00a21d5983805aa4da3455153ad85160N[.]exe

General

Target

00a21d5983805aa4da3455153ad85160N.exe
Size

148KB
MD5

00a21d5983805aa4da3455153ad85160
SHA1

8ada80e12b0b81a72d95a2581a18f7cbdf90a73c
SHA256

2b778a0149c4c581de9beadc0b275ede4e16b2c37dbf9ae75a11cd6997be2696
SHA512

31efd807a3fa532462badb9c6464fdccec3fd32737b718c192a3229a07021e6dc8f3a183ef415cbf3587a8fce7acc50579346b44aecd3f64bc02cb81799a3bbd
SSDEEP

3072:5zBH2TYXcxuqL8OCPZP4ic8t6qTYHrzJfI9zpbo:5zp6YXcacjqyrz+zb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00a21d5983805aa4da3455153ad85160N.exe

Files

00a21d5983805aa4da3455153ad85160N.exe
.exe windows:4 windows x86 arch:x86

ca68714ad3db371c3ac6a11442ff458c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winhttp

WinHttpQueryAuthSchemes
WinHttpConnect
WinHttpCloseHandle
WinHttpCheckPlatform
WinHttpCrackUrl

wsnmp32

ord202
ord203
ord204
ord205
ord604
ord107
ord606
ord900
ord901
ord902
ord903
ord904
ord106
ord105
ord104
ord103
ord605

kernel32

GetStartupInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
WriteFile
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
GetLocalTime
CreateFileA
HeapFree
HeapAlloc
HeapCreate
WriteConsoleW
lstrlenA
GetComputerNameA
GetModuleHandleA
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 676KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca68714ad3db371c3ac6a11442ff458c

Headers

File Characteristics

Imports

winhttp

wsnmp32

kernel32

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 68KB - Virtual size: 64KB

.data Size: 48KB - Virtual size: 676KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 48KB - Virtual size: 676KB

.reloc
Size: 8KB - Virtual size: 5KB