61579b03199fa8f34637cc50ca4bf030N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

61579b03199fa8f34637cc50ca4bf030N.exe
Size

88KB
MD5

61579b03199fa8f34637cc50ca4bf030
SHA1

c3c6680e31801037f972ab9c730d2f4ed80ff73b
SHA256

5034dd624dafa1cfc5ebc85bf69f6ef08a8219707d3cde814061b7824239cc3f
SHA512

7ddd815b0d134a268a3296b2b9cf343dbb7a2f0c9046d757205827b1422bdab4a383ccd882a973aa4982fe073847a5b950607276f0c92d41388764c82272b076
SSDEEP

1536:93mx5ax68HiEslxrckTl1TfAbMRr01rUGkFlXLeRd1WvUv2qrw3o:WaxDHXsBfEMcUGkFlM1SUvt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61579b03199fa8f34637cc50ca4bf030N.exe

Files

61579b03199fa8f34637cc50ca4bf030N.exe
.exe windows:5 windows x86 arch:x86

990b860e2e0387137b2cef5724e5a054

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

RDPClip.pdb

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
wcslen
wcschr
wcscmp
strchr
_XcptFilter
_exit
_c_exit
rand
malloc
realloc
free
_except_handler3
_resetstkoflw
strrchr
wcsrchr
_strnicmp
_wcsnicmp
??2@YAPAXI@Z
wcsncpy
wcscpy
??3@YAXPAX@Z

advapi32

RegCreateKeyExA
IsValidSid
GetSecurityInfo
SetEntriesInAclW
SetSecurityInfo
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AllocateAndInitializeSid
RegQueryValueExA
RegSetValueExA

kernel32

GetDiskFreeSpaceA
GetStartupInfoA
GetModuleHandleA
GlobalMemoryStatus
LoadLibraryA
GetVersionExA
DeviceIoControl
HeapFree
FreeEnvironmentStringsA
FreeEnvironmentStringsW
lstrlenA
lstrlenW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapAlloc
GetProcessHeap
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime
WaitForSingleObject
CloseHandle
UnmapViewOfFile
GetLocalTime
GetProcAddress
GetModuleHandleW
InterlockedExchange
GetCurrentThreadId
GetCurrentProcessId
MapViewOfFile
CreateFileMappingW
LocalAlloc
GetLastError
GetCurrentProcess
ReleaseMutex
SetLastError
LocalFree
CreateMutexW
LoadLibraryExA
SetEvent
ResetEvent
InterlockedIncrement
GlobalFree
GlobalUnlock
GlobalLock
CreateDirectoryW
DeleteFileW
GetTempFileNameW
WideCharToMultiByte
GlobalAlloc
InterlockedDecrement
MultiByteToWideChar
WaitForMultipleObjects
GlobalSize
CreateThread
CreateEventW
ProcessIdToSessionId
GetOverlappedResult
WriteFile
ExitThread
ReadFile
GetTickCount
CancelIo
PulseEvent
OpenEventW
WaitForMultipleObjectsEx
QueryPerformanceCounter
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter

gdi32

DeleteMetaFile
DeleteObject
GetObjectW
GetPaletteEntries
CreatePalette
SetMetaFileBitsEx
CreateMetaFileW
PlayMetaFile
CloseMetaFile
GetMetaFileBitsEx
GetStockObject

user32

PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadStringW
CloseClipboard
EmptyClipboard
OpenClipboard
GetClipboardOwner
GetClipboardFormatNameW
EnumClipboardFormats
CountClipboardFormats
RegisterClipboardFormatW
GetClipboardViewer
DefWindowProcW
SetClipboardViewer
PostQuitMessage
DestroyWindow
ChangeClipboardChain
UnregisterClassW
RegisterWindowMessageW
CreateWindowExW
RegisterClassW
GetClipboardData
SendMessageW

shell32

SHFileOperationA
SHFileOperationW

winsta

WinStationQueryInformationW
WinStationVirtualOpen

wsock32

socket
WSAGetLastError
WSAStartup
WSACleanup
closesocket
getsockopt
ioctlsocket
sendto

ws2_32

WSACloseEvent
WSACreateEvent
WSAGetOverlappedResult
WSARecvFrom

msacm32

acmDriverOpen
acmStreamSize
acmStreamPrepareHeader
acmDriverClose
acmStreamClose
acmFormatSuggest
acmStreamOpen
acmFormatTagDetailsW
acmDriverEnum
acmStreamUnprepareHeader
acmStreamConvert

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

ole32

OleIsCurrentClipboard
CoGetMalloc
OleSetClipboard
OleInitialize

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

990b860e2e0387137b2cef5724e5a054

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

gdi32

user32

shell32

winsta

wsock32

ws2_32

msacm32

wtsapi32

ole32

Sections

.text Size: 56KB - Virtual size: 56KB

.data Size: 3KB - Virtual size: 72KB

.rsrc Size: 28KB - Virtual size: 29KB

.text
Size: 56KB - Virtual size: 56KB

.data
Size: 3KB - Virtual size: 72KB

.rsrc
Size: 28KB - Virtual size: 29KB