9a204723607df20cea967d0699660410N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

9a204723607df20cea967d0699660410N.exe
Size

901KB
MD5

9a204723607df20cea967d0699660410
SHA1

9be37840229291b91f17154ede642dea50944e76
SHA256

a8a6b940b6b0384fdaae28a49fb41ae1e9d6d0f697d4aa38718acd8e94df7b19
SHA512

6a6791effae8553072bb41f006c9770ef4a2ddbb9f616a1e68c80b275747a598cda0881be7fc739d05438857cefd9cd10bb02bd77ca898aadc3c3992710c3cc4
SSDEEP

24576:XWysBUdGNTNjx+mZCkt76f/24pN+XNqNG6hditW:XWUdWf9Ckt7c20+9qNxUW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9a204723607df20cea967d0699660410N.exe

Files

9a204723607df20cea967d0699660410N.exe
.exe windows:6 windows x64 arch:x64

b509fa2245f7b09721e372247322a3d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetSystemDirectoryW
LoadLibraryW
VerifyVersionInfoW
CreateProcessW
WaitForMultipleObjects
IsDebuggerPresent
OutputDebugStringW
SetEndOfFile
WriteConsoleW
SetStdHandle
CreateFileW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FindClose
DeleteFileW
VerSetConditionMask
MultiByteToWideChar
WTSGetActiveConsoleSessionId
lstrcmpiW
FindResourceW
SizeofResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetTickCount
GetCurrentThreadId
GetCurrentThread
CreateThread
GetCurrentProcess
Sleep
CreateEventW
WaitForSingleObject
SetEvent
DeleteCriticalSection
InitializeCriticalSectionEx
OpenProcess
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
RaiseException
CloseHandle
DecodePointer
GetCommandLineW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetLastError
SetLastError
SetFilePointerEx
GetConsoleCP
FlushFileBuffers
GetStringTypeW
ReadConsoleW
GetConsoleMode
ReadFile
GetOEMCP
GetACP
IsValidCodePage
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
WriteFile
GetStartupInfoW
GetFileType
OpenEventW
FindNextFileW
LeaveCriticalSection
FindFirstFileW
GetStdHandle
WideCharToMultiByte
GetModuleHandleExW
ExitProcess
GetCPInfo
RtlPcToFileHeader
IsProcessorFeaturePresent
EncodePointer
RtlUnwindEx
LocalFree
RtlLookupFunctionEntry

user32

LoadStringW
PeekMessageW
MsgWaitForMultipleObjects
CharNextW
GetMessageW
TranslateMessage
DispatchMessageW
RegisterDeviceNotificationW
UnregisterDeviceNotification
PostThreadMessageW
CharUpperW
MessageBoxW

advapi32

SetSecurityDescriptorDacl
StartServiceW
DuplicateTokenEx
CreateProcessAsUserW
RegSetKeyValueW
GetUserNameW
RevertToSelf
ImpersonateLoggedOnUser
DuplicateToken
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
IsValidSid
InitializeSecurityDescriptor
GetTokenInformation
GetLengthSid
CopySid
OpenThreadToken
OpenProcessToken

ole32

CoUninitialize
CoInitializeEx
CoRegisterClassObject
CoRevokeClassObject
CoResumeClassObjects
CoAddRefServerProcess
CoReleaseServerProcess
CoInitializeSecurity
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoSetProxyBlanket
PropVariantClear
StringFromGUID2

oleaut32

SysAllocString
SysFreeString
SysStringLen
VarUI4FromStr
LoadTypeLi
VarBstrCat
SysAllocStringLen
SysAllocStringByteLen
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi

shlwapi

PathFileExistsW

gdi32

D3DKMTCloseAdapter
D3DKMTOpenAdapterFromDeviceName
D3DKMTEscape

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken

Sections

.text
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b509fa2245f7b09721e372247322a3d7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

gdi32

setupapi

userenv

wtsapi32

Sections

.text Size: 198KB - Virtual size: 197KB

.rdata Size: 96KB - Virtual size: 96KB

.data Size: 12KB - Virtual size: 42KB

.pdata Size: 12KB - Virtual size: 12KB

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 198KB - Virtual size: 197KB

.rdata
Size: 96KB - Virtual size: 96KB

.data
Size: 12KB - Virtual size: 42KB

.pdata
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 568KB - Virtual size: 572KB