c4e50c332b6f0d892901dddd687e1bb0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

c4e50c332b6f0d892901dddd687e1bb0N.exe
Size

188KB
MD5

c4e50c332b6f0d892901dddd687e1bb0
SHA1

9249e31b30ceee58acc00880d0a1100f1bf50138
SHA256

f42408503308e9b9690c3bac02722866478c9435a3ffa11ef7a51780cd3ae61f
SHA512

3c563a4ac7f45119e644b076328487058c2fc840c8d1c9bdae7b49c1abefc5b419cb5478005ed045d1f5632783e1d393c15b0534412927f704bf3bd1aa051457
SSDEEP

3072:UOHATCzpylTMP2sRnzzSa/dFi3h1zaqi3uO/hQJ7P2Hcg//ULT:NACIgvRnSWd03hxNkuEhQJ7+v//a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c4e50c332b6f0d892901dddd687e1bb0N.exe

Files

c4e50c332b6f0d892901dddd687e1bb0N.exe
.exe windows:4 windows x86 arch:x86

1a2f6d886e828c9182e4308f49d8bc94

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileW
SetFileAttributesW
GetVolumeInformationA
MultiByteToWideChar
CopyFileA
GetFileAttributesA
MoveFileA
lstrcmpA
CreateFileA
DeleteFileA
SetFileAttributesA
GetDriveTypeA
GetCurrentProcess
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetTickCount
MoveFileExA
GetEnvironmentVariableA
lstrcmpiA
VirtualProtect
LockResource
SizeofResource
LoadResource
FindResourceA
CreateProcessW
lstrcatW
lstrcpyW
GetModuleFileNameA
GetCommandLineA
GetModuleFileNameW
CreateFileW
SetThreadContext
GetThreadContext
GetCommandLineW
VirtualQuery
VirtualFreeEx
VirtualFree
IsBadReadPtr
WaitForSingleObject
GetSystemWindowsDirectoryA
GetFileSize
GetTempPathA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetExitCodeThread
CreateProcessA
ExitThread
GetExitCodeProcess
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesExA
GetProcessVersion
LoadLibraryW
WriteFile
GetVersionExA
TerminateProcess
OpenProcess
WaitForMultipleObjects
GetComputerNameA
WideCharToMultiByte
SetUnhandledExceptionFilter
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
LoadLibraryA
GetProcessHeap
VirtualAlloc
lstrcatA
FindFirstFileA
lstrcpynA
lstrcpyA
lstrlenA
FindNextFileA
FindClose
GetModuleHandleA
GetProcAddress
GetCurrentProcessId
SetLastError
CreateMutexA
GetLastError
ExitProcess
CreateThread
ResumeThread
Sleep

user32

RegisterDeviceNotificationA
CreateWindowExA
RegisterClassA
CharLowerA
FindWindowExA
GetDesktopWindow
GetMessageA
DefWindowProcA
PostQuitMessage
UnregisterDeviceNotification
DestroyWindow
wsprintfA
DispatchMessageA
GetForegroundWindow
TranslateMessage

advapi32

RegOpenKeyA
RegCreateKeyExA
RegSetValueExA
RegFlushKey
RegCloseKey
OpenProcessToken
GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegQueryValueExA
InitiateSystemShutdownExA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
LookupAccountSidW
GetUserNameW

shell32

ShellExecuteExW
SHGetSpecialFolderPathA
SHFileOperationA
SHGetFolderPathW
SHGetFolderPathA

ole32

CoCreateGuid
CoCreateInstance
CLSIDFromString
CoUninitialize

iphlpapi

SetTcpEntry

shlwapi

PathFindFileNameA
PathRemoveArgsA
StrCmpNIA
StrChrA
StrStrIA
StrRChrA
StrStrA

rpcrt4

UuidToStringA

netapi32

NetLocalGroupAddMembers
NetApiBufferFree
NetUserEnum
NetUserGetInfo

dnsapi

DnsFree

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

code
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a2f6d886e828c9182e4308f49d8bc94

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

iphlpapi

shlwapi

rpcrt4

netapi32

dnsapi

Sections

.text Size: 64KB - Virtual size: 60KB

code Size: 8KB - Virtual size: 7KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 96KB - Virtual size: 94KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 64KB - Virtual size: 60KB

code
Size: 8KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 96KB - Virtual size: 94KB

.reloc
Size: 8KB - Virtual size: 4KB