af455133fa3d73f0e8bdbe4bce096030N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

af455133fa3d73f0e8bdbe4bce096030N.exe
Size

71KB
MD5

af455133fa3d73f0e8bdbe4bce096030
SHA1

50a1ed8833ba3a8233f33a2fd4b599dd7aa6ca32
SHA256

9ae8f73daf8b5d802e3821896cc019efcb29d9d98705120644785267f35c5b6a
SHA512

2c8f6c112748bb1b782cbb84ed24253a3d8def089f60eb602bf89aab8c8e910304203973cbcff60eb1dc98bca3cbf2dc2d259c707938683f1be36e8f61c8e6b1
SSDEEP

1536:4yJwFmB+jVTEkrmL/eT4ThGvDoBPcKdkii5G:fSJ/KL/eT4T8boBBdkc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af455133fa3d73f0e8bdbe4bce096030N.exe

Files

af455133fa3d73f0e8bdbe4bce096030N.exe
.exe windows:5 windows x86 arch:x86

2ef98d303937b8d317d5ce3aea3e144e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
GetTickCount
GetLastError

trfo-2

TfReadFileIntoBuffer
TfFree
TfWriteBufferIntoFile
TfStrICmp

trch-1

Parameter_U32_getValue
Parameter_LocalFile_getValue
Parameter_Port_getValue
Parameter_IPv4_getValue
Params_findParameter
Parameter_S16_getValue
Params_findParamchoice
Paramchoice_getValue
Parameter_String_getValue

tucl-1

TcLog

ws2_32

inet_addr
inet_ntoa
htons

coli-0

mainWrapper
coli_setProcess
coli_setID
coli_setCleanup
coli_delete
coli_create
coli_setValidate

tibe-2

TbPutAlign
TbPutLong
TbPutBuff
TbWinsockStartup
TbFreeStructBuffers
TbFinishSocket
TbCleanSB
TbDoSmbPacket
TbMakeSmbHeader
TbPutTransact
TbPutShort
TbPutByte
TbSetRemoteSocketData
TbMakeSocket
TbSetAuthenticationData
TbDoSmbStartup
TbInitStruct

cnli-1

CNEString_strstr
CNEString_vsnprintf
byteSwapShort
CNEMem_cleanNClearNDestroyPointer
CNESocket_close
CNEMem_cleanNClear
CNESocket_send
CNESocket_recv
CNESocket_getOSError
CNESocket_create
byteSwapLong
CNE_allocateCleanMemoryFunc
CNEString_strlen
CNESystemWin_sleep
CNESocket_connect

xdvl-0

XDevLib_generateRandomSequence
XDevLib_xorMask

ssleay32

ord96
ord172
ord12
ord21
ord75
ord87
ord43
ord48
ord8
ord108
ord78
ord58
ord183

msvcrt

_controlfp
?terminate@@YAXXZ
_unlink
memset
memcpy
srand
memmove
__getmainargs
_cexit
_exit
_XcptFilter
exit
_initterm
_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2ef98d303937b8d317d5ce3aea3e144e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

trfo-2

trch-1

tucl-1

ws2_32

coli-0

tibe-2

cnli-1

xdvl-0

ssleay32

msvcrt

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 19KB - Virtual size: 20KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 29KB - Virtual size: 30KB

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 19KB - Virtual size: 20KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 29KB - Virtual size: 30KB