50026f1ea23e9210b5409b83ad2a8990N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

50026f1ea23e9210b5409b83ad2a8990N.exe
Size

76KB
MD5

50026f1ea23e9210b5409b83ad2a8990
SHA1

7498d7165d6057e7c4fdd6d3185b93f57c54dbb4
SHA256

7e0e6a76c858f87e6ed1d7df4ce5a4b9d2ff0d51f26fa3e17895e57228263589
SHA512

10d492a7b769f9016d2964888487443653b5ad1721f757484f4015c5a4c2b9674fd5838c129cc96ad0da793385cac5504b89fcdcf66141768b1978004ce306f8
SSDEEP

1536:/i9JEN6eR0Bd96Bvw4TwfxJr2bN+G4rqspywTpj6Ryge8e8VMtWEQ:uJEwi0Bd96BI4TDKTpnTpj6Rux8VM0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
50026f1ea23e9210b5409b83ad2a8990N.exe

Files

50026f1ea23e9210b5409b83ad2a8990N.exe
.exe windows:6 windows x86 arch:x86

b92284996b58e51158ace38adf33ea37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

taskkill.pdb

Imports

advapi32

RegQueryValueExW
RegCloseKey
RegConnectRegistryW
LookupAccountSidW
CloseServiceHandle
EnumServicesStatusExW
OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

kernel32

InterlockedDecrement
CloseHandle
OpenProcess
TerminateProcess
GetExitCodeProcess
InterlockedIncrement
LocalAlloc
lstrlenW
FormatMessageW
WriteConsoleW
GetStdHandle
FreeLibrary
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
GetCurrentProcessId
GetCurrentProcess
GetComputerNameExW
GetCurrentThreadId
ReadFile
ReadConsoleW
ExitProcess
GetConsoleOutputCP
HeapReAlloc
HeapFree
HeapSize
HeapAlloc
GetProcessHeap
HeapValidate
WideCharToMultiByte
MultiByteToWideChar
CompareStringA
GetThreadLocale
CompareStringW
lstrlenA
GetFileType
GetConsoleMode
VerSetConditionMask
VerifyVersionInfoW
SetThreadUILanguage
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
LocalFree
GetLastError
SetLastError
SetConsoleMode
GetModuleFileNameW

msvcrt

_get_osfhandle
wcsstr
_fileno
_vsnwprintf
fflush
wcstod
wcstol
wcstok
_controlfp
_except_handler4_common
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_CxxThrowException
wcstoul
_errno
wcschr
_wtoi64
memcpy
_wcsicmp
wcsrchr
??2@YAPAXI@Z
free
_wcsdup
__iob_func
??3@YAXPAX@Z
memset
__CxxFrameHandler3
fprintf
_memicmp

ntdll

RtlLargeIntegerToChar
RtlTimeToElapsedTimeFields

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

user32

IsHungAppWindow
GetWindow
FindWindowExW
GetWindowThreadProcessId
GetWindowLongW
CharUpperW
LoadStringW
wsprintfW
PostMessageW
EnumWindowStationsW
GetProcessWindowStation
OpenWindowStationW
SetProcessWindowStation
CloseWindowStation
EnumDesktopsW
GetThreadDesktop
OpenDesktopW
SetThreadDesktop
CloseDesktop
EnumWindows
GetWindowTextW

mpr

WNetGetLastErrorW
WNetCancelConnection2W
WNetAddConnection2W

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize

oleaut32

VariantChangeType
SysAllocStringByteLen
SysAllocString
VariantCopy
SysStringLen
VariantClear
VariantInit
SysFreeString

secur32

GetUserNameExW

ws2_32

WSAGetLastError
WSAStartup
GetNameInfoW
WSACleanup
FreeAddrInfoW
GetAddrInfoW

framedynos

??4CHString@@QAEABV0@ABV0@@Z
??4CHString@@QAEABV0@PBG@Z
?ReleaseBuffer@CHString@@QAEXH@Z
?GetBufferSetLength@CHString@@QAEPAGH@Z
?GetBuffer@CHString@@QAEPAGH@Z
??4CHString@@QAEABV0@PBD@Z
?GetData@CHString@@IBEPAUCHStringData@@XZ
?Left@CHString@@QBE?AV1@H@Z
?Find@CHString@@QBEHG@Z
?FindOneOf@CHString@@QBEHPBG@Z
?Compare@CHString@@QBEHPBG@Z
?Empty@CHString@@QAEXXZ
?Mid@CHString@@QBE?AV1@HH@Z
?Find@CHString@@QBEHPBG@Z
??YCHString@@QAEABV0@PBG@Z
??0CHString@@QAE@XZ
?Format@CHString@@QAAXPBGZZ
??YCHString@@QAEABV0@ABV0@@Z
??1CHString@@QAE@XZ
?Mid@CHString@@QBE?AV1@H@Z

netapi32

NetApiBufferFree
NetServerGetInfo

dbghelp

EnumerateLoadedModulesW64

shlwapi

StrChrW
StrChrIW
StrStrW
StrStrIW

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

eynngkj
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b92284996b58e51158ace38adf33ea37

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ntdll

version

user32

mpr

ole32

oleaut32

secur32

ws2_32

framedynos

netapi32

dbghelp

shlwapi

Sections

.text Size: 68KB - Virtual size: 68KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 31KB

eynngkj Size: - Virtual size: 4KB

.text
Size: 68KB - Virtual size: 68KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 31KB

eynngkj
Size: - Virtual size: 4KB