5833940b48ae45cdc1d50f52e734ee30N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

5833940b48ae45cdc1d50f52e734ee30N.exe
Size

170KB
MD5

5833940b48ae45cdc1d50f52e734ee30
SHA1

5da0f9294e1a62125f4c81740dde14d55cb4a4ae
SHA256

da804dbb1d81d69a84004c380b5cf42c3548e3bc32a09a8c1984ac31d956ae4f
SHA512

679f3bedd6bdf9844156f983f44650846bf77b9d977ec03059dcc4bd1b3e8cbcd3ee16bfd6daa46d5432c568af182e6acce897fdc54de91143b58e45ce33c95e
SSDEEP

3072:cJpOm5axh63laEo+pXX1pQD2UCohD8mxLCj+5cmeDye42L712xrpdJ8xLeb7Ur:iAm5oh63laEo+pXX1pkF8mxeq5+4m71/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5833940b48ae45cdc1d50f52e734ee30N.exe

Files

5833940b48ae45cdc1d50f52e734ee30N.exe
.exe windows:5 windows x86 arch:x86

ad8cfaedfc9fbc8b4528ded802c9cbd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
ReadFile
CreateMailslotA
SetEvent
CreateEventA
GetCurrentProcessId
GlobalLock
GlobalUnlock
LoadLibraryA
GetLogicalDrives
GetDiskFreeSpaceExA
CompareStringW
GetStringTypeW
HeapSize
GetTimeZoneInformation
GetProcessHeap
SetEndOfFile
FlushFileBuffers
WriteConsoleW
IsProcessorFeaturePresent
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreatePipe
GetFileAttributesA
LCMapStringW
CreateFileA
GetOEMCP
GetACP
GetComputerNameA
GetFileTime
GetDriveTypeA
SetFileTime
GetTickCount
OpenFile
IsDebuggerPresent
GetSystemTime
GetLocalTime
LocalFree
GetVersionExA
GetModuleHandleA
GlobalMemoryStatusEx
GlobalFree
GetProcAddress
GetLastError
GlobalAlloc
GetCurrentProcess
CreateThread
CreateToolhelp32Snapshot
GetModuleFileNameA
Process32Next
TerminateProcess
CreateProcessA
TerminateThread
OpenProcess
WaitForSingleObject
Process32First
SetErrorMode
EndUpdateResourceA
EnumResourceNamesA
LoadLibraryExA
BeginUpdateResourceA
LockResource
GetBinaryTypeA
UpdateResourceA
LoadResource
FreeLibrary
FreeResource
FindResourceA
OpenFileMappingA
CloseHandle
UnmapViewOfFile
MapViewOfFile
GetCPInfo
LoadLibraryW
CreateFileW
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleFileNameW
HeapCreate
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
SetFilePointer
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
IsValidCodePage
SetFileAttributesA
RtlUnwind
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
EncodePointer
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
GetCommandLineA
DuplicateHandle
GetFullPathNameA
GetDriveTypeW
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
CreateDirectoryA
GetSystemTimeAsFileTime
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileExA
HeapFree
HeapAlloc
HeapReAlloc
DeleteFileA
GetModuleHandleW
ExitProcess
DecodePointer
Sleep
MultiByteToWideChar
FindNextFileA

user32

GetWindowThreadProcessId
GetKeyboardLayout
GetWindowTextA
GetForegroundWindow
CallNextHookEx
GetKeyState
UnhookWindowsHookEx
DispatchMessageA
SetWindowsHookExA
EmptyClipboard
CloseClipboard
ReleaseDC
GetDC
MessageBoxA
IsWindowVisible
TranslateMessage
GetDesktopWindow
EnumWindows
GetWindowRect
SetClipboardData
OpenClipboard
GetMessageA
GetClipboardData

gdi32

CreateCompatibleBitmap
CreateDIBSection
BitBlt
DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC

advapi32

FreeSid
RegEnumKeyA
RegOpenKeyA
LookupAccountSidW
ConvertStringSidToSidA
OpenSCManagerA
StartServiceA
CreateServiceA
ChangeServiceConfig2A
DeleteService
CloseServiceHandle
OpenServiceA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CheckTokenMembership
SetSecurityDescriptorDacl
AllocateAndInitializeSid
GetTokenInformation
ConvertSidToStringSidA
OpenProcessToken
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetKernelObjectSecurity
InitializeSecurityDescriptor

shell32

ShellExecuteA

ole32

CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

VariantClear
VariantInit

shlwapi

SHDeleteKeyA

wininet

InternetReadFile
HttpOpenRequestA
InternetGetConnectedState
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetConnectA

winmm

mciSendStringA

wsock32

recv
htons
WSAStartup
connect
send
gethostbyname
closesocket
socket

iphlpapi

GetAdaptersInfo

gdiplus

GdiplusStartup
GdipSaveImageToFile
GdiplusShutdown
GdipGetImageEncodersSize
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders

mpr

WNetCloseEnum
WNetOpenEnumA
WNetEnumResourceA

netapi32

NetUserAdd
NetLocalGroupAddMembers

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad8cfaedfc9fbc8b4528ded802c9cbd0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

winmm

wsock32

iphlpapi

gdiplus

mpr

netapi32

Sections

.text Size: 127KB - Virtual size: 126KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 4KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 127KB - Virtual size: 126KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 4KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 10KB - Virtual size: 10KB