1feafb3ee64267b6669cfa30f6069e80N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1feafb3ee64267b6669cfa30f6069e80N.exe
Size

420KB
MD5

1feafb3ee64267b6669cfa30f6069e80
SHA1

184656efd647b13a9f3950a8b09fdca4414e5a3e
SHA256

a21fa7b6d075916d5180e34550db85439dc663a356b087503072fb79123d4507
SHA512

c8d2d2faeac7b8418098f67177c319099c4b723575bef355590ee7162a626960f396bdc881586ab2f282396474a4e1ae4046aa9b3fcc55e8df0788d71b1c6a0c
SSDEEP

6144:4Gd9Q79Joh7iXrlVEy4G+aLttwu9g20UsHnv1yz+TO:6JJmGXpVERHarwuSHnV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1feafb3ee64267b6669cfa30f6069e80N.exe

Files

1feafb3ee64267b6669cfa30f6069e80N.exe
.exe windows:5 windows x64 arch:x64

eecee2d4049efcef3f26a96b35f7bc4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\MP_PRJ\MP_PCI_1704\GT\SRC\GT_PCI_Install\x64\Release\PCIeMPInstall.pdb

Imports

setupapi

SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW

kernel32

GetFileAttributesW
GetFileSizeEx
GetFileTime
GetStartupInfoW
HeapAlloc
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
ExitThread
CreateThread
RaiseException
RtlPcToFileHeader
HeapReAlloc
HeapQueryInformation
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
FileTimeToLocalFileTime
GetTickCount
SetErrorMode
FileTimeToSystemTime
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrlenA
GetThreadLocale
TlsFree
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
TlsGetValue
GlobalFlags
FormatMessageW
MulDiv
GlobalFindAtomW
CompareStringW
GetVersionExA
GetCurrentProcessId
GlobalAddAtomW
CreateEventW
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
GlobalUnlock
WritePrivateProfileStringW
FreeResource
GlobalFree
LoadLibraryA
SetLastError
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
GetModuleFileNameW
lstrcmpA
GetLocaleInfoW
WideCharToMultiByte
CompareStringA
MultiByteToWideChar
GlobalLock
lstrcmpW
GlobalAlloc
GetModuleHandleW
LeaveCriticalSection
EnterCriticalSection
GetCurrentDirectoryW
lstrlenW
LocalAlloc
LocalFree
GetLastError
Sleep
CloseHandle
GetCurrentProcess
GetVersionExW
FreeLibrary
GetProcAddress
LoadLibraryW
InitializeCriticalSectionAndSpinCount
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
WinExec
GetWindowsDirectoryA
DeleteFileW
GetSystemDirectoryW
GetCommandLineW

user32

UnregisterClassW
GetSysColorBrush
GetNextDlgGroupItem
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableW
CharNextW
SetRect
MessageBeep
ReleaseCapture
LoadCursorW
SetCapture
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
DestroyMenu
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageA
SendDlgItemMessageW
WinHelpW
IsChild
GetCapture
GetClassNameW
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
SetFocus
GetForegroundWindow
GetTopWindow
GetWindowLongPtrW
SetWindowLongPtrW
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
wsprintfW
EnableWindow
LoadIconW
GetSystemMenu
AppendMenuW
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetSubMenu
ReleaseDC
GetDC
CopyRect
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxW
SetCursor
SetWindowsHookExW
PostThreadMessageW
CallNextHookEx
GetMessageW
RegisterClipboardFormatW
SendMessageW
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
ExitWindowsEx
InvalidateRect
CharUpperW
PostMessageW
PostQuitMessage
SetWindowPos
MapDialogRect
GetParent
SetWindowContextHelpId
GetWindow
EndDialog
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
GetWindowLongW
IsWindow
DestroyWindow
CreateDialogIndirectParamW
SetActiveWindow
GetActiveWindow
GetDesktopWindow
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuW
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageW
GetKeyState
TranslateMessage
DispatchMessageW
IsWindowVisible
GetWindowTextW

gdi32

GetBkColor
GetTextColor
GetRgnBox
GetMapMode
GetStockObject
RestoreDC
SaveDC
GetDeviceCaps
ExtTextOutW
GetObjectW
SetBkColor
SetTextColor
GetClipBox
CreateRectRgnIndirect
CreateBitmap
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
DeleteDC

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

CryptHashData
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegCreateKeyExW
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
RegDeleteKeyW
CryptCreateHash
CryptAcquireContextW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoGetClassObject

oleaut32

OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 258KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eecee2d4049efcef3f26a96b35f7bc4c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

oleacc

Sections

.text Size: 258KB - Virtual size: 257KB

.rdata Size: 97KB - Virtual size: 97KB

.data Size: 14KB - Virtual size: 37KB

.pdata Size: 18KB - Virtual size: 18KB

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 258KB - Virtual size: 257KB

.rdata
Size: 97KB - Virtual size: 97KB

.data
Size: 14KB - Virtual size: 37KB

.pdata
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 13KB - Virtual size: 12KB