CloseServiceHandle
OpenThreadToken
DuplicateToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
FreeSid
OpenProcessToken
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCloseKey
LookupAccountNameA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext

shell32

ShellExecuteA

ole32

CoTaskMemFree

oleaut32

SysAllocStringLen
SysAllocString
SysFreeString

wsock32

WSAGetLastError
ioctlsocket
inet_addr
gethostbyname
WSAStartup
gethostname

Sections

.text
Size: 184KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39ec60dfad123afaedcff1700683c46f

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wsock32

Sections

.text Size: 184KB - Virtual size: 182KB

.rdata Size: 64KB - Virtual size: 62KB

.data Size: 84KB - Virtual size: 90KB

.rsrc Size: 124KB - Virtual size: 122KB

.text
Size: 184KB - Virtual size: 182KB

.rdata
Size: 64KB - Virtual size: 62KB

.data
Size: 84KB - Virtual size: 90KB

.rsrc
Size: 124KB - Virtual size: 122KB