23db2d385ed7ebd1936c80a0b2221a10N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

23db2d385ed7ebd1936c80a0b2221a10N.exe
Size

3.5MB
MD5

23db2d385ed7ebd1936c80a0b2221a10
SHA1

4f5b0cfd5136cd6289b75dc19d967b0de9406638
SHA256

73eee914f555325afbba33a898a06dd869c4887b36b68730c4aa0d67f3464028
SHA512

c7038f15dd1f1a0934fc620214f553ce84d7f638907666e820cd56cbc0aabe231cf5fe4770332b3f966a7932e63bcbd94e18243a176ab704c6bcdaf8a55248fd
SSDEEP

49152:KiKzu65i7G8q7/RQaQfhW5au4dSuBqwCWEdwn6dH5zMIxwg16MXLZC1f815:K7IapiMTWBnazrxH16QLn15

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23db2d385ed7ebd1936c80a0b2221a10N.exe

Files

23db2d385ed7ebd1936c80a0b2221a10N.exe
.exe windows:4 windows x86 arch:x86

05273cf6db84bff1a23a8b0138091cc3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
wcsncmp
wcscmp
memmove
wcslen
wcscpy
wcscat
strlen
sprintf
malloc
free
_wstat
_wcsdup
strcmp
memcpy
_CIcos
_CIpow
_wfopen
_setjmp3
fclose
longjmp
strncpy
strcpy
_wcsicmp
tolower
floor
toupper
strstr
wcsncpy
_snwprintf
localtime
mktime
_wcsnicmp
_itow
gmtime
fseek
ftell
fread
pow
??3@YAXPAX@Z
wcsstr
_isnan
_close
calloc
_lseeki64
_errno
realloc
_snprintf
abort
_wopen
_setmode
exit
wcschr
_open_osfhandle
_strdup
setlocale
strrchr
strncmp
wctomb
_get_osfhandle
_open
mbstowcs
strchr
__p__iob
fprintf
fwrite
fflush
ferror
getenv
sscanf
strtol
strtoul
strerror
qsort
fopen
fputs
strpbrk
_access
_read
_write
atoi
memchr
fputc
fgets
strspn
strcspn
isupper
_msize
_beginthreadex
_endthreadex
_stati64
time
_ftime
_vsnwprintf
cos
fmod
sin
abs
ceil

kernel32

GetModuleHandleW
HeapCreate
CreateMutexW
GetLastError
HeapDestroy
ExitProcess
SetErrorMode
GetFileAttributesW
SetLastError
GetBinaryTypeW
GetTickCount
CreateToolhelp32Snapshot
Process32FirstW
CloseHandle
Process32NextW
GetLogicalDrives
GetDriveTypeW
OpenProcess
TerminateProcess
HeapAlloc
HeapFree
LoadLibraryW
GetProcAddress
GetCurrentProcessId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
CreateThread
GetCurrentThreadId
GetModuleFileNameW
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
CreateProcessW
GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
PeekNamedPipe
ReadFile
HeapReAlloc
WriteFile
CreateFileW
GetFileSize
DeleteFileW
TlsAlloc
TlsSetValue
TlsGetValue
FreeLibrary
MultiByteToWideChar
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemInfo
GlobalMemoryStatusEx
GetVersionExW
SetFilePointer
WideCharToMultiByte
MulDiv
FindFirstFileW
FindClose
SetCurrentDirectoryW
GetTempPathW
SetFileAttributesW
FindNextFileW
RemoveDirectoryW
CreateDirectoryW
CopyFileW
GetLocalTime
HeapSize
TlsFree
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetFileType
GetFileInformationByHandle
GetFileAttributesA
CreateFileA
GetExitCodeProcess
GetFullPathNameW
GetModuleHandleA
LoadLibraryA
GetSystemDirectoryA
VerSetConditionMask
VerifyVersionInfoA
SleepEx
ExpandEnvironmentStringsA
FormatMessageA
GetFileSizeEx
AreFileApisANSI
CreateFileMappingA
CreateFileMappingW
DeleteFileA
FlushFileBuffers
FormatMessageW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesExW
GetFullPathNameA
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetVersionExA
HeapValidate
HeapCompact
LocalFree
LockFile
LockFileEx
MapViewOfFile
SetEndOfFile
SystemTimeToFileTime
UnlockFile
UnlockFileEx
UnmapViewOfFile
WaitForSingleObjectEx
OutputDebugStringA
OutputDebugStringW
GetProcessHeap
FlushViewOfFile
TryEnterCriticalSection
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject

user32

SetWindowsHookExW
GetDesktopWindow
GetDC
ReleaseDC
GetForegroundWindow
GetWindowTextW
GetLastInputInfo
SendMessageW
FindWindowW
GetWindowTextLengthW
GetAsyncKeyState
GetKeyState
CallNextHookEx
GetWindow
SetActiveWindow
DestroyWindow
DestroyIcon
LoadIconW
LoadCursorW
GetPropW
RegisterClassW
AdjustWindowRectEx
CreateWindowExW
SetPropW
ShowWindow
UnregisterClassW
CreateAcceleratorTableW
PeekMessageW
MsgWaitForMultipleObjects
GetMessageW
GetActiveWindow
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DefFrameProcW
DefWindowProcW
GetParent
SetFocus
GetFocus
RemovePropW
DestroyAcceleratorTable
SetRect
GetWindowLongW
EnumChildWindows
PostMessageW
GetWindowRect
GetSystemMetrics
SetWindowPos
IsWindowEnabled
IsWindowVisible
GetWindowThreadProcessId
GetClassNameW
IsChild
SystemParametersInfoW
CallWindowProcW
SetWindowLongW
MessageBoxW
EnableWindow
EnumWindows
RegisterWindowMessageW
EnumDisplaySettingsW
FillRect
CharLowerW
GetIconInfo
DrawIconEx

gdi32

BitBlt
DeleteObject
GetDeviceCaps
GetStockObject
CreateFontIndirectW
CreateDCW
DeleteDC
GetObjectType
GetObjectW
CreateCompatibleDC
SelectObject
CreateSolidBrush
GdiGetBatchLimit
GdiSetBatchLimit
CreateDIBSection
CreateBitmap
SetPixel
GetDIBits
GetTextExtentPoint32W
SetBkMode
SetTextAlign
SetBkColor
SetTextColor
TextOutW
SetStretchBltMode
SetBrushOrgEx
StretchBlt
GetTextMetricsW
CreateCompatibleBitmap
GetPixel

advapi32

RegCreateKeyW
RegSetValueExW
RegCloseKey
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash

ole32

RevokeDragDrop
CoInitialize
CoTaskMemFree

shell32

ShellExecuteW
ord680
ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW

ws2_32

closesocket
WSACleanup
WSAStartup
gethostname
send
sendto
socket
inet_addr
gethostbyname
htons
bind
ioctlsocket
connect
select
__WSAFDIsSet
recvfrom
recv
WSAGetLastError
ntohs
WSASetLastError
getsockopt
setsockopt
getpeername
getsockname
WSAIoctl
getaddrinfo
freeaddrinfo
htonl
listen
accept
ntohl

crypt32

CertFreeCertificateContext
CertOpenStore
CryptStringToBinaryA
CertFindCertificateInStore
CertCloseStore
CertEnumCertificatesInStore
CertCreateCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateChain
CryptQueryObject
CertAddCertificateContextToStore
CertGetNameStringA

winmm

timeBeginPeriod

psapi

GetProcessMemoryInfo

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

comctl32

InitCommonControlsEx

Sections

.code
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 1.4MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

05273cf6db84bff1a23a8b0138091cc3

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

advapi32

ole32

shell32

ws2_32

crypt32

winmm

psapi

gdiplus

comctl32

Sections

.code Size: 67KB - Virtual size: 67KB

.text Size: 1.4MB - Virtual size: 1.3MB

.rdata Size: 154KB - Virtual size: 154KB

.data Size: 1.9MB - Virtual size: 1.9MB

.code
Size: 67KB - Virtual size: 67KB

.text
Size: 1.4MB - Virtual size: 1.3MB

.rdata
Size: 154KB - Virtual size: 154KB

.data
Size: 1.9MB - Virtual size: 1.9MB