398cc1a7aaec5d0bf09041e156d29940N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

398cc1a7aaec5d0bf09041e156d29940N.exe
Size

5.2MB
MD5

398cc1a7aaec5d0bf09041e156d29940
SHA1

b526ac658f2c99e154e076209a40739a8ec276bc
SHA256

f5dab7c7b5e1382866bb8d70bb4cd05cd02b53f0957b67283aa8daebefc43d4c
SHA512

d7d0b8a10abe049944a1bb889c80718905ddce607246222a458cfda3ca6a3fd0427a5fdfeb243f15645800acb014f95a8840f8de38443f411331b310dbb04673
SSDEEP

49152:cOaxovnvtnapZYl4gd6iWSk1SsOp82LYDI+REph/JGyJtKQyt+HvlgHUbUXYSAlj:cugZOZ4nREVtlEXYv4I0tXlGxOHc9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
398cc1a7aaec5d0bf09041e156d29940N.exe

Files

398cc1a7aaec5d0bf09041e156d29940N.exe
.exe windows:6 windows x64 arch:x64

d08b912074c586c699e97218a409db6f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

affrayercalorizingDQ.pdb

Imports

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
WaitOnAddress
WakeByAddressAll

bcryptprimitives

ProcessPrng

ntdll

RtlPcToFileHeader
RtlNtStatusToDosError
NtCreateFile
RtlUnwindEx
NtCancelIoFileEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtReadFile
NtWriteFile
NtDeviceIoControlFile

kernel32

GetConsoleMode
MultiByteToWideChar
WriteConsoleW
GetModuleHandleA
GetProcAddress
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
GetCurrentDirectoryW
lstrlenW
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
CreateFileW
SetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
FlushFileBuffers
GetStdHandle
FindNextFileW
CreateDirectoryW
FindFirstFileW
SetLastError
GetCommandLineW
GetSystemInfo
GetCurrentThread
SetHandleInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
GetCurrentProcess
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
GetCurrentProcessId
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
CancelIo
ReadFile
ExitProcess
QueryPerformanceCounter
HeapAlloc
GetProcessHeap
WaitForSingleObjectEx
GetFinalPathNameByHandleW
CreateMutexA
SwitchToThread
WideCharToMultiByte
DeleteFileW
CopyFileExW
PostQueuedCompletionStatus
SetThreadStackGuarantee
AddVectoredExceptionHandler
Sleep
SetWaitableTimer
CreateWaitableTimerExW
GetExitCodeProcess
WaitForSingleObject
FindClose
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetLastError
GetSystemTimePreciseAsFileTime
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
FreeLibrary
SystemTimeToFileTime
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetQueuedCompletionStatusEx
CloseHandle
GetFileInformationByHandle
HeapFree
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
HeapReAlloc
ReleaseMutex
CreateIoCompletionPort
EncodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetFileCompletionNotificationModes
LoadLibraryA
SetFilePointerEx
LoadLibraryExW

oleaut32

SafeArrayGetLBound
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayAccessData
SysFreeString
VariantClear
SysAllocStringLen

crypt32

CertDuplicateStore
CertFreeCertificateContext
CertDuplicateCertificateContext
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CryptUnprotectData
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertDuplicateCertificateChain

advapi32

RegOpenKeyExW
AllocateAndInitializeSid
SystemFunction036
CheckTokenMembership
RegQueryValueExW
RegCloseKey
FreeSid

ws2_32

select
getsockopt
connect
WSAGetLastError
accept
getpeername
getsockname
listen
bind
ioctlsocket
WSAIoctl
WSASocketW
setsockopt
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
recv
send
WSASend
shutdown
closesocket
socket

rstrtmgr

RmRegisterResources
RmStartSession
RmGetList

ole32

CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance

user32

EnumDisplayMonitors
GetMonitorInfoW
EnumDisplaySettingsExW

gdi32

DeleteDC
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
StretchBlt
GetDIBits
GetObjectW
DeleteObject
CreateDCW

bcrypt

BCryptGenRandom

secur32

DeleteSecurityContext
FreeCredentialsHandle
EncryptMessage
InitializeSecurityContextW
FreeContextBuffer
AcquireCredentialsHandleA
AcceptSecurityContext
DecryptMessage
ApplyControlToken
QueryContextAttributesW

api-ms-win-crt-math-l1-1-0

pow
__setusermatherr
roundf
log
exp2f
ceil
_dclass
truncf

api-ms-win-crt-string-l1-1-0

strncmp
strcpy_s
wcsncmp
strlen
strcspn
strcmp

api-ms-win-crt-heap-l1-1-0

_set_new_mode
realloc
calloc
malloc
_msize
free

api-ms-win-crt-utility-l1-1-0

_rotl64
qsort

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_register_onexit_function
_initialize_onexit_table
_set_app_type
_beginthreadex
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_crt_atexit
exit
_exit
_register_thread_local_exe_atexit_callback
_c_exit
terminate
__p___argc
__p___argv
_endthreadex
_initterm_e
abort
_cexit

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d08b912074c586c699e97218a409db6f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

ntdll

kernel32

oleaut32

crypt32

advapi32

ws2_32

rstrtmgr

ole32

user32

gdi32

bcrypt

secur32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 24KB - Virtual size: 28KB

.pdata Size: 82KB - Virtual size: 82KB

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 24KB - Virtual size: 28KB

.pdata
Size: 82KB - Virtual size: 82KB

.reloc
Size: 32KB - Virtual size: 32KB