5868ffc6824fcd8c99349ac108d4a7c0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

5868ffc6824fcd8c99349ac108d4a7c0N.exe
Size

3.0MB
MD5

5868ffc6824fcd8c99349ac108d4a7c0
SHA1

aa8e6ba7d6f0814f807341ef902d8c506ceb0337
SHA256

809de76a0ca300d3f7af1fa03ab11c47a3d3f39d958952c165431a734e41cb10
SHA512

b566185decf53b7aedbee4efaabf9fdc4aa724a4aa06e5b1c461da9b1b153b71e73d24095d991932dc95c2e0e6e44f1a851e806830bc1b15495a3caf9479774b
SSDEEP

49152:QnOanH4oc6/1/ErT8Ir9GKBuRNnfibUpf2GQqMIBqpiwIicS5ctb:QOadErwdKQRNnfi8PQ2SC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5868ffc6824fcd8c99349ac108d4a7c0N.exe

Files

5868ffc6824fcd8c99349ac108d4a7c0N.exe
.dll windows:5 windows x86 arch:x86

a9df321bc7c1acab2ebcb81be452b6c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHRegDuplicateHKey
PathQuoteSpacesW
SHRegSetPathW
StrCmpIW
PathIsRootA
StrFormatKBSizeA
StrNCatW
StrStrW
ChrCmpIA

shell32

ExtractAssociatedIconW
SHGetUnreadMailCountW
FindExecutableA
DoEnvironmentSubstW

wininet

InternetSetOptionW
InternetOpenUrlW
SetUrlCacheEntryInfoW
InternetAutodialHangup

winspool.drv

AddPrinterConnectionW
EnumPrintersW
DeviceCapabilitiesA

kernel32

GetStringTypeW
BackupWrite
EnumResourceLanguagesA
GlobalCompact
FileTimeToSystemTime
GetSystemWow64DirectoryW
GetSystemWindowsDirectoryA
DosDateTimeToFileTime
IsBadWritePtr
QueryInformationJobObject
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
GetCommandLineA
Process32Next
VerLanguageNameA
FillConsoleOutputCharacterA
ReadConsoleInputA
FreeEnvironmentStringsW
TlsGetValue
SetVolumeLabelW
VirtualFree
CopyFileExW
GetSystemDefaultUILanguage
GetModuleFileNameW
GetNumberFormatA
SetDllDirectoryW
GetDriveTypeA
GlobalGetAtomNameW
GlobalAddAtomA
FillConsoleOutputAttribute
UnlockFileEx
GetBinaryTypeA
GetVolumePathNamesForVolumeNameW
VirtualLock
GetConsoleScreenBufferInfo
SetFileTime
GetFileAttributesA
DeleteCriticalSection
GetCommModemStatus
BackupSeek
TlsSetValue
GetEnvironmentStrings
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileA
CloseHandle
HeapSize
GetTimeZoneInformation
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LoadLibraryA
InterlockedExchange
FreeLibrary
CompareStringA
CompareStringW
LoadLibraryW
SetUnhandledExceptionFilter
IsDebuggerPresent
SetConsoleCtrlHandler
WriteFile
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsAlloc
TlsFree
SetLastError
GetCurrentThreadId
GetLastError
VirtualAlloc
HeapDestroy
HeapCreate
HeapReAlloc
HeapAlloc
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
WideCharToMultiByte
RtlUnwind
FatalAppExitA
ExitProcess
GetCurrentThread
HeapFree
Sleep
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetEnvironmentVariableA

netapi32

NetGroupSetUsers
NetServerTransportDel

esent

JetInit

rpcrt4

RpcAsyncCompleteCall
RpcServerUseProtseqW
NdrOleAllocate
RpcEpRegisterA
NdrPointerFree
RpcStringBindingParseW
RpcServerInqBindings
NdrConformantStringBufferSize
RpcBindingInqAuthClientExW
I_RpcServerSetAddressChangeFn
RpcStringFreeW
UuidCreateNil
RpcMgmtEpEltInqDone

ws2_32

setsockopt

pdh

PdhParseCounterPathW

urlmon

CoInternetSetFeatureEnabled
RevokeBindStatusCallback

crypt32

CryptHashCertificate
CertFindCertificateInStore
CertAddCTLContextToStore
CertOIDToAlgId
CertFindSubjectInCTL
CertFindCRLInStore
CertDeleteCertificateFromStore
CertAddEncodedCRLToStore
CertAlgIdToOID

mprapi

MprConfigInterfaceEnum
MprInfoDuplicate
MprInfoBlockAdd
MprAdminMIBEntryCreate
MprAdminMIBEntryGet

gdi32

SwapBuffers
SetMapMode
RemoveFontResourceA
GetPixel
Rectangle
EnumFontsA
SetRectRgn
FlattenPath
GetDCOrgEx
TranslateCharsetInfo
GetWindowExtEx
FrameRgn
StrokePath
OffsetViewportOrgEx
FillPath
GetTextExtentExPointW
PlayEnhMetaFileRecord
GetCharWidth32W
PlayEnhMetaFile
CreatePolyPolygonRgn
GetTextCharset
CreateSolidBrush

imm32

ImmConfigureIMEW

setupapi

CM_Get_Device_ID_ListW
SetupFindNextLine
SetupGetStringFieldW
SetupOpenAppendInfFileW
SetupLogErrorA
SetupDiGetClassDescriptionExA
CM_Request_Device_Eject_ExW
SetupDiDrawMiniIcon
SetupQueryInfOriginalFileInformationW
CM_Get_Device_ID_List_SizeW
CM_Get_Res_Des_Data_Size_Ex
CM_Get_Parent
CM_Get_Res_Des_Data_Ex
SetupFindFirstLineW
SetupTermDefaultQueueCallback

winmm

mixerGetLineControlsW
SendDriverMessage
midiOutCacheDrumPatches
waveOutGetDevCapsW
waveInGetNumDevs
midiInOpen
mciSendStringA
waveOutClose
mmioDescend

clusapi

GetClusterFromResource

msacm32

acmStreamSize
acmFormatTagDetailsW

version

GetFileVersionInfoSizeW

oleaut32

VARIANT_UserSize
SafeArrayCreateVectorEx
VarDateFromCy
VarCyFromStr
VarR8FromDec
VarBoolFromR4
VarBoolFromI4
LoadTypeLi
SafeArrayLock
VarBstrFromDate

ntdsapi

DsQuoteRdnValueW

user32

EnableScrollBar
RegisterClipboardFormatW
UnhookWindowsHook
GetWindowModuleFileNameW
LookupIconIdFromDirectory
ActivateKeyboardLayout
GetScrollInfo
SendMessageA
BeginDeferWindowPos
ImpersonateDdeClientWindow
GetDC
wvsprintfW
ValidateRect
GetWindow
SetWinEventHook
VkKeyScanExA
UnpackDDElParam
CharNextW
IsWindowUnicode
GetKeyboardLayoutList
InflateRect
WinHelpA
TranslateMDISysAccel
SetMenuItemBitmaps
MessageBeep
LoadAcceleratorsW
SetMenuItemInfoW
CheckMenuItem
UnregisterClassA
CharUpperA
GetCursorInfo
DestroyWindow
CreateDesktopA
SendMessageCallbackW
RegisterWindowMessageA
GetMenuItemInfoA
ChangeDisplaySettingsW
CharUpperBuffW
IsCharLowerA

winscard

SCardListReaderGroupsW
SCardTransmit

advapi32

LogonUserW
QueryServiceObjectSecurity
CryptEncrypt
ImpersonateAnonymousToken
ControlService
ReadEncryptedFileRaw
BuildTrusteeWithObjectsAndSidW
OpenSCManagerA
RegEnumKeyW
GetSidSubAuthorityCount
CreatePrivateObjectSecurityEx
OpenServiceA
GetNumberOfEventLogRecords
SaferGetLevelInformation
OpenEncryptedFileRawW
RegEnumValueW
GetKernelObjectSecurity
RegisterServiceCtrlHandlerExW
GetServiceDisplayNameA
RegisterServiceCtrlHandlerExA
RegDisablePredefinedCache

iphlpapi

CreateIpForwardEntry

wintrust

CryptCATAdminRemoveCatalog
OpenPersonalTrustDBDialog
CryptCATCDFEnumMembers
WinVerifyTrust

rasapi32

RasSetCredentialsW
RasGetAutodialAddressA
RasGetCustomAuthDataW
RasSetCustomAuthDataW

comctl32

CreatePropertySheetPageA
DestroyPropertySheetPage

secur32

QuerySecurityPackageInfoW
InitializeSecurityContextA

comdlg32

ChooseFontA

ole32

OleDuplicateData
HWND_UserFree
HGLOBAL_UserUnmarshal
CoIsOle1Class
OleRegEnumVerbs
STGMEDIUM_UserSize
OleCreateLinkFromData
StgOpenStorageOnILockBytes
StgSetTimes
OleGetClipboard
CLIPFORMAT_UserUnmarshal
PropVariantClear
RegisterDragDrop
OleCreateFromFile

Sections

.text
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1020KB - Virtual size: 1018KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 504KB - Virtual size: 511KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt0
Size: 256KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

1Lyz2
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

2
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9df321bc7c1acab2ebcb81be452b6c6

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

shell32

wininet

winspool.drv

kernel32

netapi32

esent

rpcrt4

ws2_32

pdh

urlmon

crypt32

mprapi

gdi32

imm32

setupapi

winmm

clusapi

msacm32

version

oleaut32

ntdsapi

user32

winscard

advapi32

iphlpapi

wintrust

rasapi32

comctl32

secur32

comdlg32

ole32

Sections

.text Size: 120KB - Virtual size: 118KB

.qdata Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 1020KB - Virtual size: 1018KB

.data Size: 504KB - Virtual size: 511KB

.crt0 Size: 256KB - Virtual size: 253KB

1Lyz2 Size: 8KB - Virtual size: 4KB

2 Size: 4KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 108KB - Virtual size: 104KB

.text
Size: 120KB - Virtual size: 118KB

.qdata
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 1020KB - Virtual size: 1018KB

.data
Size: 504KB - Virtual size: 511KB

.crt0
Size: 256KB - Virtual size: 253KB

1Lyz2
Size: 8KB - Virtual size: 4KB

2
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 108KB - Virtual size: 104KB