cca934606910377ac4630816d11e6d70N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

cca934606910377ac4630816d11e6d70N.exe
Size

3.9MB
MD5

cca934606910377ac4630816d11e6d70
SHA1

880b07876aca8a362003280a2c82c9d8431d5c3f
SHA256

6b71558c1996dd7cc921dedf7b74084179dec49ad2aca881f74041496cc67ad5
SHA512

361f8bce23a9ae57e42627bd7cd776b99c40a0774fa70a2c340a1d12c6c2d869b04d9438a8f20d57eb542617d9e0ee000253ef6c590c33ec058e9100ce8ff2f9
SSDEEP

49152:wNlIBciRNuXuERr0xdRIAOChDJNaSks97KROdp2FUNe/RmP4OOZ5B0s8XgkmWuT2:wNlIB3RNIYGABDJNWOOd0TPmeRIL+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cca934606910377ac4630816d11e6d70N.exe

Files

cca934606910377ac4630816d11e6d70N.exe
.exe windows:5 windows x86 arch:x86

045a65f1f51e960bb83add92db4198fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Prog\CrashRptRail\bin\rail_crash_sender.pdb

Imports

kernel32

GetProcAddress
FreeLibrary
GetProcessTimes
FileTimeToSystemTime
GetSystemTime
GetFileAttributesW
GetCurrentThreadId
GetCommandLineW
CreateThread
GetCurrentProcess
ReadFile
WriteFile
CreateProcessW
GetFileInformationByHandle
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
TerminateProcess
DeleteFileW
RemoveDirectoryW
TerminateThread
Sleep
GetTickCount
RaiseException
DecodePointer
OutputDebugStringA
CreateDirectoryW
WritePrivateProfileStringW
GetModuleHandleExW
GetModuleFileNameW
GetTempPathW
GetPrivateProfileStringW
FormatMessageW
GetFileAttributesExW
GlobalAlloc
GlobalFree
SystemTimeToFileTime
GetModuleHandleW
SystemTimeToTzSpecificLocalTime
GetTempFileNameW
TryEnterCriticalSection
CreateMutexA
ReleaseMutex
OpenFileMappingW
UnmapViewOfFile
GetSystemInfo
CreateFileMappingW
MapViewOfFile
SetConsoleCtrlHandler
WriteConsoleW
GetModuleFileNameA
GetConsoleMode
GetConsoleCP
CreateProcessA
GetDriveTypeW
RtlUnwind
WaitForMultipleObjectsEx
TzSpecificLocalTimeToSystemTime
SetFileTime
CopyFileA
UnlockFileEx
LoadLibraryW
ReadProcessMemory
OpenProcess
FindClose
FindNextFileW
GetFileTime
FindFirstFileW
GetFileSizeEx
CreateFileW
MultiByteToWideChar
UnlockFile
LockFileEx
LockFile
GetFileSize
GetFileAttributesA
DeleteFileA
CreateFileA
CreateDirectoryA
CreateTimerQueue
UnregisterWaitEx
WaitForSingleObject
QueryDepthSList
InterlockedFlushSList
SetEvent
InterlockedPushEntrySList
LeaveCriticalSection
Module32First
Process32Next
Process32First
GetVersionExA
GetLocalTime
SetFilePointer
GenerateConsoleCtrlEvent
RtlCaptureStackBackTrace
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetProcessHeap
HeapSize
CreatePipe
GetExitCodeProcess
FlushFileBuffers
GetTimeZoneInformation
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
ReadConsoleW
GetACP
HeapReAlloc
MoveFileExW
GetCurrentDirectoryW
GetCurrentDirectoryA
SetCurrentDirectoryW
SetCurrentDirectoryA
SetEnvironmentVariableW
SetEnvironmentVariableA
GetFullPathNameA
GetFullPathNameW
HeapFree
HeapAlloc
SetConsoleMode
InterlockedPopEntrySList
ReleaseSemaphore
ReadConsoleInputA
PeekConsoleInputA
DuplicateHandle
GetNumberOfConsoleInputEvents
ResumeThread
ExitThread
SetProcessAffinityMask
ResetEvent
EnterCriticalSection
CloseHandle
CreateEventW
VirtualProtect
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
VirtualFree
VirtualAlloc
GetLastError
WideCharToMultiByte
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetStdHandle
InitializeCriticalSection
GetTempPathA
GetWindowsDirectoryA
GetComputerNameA
GetSystemTimeAsFileTime
GetModuleHandleA
GetFileType
SetLastError
FormatMessageA
SleepEx
VerifyVersionInfoA
GetSystemDirectoryA
LoadLibraryA
VerSetConditionMask
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
FindFirstFileA
FindNextFileA
GlobalMemoryStatus
QueryPerformanceCounter
FlushConsoleInputBuffer
IsDebuggerPresent
OutputDebugStringW
QueryPerformanceFrequency
FindFirstFileExW
GetDiskFreeSpaceExW
SetEndOfFile
SetFileAttributesW
SetFilePointerEx
CopyFileW
CreateHardLinkW
AreFileApisANSI
GetStringTypeW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
GetVersionExW
ExitProcess

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
UnregisterClassW
GetGuiResources
ReleaseDC
GetDC

shell32

SHGetFileInfoW
ExtractIconW
CommandLineToArgvW
SHGetSpecialFolderPathW
SHFileOperationW

ole32

CoCreateGuid
CoInitialize
CoCreateInstance
CoUninitialize

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
RegCloseKey
RegQueryValueExW
DeregisterEventSource
ReportEventA
RegisterEventSourceA
OpenProcessToken

ws2_32

freeaddrinfo
sendto
__WSAFDIsSet
bind
WSAIoctl
closesocket
WSASetLastError
getpeername
getsockname
socket
ntohs
connect
inet_addr
listen
accept
getaddrinfo
recvfrom
gethostname
getsockopt
htons
setsockopt
send
recv
WSAGetLastError
WSACleanup
WSAStartup
shutdown
getservbyname
ioctlsocket
gethostbyname
select
htonl
ntohl
inet_ntoa

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

GetProcessMemoryInfo

wldap32

ord143
ord60
ord41
ord33
ord79
ord200
ord27
ord26
ord46
ord22
ord301
ord211
ord35
ord30
ord50
ord32

normaliz

IdnToAscii
IdnToUnicode

gdi32

DeleteObject
GetDeviceCaps
GetDIBits
CreateCompatibleBitmap
GetObjectA

shlwapi

PathFileExistsW

iphlpapi

GetAdaptersInfo

winmm

timeGetDevCaps
timeKillEvent
timeSetEvent
timeBeginPeriod

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 654KB - Virtual size: 653KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 293KB - Virtual size: 382KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 203KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

045a65f1f51e960bb83add92db4198fa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ole32

advapi32

ws2_32

version

psapi

wldap32

normaliz

gdi32

shlwapi

iphlpapi

winmm

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 654KB - Virtual size: 653KB

.data Size: 293KB - Virtual size: 382KB

.gfids Size: 6KB - Virtual size: 5KB

.rsrc Size: 147KB - Virtual size: 146KB

.reloc Size: 203KB - Virtual size: 204KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 654KB - Virtual size: 653KB

.data
Size: 293KB - Virtual size: 382KB

.gfids
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 147KB - Virtual size: 146KB

.reloc
Size: 203KB - Virtual size: 204KB