44c649b4bc27155845f3c4fc7009e9d0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

44c649b4bc27155845f3c4fc7009e9d0N.exe
Size

261KB
MD5

44c649b4bc27155845f3c4fc7009e9d0
SHA1

4bb86b1ea7541b7f5cf3fb195a29be1dc46186a1
SHA256

685f949e464bbb870ee4ba02d1229035f6e3f191c660c45f71ca1e9abd83d828
SHA512

1fd79ecc85038dfbac187f5d229489d6eb1ce032a886fb08573d0b1a01b31fb23fd65e521dbae3d5d2ca9ac25908eced5f694bb775d18d53b82a42c1a98864df
SSDEEP

6144:ntAqAz6Hgq5EzPB4uyCECQnwjt7GUvd76Q3/NpnTt6WQtzLSM4APCzMQ:nrAeHgqWB49CYkGxQ3/NtBLozuM4APC7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44c649b4bc27155845f3c4fc7009e9d0N.exe

Files

44c649b4bc27155845f3c4fc7009e9d0N.exe
.exe windows:6 windows x64 arch:x64

d38722a7832d0dc464dbb221ca7d7265

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\notepad2\notepad2\build\bin\Release\x64\metapath.pdb

Imports

comctl32

InitCommonControlsEx
ord412
ImageList_Destroy
ImageList_Create
ImageList_AddMasked
PropertySheetW
ord410
ord413
CreateStatusWindowW

shlwapi

PathUnquoteSpacesW
PathIsDirectoryW
PathMatchSpecW
PathIsRelativeW
StrTrimW
PathAddBackslashW
SHAutoComplete
StrStrIW
PathFindFileNameW
StrCatBuffW
StrChrW
StrRetToBufW
PathRenameExtensionW
StrRChrW
StrFormatByteSizeW
PathCompactPathExW
StrStrW
PathCommonPrefixW
PathFindExtensionW
PathCanonicalizeW
PathIsRootW
PathUnExpandEnvStringsW
PathIsPrefixW
PathRelativePathToW
StrDupW
PathRemoveFileSpecW
PathCombineW
PathAppendW
PathIsSameRootW
PathRemoveBackslashW
PathQuoteSpacesW

psapi

EnumProcessModules
GetModuleFileNameExW

uxtheme

GetThemeSysFont
IsAppThemed
CloseThemeData
OpenThemeData
SetWindowTheme

kernel32

GetFileType
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetModuleHandleExW
TerminateProcess
ExitProcess
GetStdHandle
WritePrivateProfileStringW
HeapFree
lstrcpynW
GetShortPathNameW
GetModuleFileNameW
GetPrivateProfileSectionW
GetFileAttributesW
GetVersionExW
GetSystemDirectoryW
HeapSize
SetFileAttributesW
GetPrivateProfileStringW
lstrcatW
GetNativeSystemInfo
HeapAlloc
GetCurrentDirectoryW
lstrcpyW
WritePrivateProfileSectionW
CompareStringOrdinal
WaitForSingleObject
GlobalAlloc
GlobalFree
CreateThread
SizeofResource
SearchPathW
GetFullPathNameW
GetCurrentProcess
lstrlenW
ExpandEnvironmentStringsW
GetFinalPathNameByHandleW
GetLocaleInfoEx
CreateFileW
GetPrivateProfileSectionNamesW
OpenProcess
CreateEventW
GlobalSize
SetEvent
LockResource
CloseHandle
ResetEvent
LoadResource
FindResourceW
GetWindowsDirectoryW
GetProcAddress
GlobalLock
LocalFree
GetModuleHandleW
GlobalUnlock
MulDiv
CreateDirectoryW
GetFileSizeEx
GetCommandLineW
WriteFile
SetErrorMode
FindFirstChangeNotificationW
GetFileAttributesExW
FileTimeToSystemTime
FindCloseChangeNotification
FileTimeToLocalFileTime
FindNextChangeNotification
SetCurrentDirectoryW
GetTimeFormatW
GetProcessHeap
CopyFileW
GetDateFormatW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
SetLastError
GetLastError
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetStringTypeW
GetConsoleMode
SetFilePointerEx
WriteConsoleW
FreeResource

user32

GetMessageTime
EnumWindows
SetMenuDefaultItem
SetWindowPlacement
SetMenuItemInfoW
SetTimer
OffsetRect
GetSubMenu
TrackPopupMenu
LoadAcceleratorsW
GetWindowPlacement
RegisterClassExW
UnregisterClassW
DeleteMenu
ShowOwnedPopups
MonitorFromWindow
CopyImage
EqualRect
IsWindowVisible
GetDC
GetFocus
ShowWindowAsync
LoadMenuW
GetKeyState
DefWindowProcW
GetMenuItemInfoW
GetMessageW
SetFocus
CheckMenuRadioItem
GetWindowRect
DestroyWindow
SetWindowPos
CheckRadioButton
MessageBoxExW
SetWindowLongPtrW
CreateWindowExW
SendMessageW
EndDialog
BringWindowToTop
MessageBeep
CreatePopupMenu
GetWindowLongPtrW
WindowFromPoint
DestroyCursor
LoadStringW
GetActiveWindow
ShowWindow
BeginDeferWindowPos
TranslateAcceleratorW
FindWindowW
CheckMenuItem
IsZoomed
KillTimer
PostQuitMessage
EnableMenuItem
RegisterWindowMessageW
UpdateWindow
IsIconic
ReleaseDC
GetWindowThreadProcessId
DrawAnimatedRects
DeferWindowPos
GetSystemMenu
AdjustWindowRectEx
GetWindow
FindWindowExW
MonitorFromRect
SetActiveWindow
GetSystemMetrics
OpenClipboard
DispatchMessageW
RedrawWindow
DdeCreateStringHandleW
DdeConnect
GetMonitorInfoW
wvsprintfW
DestroyIcon
GetDlgCtrlID
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
GetSysColor
IsWindowEnabled
IsDlgButtonChecked
DestroyMenu
GetMenuStringW
LoadIconW
LoadCursorW
GetClassNameW
SetCapture
EndDeferWindowPos
SetCursor
wsprintfW
TrackPopupMenuEx
GetComboBoxInfo
GetDlgItem
AppendMenuW
CheckDlgButton
GetParent
ReleaseCapture
InvalidateRect
ChildWindowFromPoint
GetCursorPos
EnableWindow
GetWindowTextW
CloseClipboard
EmptyClipboard
PeekMessageW
MapWindowPoints
DdeInitializeW
DdeUninitialize
DialogBoxIndirectParamW
DdeClientTransaction
PostMessageW
TranslateMessage
IntersectRect
InsertMenuW
SetClipboardData
SetWindowLongW
GetClientRect
SetRect
DdeDisconnect
SystemParametersInfoW
DdeFreeStringHandle
SetForegroundWindow
LoadImageW
SetCursorPos
GetPropW
RemovePropW
SetPropW
GetWindowLongW
SetWindowTextW
GetWindowTextLengthW
SetLayeredWindowAttributes

gdi32

DeleteObject
CreateSolidBrush
GetStockObject
GetObjectW
GetDeviceCaps
CreateFontIndirectW

comdlg32

GetOpenFileNameW
ChooseColorW
GetSaveFileNameW

advapi32

RegSetValueExW
RegDeleteTreeW
RegCreateKeyExW
RegCloseKey
GetTokenInformation
RegQueryValueExW
OpenProcessToken
RegOpenKeyExW

shell32

ShellExecuteExW
SHGetPathFromIDListW
SHGetDataFromIDListW
SHGetDesktopFolder
ord180
SHGetKnownFolderIDList
SHOpenFolderAndSelectItems
SHGetKnownFolderPath
ord190
DragQueryFileW
Shell_NotifyIconW
SHCreateDirectoryExW
SHBrowseForFolderW
SHFileOperationW
SHAppBarMessage
DragAcceptFiles
DragFinish
SHGetFileInfoW
ShellExecuteW

ole32

CoCreateInstance
DoDragDrop
CoTaskMemAlloc
CoTaskMemFree
OleUninitialize
OleInitialize

Sections

.text
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d38722a7832d0dc464dbb221ca7d7265

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

shlwapi

psapi

uxtheme

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 149KB - Virtual size: 148KB

.rdata Size: 57KB - Virtual size: 56KB

.data Size: 3KB - Virtual size: 17KB

.pdata Size: 6KB - Virtual size: 6KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 42KB - Virtual size: 41KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 149KB - Virtual size: 148KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 3KB - Virtual size: 17KB

.pdata
Size: 6KB - Virtual size: 6KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 42KB - Virtual size: 41KB

.reloc
Size: 2KB - Virtual size: 1KB