a317295af2a628028a7581fc03e7dc10N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a317295af2a628028a7581fc03e7dc10N.exe
Size

1.3MB
MD5

a317295af2a628028a7581fc03e7dc10
SHA1

b537e0afa2841ee4c9fe4b148a53bfc3a0dc6f04
SHA256

75e08665bb475c516ec5110b80f8afaeb02c7d6604c949ba9ebf9f29b8d59e57
SHA512

8c299491b51145222ee03ed86b43fa9bff51d0a8b61505c3162539fdfb2e56a53460db979c612b41e0c5ace031f91ec63700e864ec8403f0f02d6cb0e135f9eb
SSDEEP

12288:OWQAfQ+fi2CrN0uHI3AqTevDN0FImbwQ2J3a3nWiOV7gD:O5AfYLH8AcevDN0FImbwQuq3Wia7gD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a317295af2a628028a7581fc03e7dc10N.exe

Files

a317295af2a628028a7581fc03e7dc10N.exe
.exe windows:6 windows x64 arch:x64

ef2a6b24aaedbaa7af3ee919fcdc75bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

z:\projects\libusb-win32-stage\ddk_make\output\amd64\install-filter.pdb

Imports

advapi32

AllocateAndInitializeSid
FreeSid
CheckTokenMembership
RegSetValueExA
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey

kernel32

Sleep
SizeofResource
CreateSemaphoreA
GetStdHandle
GetLastError
GetProcAddress
LoadLibraryA
LockResource
WriteFile
GetVersionExA
CloseHandle
LocalFree
GetVersion
FormatMessageA
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
WaitForSingleObject
GetCurrentProcess
LoadResource
FreeLibrary
FindResourceA
GetFullPathNameA
GetCommandLineW
GetModuleHandleA
UnhandledExceptionFilter

msvcrt

wcstombs
?terminate@@YAXXZ
memset
memcpy
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__getmainargs
_iob
_vsnprintf
fprintf
strncpy
memmove
_stricmp
_getch
_strdup
printf
_snprintf
strstr
malloc
_wcsnicmp
free
_strlwr
strncmp
sscanf
sprintf
_wcsicmp

setupapi

SetupDiGetClassDevsA
SetupFindFirstLineA
SetupDiSetDeviceRegistryPropertyA
CM_Get_DevNode_Status
SetupCloseInfFile
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiRemoveDevice
SetupOpenInfFileA
SetupDiGetDeviceRegistryPropertyA
SetupFindNextLine
CM_Get_Device_IDA
SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
SetupDiOpenDevRegKey
SetupGetStringFieldA

user32

GetDlgItem
GetSysColor
SendMessageA
GetWindowTextLengthA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ef2a6b24aaedbaa7af3ee919fcdc75bf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

setupapi

user32

Sections

.text Size: 33KB - Virtual size: 33KB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 1024B - Virtual size: 876B

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 1.2MB - Virtual size: 1.9MB

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 1024B - Virtual size: 876B

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 1.2MB - Virtual size: 1.9MB