2759c319b32c0abeb5bff1772ee75b20N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2759c319b32c0abeb5bff1772ee75b20N.exe
Size

692KB
MD5

2759c319b32c0abeb5bff1772ee75b20
SHA1

e7a5bb667a2fa8123bfb27a9f950d03d03ca90e2
SHA256

ed844cc4ff33a9413ab63ea3ad01488e3fb3a6361d575b9709504ad53514828f
SHA512

7f87b583fe484ed9d0e9dd7c730caf6a8760e258ef0233860e88515f6efa5224b29aebe56c6d0f0c0555bc7a00a87677491c5db6fd4aa09de9be07873c80fd32
SSDEEP

12288:zUhOM9sFTVxQyoDrGjE9mpF/0TuHDF2QYJmz7NxVIZyIY/UDOoj/Q:zUhOM9sFTVxQyoDrGZFcTujF2QYIz7Ni

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2759c319b32c0abeb5bff1772ee75b20N.exe

Files

2759c319b32c0abeb5bff1772ee75b20N.exe
.dll windows:10 windows x64 arch:x64

719afa64b419045642a9fce9194ca339

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wsecedit.pdb

Imports

mfc42u

ord6614
ord6226
ord2328
ord2384
ord6767
ord6418
ord2371
ord6440
ord1778
ord5712
ord3535
ord3892
ord1033
ord2329
ord3180
ord2906
ord6351
ord337
ord3531
ord3911
ord1056
ord4523
ord3419
ord3397
ord4602
ord2902
ord4485
ord6738
ord655
ord1059
ord4582
ord1749
ord2393
ord4424
ord6102
ord2586
ord4741
ord3743
ord1774
ord6801
ord2425
ord2024
ord4543
ord2592
ord4746
ord3805
ord3774
ord310
ord826
ord4027
ord2922
ord5980
ord2898
ord567
ord1005
ord6543
ord6223
ord3872
ord3754
ord1043
ord629
ord599
ord6734
ord4481
ord2909
ord372
ord2518
ord3598
ord1035
ord3867
ord996
ord3894
ord1441
ord371
ord877
ord5602
ord3440
ord5807
ord1977
ord5905
ord464
ord5880
ord1658
ord4328
ord3256
ord6823
ord5912
ord4548
ord4721
ord663
ord1066
ord2753
ord4550
ord1123
ord6054
ord5066
ord5725
ord4599
ord3920
ord3652
ord1443
ord1830
ord4553
ord5226
ord5244
ord4720
ord5426
ord4968
ord5123
ord5083
ord4967
ord4996
ord5487
ord6531
ord6533
ord4131
ord4127
ord4130
ord3953
ord6612
ord4257
ord4262
ord6395
ord1124
ord2422
ord2023
ord4542
ord2589
ord4743
ord3751
ord832
ord2593
ord4747
ord3501
ord3806
ord912
ord6385
ord408
ord904
ord2106
ord4722
ord4699
ord1906
ord551
ord999
ord549
ord3517
ord3868
ord336
ord851
ord1646
ord6577
ord6238
ord2776
ord2461
ord613
ord1036
ord2133
ord6379
ord6455
ord6457
ord5990
ord1082
ord288
ord812
ord1544
ord1586
ord1555
ord1583
ord1585
ord355
ord1477
ord1553
ord1416
ord1491
ord1577
ord5245
ord5702
ord5229
ord3761
ord4217
ord6328
ord6147
ord5077
ord4557
ord624
ord339
ord2857
ord2801
ord621
ord1286
ord2845
ord2784
ord2859
ord6813
ord4836
ord2559
ord2515
ord6071
ord4191
ord1388
ord5615
ord2412
ord3468
ord5722
ord5724
ord4368
ord5065
ord5730
ord5711
ord6053
ord3534
ord4983
ord4770
ord3916
ord1426
ord2752
ord4214
ord1063
ord659
ord5584
ord5585
ord5583
ord5304
ord5114
ord5382
ord5352
ord5246
ord5709
ord5227
ord5687
ord5406
ord6437
ord4365
ord1777
ord4752
ord5663
ord2399
ord5586
ord6812
ord4694
ord4017
ord4789
ord2670
ord2060
ord6814
ord3933
ord5484
ord1736
ord5683
ord2140
ord5699
ord3049
ord3243
ord3362
ord4815
ord3231
ord3366
ord3052
ord3166
ord3046
ord4082
ord4083
ord4077
ord3164
ord4371
ord4988
ord4771
ord2049
ord5804
ord6821
ord4161
ord2459
ord2121
ord2876
ord6184
ord5815
ord6832
ord6880
ord1287
ord5979
ord2979
ord6050
ord2846
ord6632
ord4436
ord1442
ord1284
ord1264
ord2474
ord1657
ord1067
ord665
ord1259
ord1262
ord2411
ord6708
ord6705
ord6216
ord5887
ord1003
ord561
ord6021
ord2783
ord2676
ord1677
ord2975
ord2781
ord1498
ord2517
ord2457
ord1405
ord1463
ord1647
ord1537
ord2178
ord1479
ord1122
ord2629
ord3740
ord3790
ord2094
ord3830
ord286
ord1574
ord2427
ord2408
ord1499
ord2856
ord4521
ord287
ord4473
ord867
ord911
ord822
ord3177
ord2661
ord852
ord1126
ord620
ord626
ord1040
ord1949

msvcrt

malloc
_wtol
free
_wfindfirst
_findclose
wcsncpy_s
vswprintf_s
_wtoi
_wsetlocale
_snwprintf_s
_wchdir
_wfindnext
wcstoul
_vsnwprintf
wcsnlen
_callnewh
_wcslwr
wcschr
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
_XcptFilter
_amsg_exit
_initterm
_lock
_unlock
__C_specific_handler
__CxxFrameHandler4
__CxxFrameHandler3
_wcsnicmp
__dllonexit
_onexit
??1type_info@@UEAA@XZ
memcmp
__RTDynamicCast
wcscat_s
wcscpy_s
_wcsicmp
??0exception@@QEAA@AEBQEBD@Z
_purecall
?terminate@@YAXXZ
swprintf_s
memset

atl

ord21
ord16
ord32
ord15

kernel32

MultiByteToWideChar
SetFilePointer
ReadFile
WriteFile
CloseHandle
OutputDebugStringW
GetModuleHandleW
LoadLibraryExW
GetFileAttributesW
GlobalUnlock
GlobalLock
GetWindowsDirectoryW
GetTempPath2W
CompareStringW
LocalUnlock
LocalLock
lstrlenW
LocalAlloc
InitializeCriticalSection
FreeLibrary
FindClose
FindFirstFileW
FormatMessageW
SetCurrentDirectoryW
DeleteFileW
GlobalAlloc
DeleteCriticalSection
GlobalFree
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
lstrcmpW
LocalFree
GetProcAddress
LoadLibraryW
GetLastError
QueryActCtxW
DeactivateActCtx
FindActCtxSectionStringW
GetModuleFileNameW
OutputDebugStringA
GetModuleHandleExW
SetLastError
ActivateActCtx
CreateActCtxW
GetTempFileNameW
GetThreadUILanguage
ExpandEnvironmentStringsW
CreateFileW
GetCurrentThread
GetCurrentProcess
HeapAlloc
GetProcessHeap
HeapFree
GetUserDefaultLangID
FindResourceW
SizeofResource
LoadResource
LockResource
CreateDirectoryW
TryEnterCriticalSection
CreateThread
GetExitCodeThread
LocalReAlloc
GetConsoleOutputCP
WritePrivateProfileSectionW
WritePrivateProfileStringW
TlsSetValue
CreateEventW
SetEvent
Sleep
WaitForSingleObject
WideCharToMultiByte
CreateProcessW
CopyFileW
GetVersionExW
FreeLibraryAndExitThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
GetSystemWindowsDirectoryW
DelayLoadFailureHook
ReleaseActCtx
ResolveDelayLoadedAPI

user32

CreateWindowExW
GetWindowRect
IsWindowVisible
GetDlgItem
GetParent
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
LoadIconW
EnableWindow
SendMessageW
SetWindowTextW
CloseClipboard
IsClipboardFormatAvailable
OpenClipboard
LoadImageW
PostThreadMessageW
RegisterClipboardFormatW
MessageBoxW
LoadStringW
DrawTextW
DestroyIcon
RedrawWindow
SetClipboardData
EmptyClipboard
SetCursor
SendDlgItemMessageW
DrawFocusRect
GetSysColor
GetSysColorBrush
FrameRect
InflateRect
SetScrollRange
MoveWindow
DestroyWindow
SetWindowLongPtrW
SetWindowPos
GetSystemMetrics
GetClientRect
SetScrollInfo
ChildWindowFromPointEx
GetWindowLongW
ScrollWindow
SetScrollPos
GetScrollInfo
DefWindowProcW
SetFocus
GetFocus
GetWindowLongPtrW
GetDlgCtrlID
MapWindowPoints
GetMessagePos
IsWindowEnabled
MapDialogRect
RegisterClassW
LoadCursorW
ShowWindow
BringWindowToTop
WinHelpW
ReleaseDC
GetDC
PostMessageW
SystemParametersInfoW
GetWindow
IsWindow
PtInRect

oleaut32

SysFreeString
SafeArrayGetElement
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
VariantInit
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocString

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoSetProxyBlanket
CoTaskMemFree
CreateStreamOnHGlobal
ReleaseStgMedium
CoTaskMemAlloc
StringFromCLSID

advapi32

RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
IsTextUnicode
RegQueryValueExW
LookupPrivilegeDisplayNameW
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD
RegQueryInfoKeyW
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
LookupAccountNameW
ConvertSidToStringSidW
CreateWellKnownSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
IsValidSecurityDescriptor
LookupAccountSidW
LsaOpenPolicy
LsaQueryInformationPolicy
GetLengthSid
CopySid
LsaFreeMemory
LsaClose
IsValidSid
AddAccessAllowedAce
MakeAbsoluteSD
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetAce
GetSecurityDescriptorGroup
SetSecurityDescriptorGroup
InitializeAcl
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
MapGenericMask
LsaLookupSids
GetSidSubAuthority
GetSidIdentifierAuthority
GetSidSubAuthorityCount

gdi32

SetTextColor
SetBkColor
SetMapMode
GetTextColor
GetBkColor
CreateFontIndirectW
DeleteObject
GetTextExtentPoint32W
SelectObject
SetBkMode

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetFolderPathW
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW

shlwapi

StrToIntW
ord487
ord439

scecli

SceFreeMemory
SceLookupPrivRightName
SceCreateDirectory
SceWriteSecurityProfileInfo
SceAddToNameStatusList
SceOpenProfile
SceSvcConvertTextToSD
SceAnalyzeSystem
SceConfigureSystem
SceGetServerProductType
SceUpdateObjectInfo
SceAddToNameList
SceSvcGetInformationTemplate
SceSvcQueryInfo
SceSvcFree
SceUpdateSecurityProfile
SceSvcUpdateInfo
SceSvcSetInformationTemplate
SceCompareNameList
SceEnumerateServices
SceCompareSecurityDescriptors
SceGetObjectSecurity
SceCopyBaseProfile
SceAppendSecurityProfileInfo
SceRollbackTransaction
SceCommitTransaction
SceStartTransaction
SceCloseProfile
SceGetSecurityProfileInfo
SceFreeProfileMemory
SceGetObjectChildren
SceGetScpProfileDescription

netutils

NetApiBufferFree

logoncli

DsGetDcNameW

setupapi

SetupGetLineTextW
SetupFindFirstLineW
SetupOpenInfFileW
SetupFindNextLine
SetupCloseInfFile

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
InvokeCAPEACLEditor
TranslateAceMasksAndCondition

Sections

.text
Size: 396KB - Virtual size: 395KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

719afa64b419045642a9fce9194ca339

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

atl

kernel32

user32

oleaut32

ole32

advapi32

gdi32

shell32

shlwapi

scecli

netutils

logoncli

setupapi

version

Exports

Exports

Sections

.text Size: 396KB - Virtual size: 395KB

.rdata Size: 200KB - Virtual size: 199KB

.data Size: 48KB - Virtual size: 61KB

.pdata Size: 16KB - Virtual size: 14KB

.didat Size: 4KB - Virtual size: 16B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 20KB - Virtual size: 17KB

.text
Size: 396KB - Virtual size: 395KB

.rdata
Size: 200KB - Virtual size: 199KB

.data
Size: 48KB - Virtual size: 61KB

.pdata
Size: 16KB - Virtual size: 14KB

.didat
Size: 4KB - Virtual size: 16B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 20KB - Virtual size: 17KB