56ca4c6dfbb27ca25143c3382a871660N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

56ca4c6dfbb27ca25143c3382a871660N.exe
Size

2.8MB
MD5

56ca4c6dfbb27ca25143c3382a871660
SHA1

7f6b37a01ac7fe31fc2c38e40158b2d097dca6c8
SHA256

489b3c0d7eac6c93a4959c802fa0030dcd654a0111840992e66e64f56664ce16
SHA512

e2ce3eddc2feeb7c480dee5b54d7e02c8c283687b6aecaf717abc320f3f1e037af05d3e2765051dffd8485568568decffe2c4b6631b50e839a35811394788bd2
SSDEEP

49152:dlsrCzOjRwwKvuOtKGZdNu1/cpv3iuYWLDZi2BsCjSQWcU/QNYcuPx4XMvvK9t:YrCof9ODNGc9NYWPI2ZtGHJ4XM3K9t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56ca4c6dfbb27ca25143c3382a871660N.exe

Files

56ca4c6dfbb27ca25143c3382a871660N.exe
.dll windows:5 windows x86 arch:x86

1e7c7e777e4513423e5886134e9f2f9b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

clusapi

ClusterCloseEnum

mprapi

MprAdminTransportGetInfo
MprInfoBlockSet
MprAdminMIBEntryGet
MprAdminMIBEntryCreate
MprAdminInterfaceTransportAdd

comctl32

DestroyPropertySheetPage
CreateStatusWindowW

winspool.drv

EnumPrinterDriversW
ReadPrinter
SetFormW

rpcrt4

UuidFromStringA
RpcBindingToStringBindingW
RpcServerInqBindings
NdrPointerFree
RpcServerRegisterIf2
NdrAsyncClientCall
I_RpcNegotiateTransferSyntax
RpcStringFreeW
RpcStringBindingParseW
RpcEpRegisterA
RpcServerUseProtseqW
RpcBindingFree
NdrOleAllocate

wintrust

CryptCATEnumerateCatAttr
WintrustGetDefaultForUsage
CryptCATAdminReleaseCatalogContext
WTHelperCertIsSelfSigned

winscard

SCardTransmit

wininet

SetUrlCacheEntryInfoW
GetUrlCacheEntryInfoA
SetUrlCacheEntryInfoA
InternetAutodialHangup

secur32

QuerySecurityPackageInfoW
InitializeSecurityContextA

version

VerFindFileW
VerQueryValueA

netapi32

NetGroupSetUsers
NetServerTransportDel

iphlpapi

NhpAllocateAndGetInterfaceInfoFromStack

esent

JetInit

shlwapi

StrNCatW
StrDupW
PathFileExistsA
PathIsRootA
UrlCanonicalizeW
UrlCompareW
StrCmpW
PathCanonicalizeA

pdh

PdhGetFormattedCounterValue

ws2_32

WSAGetLastError

urlmon

RevokeBindStatusCallback
URLDownloadToCacheFileW

advapi32

ChangeServiceConfigA
CreateProcessWithLogonW
InitiateSystemShutdownA
GetServiceDisplayNameA
SaferGetPolicyInformation
EqualPrefixSid
LogonUserW
SetServiceObjectSecurity
OpenSCManagerA
CheckTokenMembership
GetAuditedPermissionsFromAclW
DuplicateTokenEx
OpenProcessToken
RegFlushKey
CreatePrivateObjectSecurityEx
RegEnumValueW
AddAuditAccessObjectAce
SetServiceBits
CryptGenKey
RegEnumKeyW

ntdsapi

DsListSitesW

user32

GetClassInfoW
MonitorFromPoint
CreateDialogIndirectParamA
GetComboBoxInfo
SetDoubleClickTime
SendMessageCallbackW
SetWinEventHook
LookupIconIdFromDirectoryEx
IsMenu
OemKeyScan
UnregisterClassA
ValidateRect
DlgDirListComboBoxA
DefWindowProcA
GetWindow
SendDlgItemMessageA
RegisterClipboardFormatW
LoadImageW
GetScrollPos
AllowSetForegroundWindow
InsertMenuItemA
CharUpperBuffW
CharToOemBuffA
SetThreadDesktop
GetWindowModuleFileNameW
LookupIconIdFromDirectory
SetKeyboardState
UnpackDDElParam
TranslateMDISysAccel
CheckMenuItem
GetWindowLongW
CreateDialogParamA
SetMenuItemBitmaps
MsgWaitForMultipleObjects
DispatchMessageA
MapVirtualKeyExW
VkKeyScanA
UnregisterHotKey
GetIconInfo

setupapi

SetupDiGetDriverInfoDetailW
SetupDiSetClassInstallParamsW
SetupGetSourceInfoA
SetupTermDefaultQueueCallback
CM_Get_Device_ID_List_SizeW
SetupLogErrorA
SetupFindFirstLineW
SetupDiGetClassDescriptionExA
CM_Get_Device_ID_ListW
SetupDiInstallClassW
CM_Connect_MachineW
SetupDiOpenDeviceInfoW
CM_Get_Res_Des_Data

crypt32

CertAlgIdToOID
CertAddEncodedCRLToStore
CertGetIssuerCertificateFromStore
CryptMemRealloc
CryptHashCertificate
CryptQueryObject
CertOIDToAlgId
CertFindCRLInStore

msacm32

acmFormatTagDetailsW
acmFormatEnumW

kernel32

LoadLibraryA
GetConsoleCP
GetConsoleMode
VirtualFree
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
HeapReAlloc
SetStdHandle
GetLocaleInfoA
GetStringTypeA
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
RtlUnwind
ExitProcess
HeapFree
InitializeCriticalSectionAndSpinCount
Sleep
HeapAlloc
WriteFile
GetLastError
GetCurrentThreadId
SetLastError
TlsSetValue
GetProcAddress
GetModuleHandleW
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
GetStdHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetNumberOfConsoleInputEvents
LoadLibraryW
GetBinaryTypeA
GetModuleFileNameA
GetStringTypeW
GetDiskFreeSpaceExA
InitAtomTable
GetNumberFormatA
WritePrivateProfileStringA
GetCompressedFileSizeA
QueryPerformanceFrequency
SetLocaleInfoW
EnumTimeFormatsA
GetShortPathNameW
CreateFileA
FindNextVolumeMountPointW
GetCPInfo
VirtualAlloc
GetDiskFreeSpaceA
GetWindowsDirectoryW
TlsGetValue
GlobalAddAtomA
lstrcpynA
SetVolumeLabelW
SetDllDirectoryW
GlobalCompact
VirtualLock
BuildCommDCBA
TerminateProcess
BackupWrite
SetComputerNameExW
GetConsoleWindow
FreeEnvironmentStringsW
GetSystemWindowsDirectoryA
CloseHandle
GetExitCodeProcess
GetTimeZoneInformation
IsBadWritePtr
DeleteCriticalSection

shell32

SHGetFileInfoW
SHGetUnreadMailCountW
SHGetFolderPathA
DoEnvironmentSubstW
ExtractIconA

imm32

ImmRegisterWordW

ole32

OleGetClipboard
StgOpenStorageOnILockBytes
HMENU_UserUnmarshal
OleCreateFromFile
StringFromCLSID
HBITMAP_UserSize
StringFromGUID2
CreateAntiMoniker
CoQueryClientBlanket
GetHGlobalFromILockBytes
HDC_UserUnmarshal
StgSetTimes
HBITMAP_UserMarshal

comdlg32

ChooseColorW

winmm

mixerGetLineControlsW
midiOutCacheDrumPatches
midiOutGetDevCapsW
waveOutClose
mciSendStringA
mmioDescend
midiStreamProperty
mixerOpen
waveInGetNumDevs

oleaut32

LoadTypeLi
VarR8FromI4
VariantInit
BstrFromVector
QueryPathOfRegTypeLi
SysStringLen
SafeArrayRedim
SysAllocStringByteLen
SafeArrayAllocDescriptorEx
VarR4FromStr

gdi32

GetSystemPaletteUse
ExtEscape
AbortPath
PlgBlt
DeleteObject
CreateBrushIndirect
LPtoDP
GetMetaFileBitsEx
GetBitmapDimensionEx
GetViewportExtEx
SetBrushOrgEx
TranslateCharsetInfo
GetEnhMetaFilePaletteEntries
GetTextAlign
GetTextCharset
ResetDCW
GdiComment
GetNearestPaletteIndex
EnumFontsA
GetWindowExtEx
CombineRgn
GetPixel
FillPath
CreatePolyPolygonRgn

rasapi32

RasGetEntryPropertiesW
RasGetConnectStatusA
RasGetAutodialAddressA
RasSetCustomAuthDataW

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 188KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e7c7e777e4513423e5886134e9f2f9b

Headers

File Characteristics

Imports

clusapi

mprapi

comctl32

winspool.drv

rpcrt4

wintrust

winscard

wininet

secur32

version

netapi32

iphlpapi

esent

shlwapi

pdh

ws2_32

urlmon

advapi32

ntdsapi

user32

setupapi

crypt32

msacm32

kernel32

shell32

imm32

ole32

comdlg32

winmm

oleaut32

gdi32

rasapi32

Sections

.text Size: 68KB - Virtual size: 64KB

.qdata Size: 44KB - Virtual size: 42KB

.rdata Size: 2.4MB - Virtual size: 2.4MB

.data Size: 188KB - Virtual size: 193KB

.rsrc Size: 4KB - Virtual size: 888B

.reloc Size: 48KB - Virtual size: 45KB

.text
Size: 68KB - Virtual size: 64KB

.qdata
Size: 44KB - Virtual size: 42KB

.rdata
Size: 2.4MB - Virtual size: 2.4MB

.data
Size: 188KB - Virtual size: 193KB

.rsrc
Size: 4KB - Virtual size: 888B

.reloc
Size: 48KB - Virtual size: 45KB