e3f6b272052e0b4300edf6c20ef79e80N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

e3f6b272052e0b4300edf6c20ef79e80N.exe
Size

269KB
MD5

e3f6b272052e0b4300edf6c20ef79e80
SHA1

ccc27432883c397f98d9789e8e67203a6b56f478
SHA256

45cafaed8da234b6c251b03b4591597225d37c0685e43ab0ab57bb3be1933996
SHA512

b9f1bd1fcae0cdee811947b08753fd25bf1c5b01861923927b7e05ee64ce4c7e4a057f4faea273bbb10d5666aefb25be69eb55530e5ab0b0df678e344b408697
SSDEEP

6144:8xuTKo/xp/vHsBFtecmtK9E+8Su85vYSqWn7f:1KoEmtOn5QSqqf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e3f6b272052e0b4300edf6c20ef79e80N.exe

Files

e3f6b272052e0b4300edf6c20ef79e80N.exe
.dll windows:5 windows x86 arch:x86

0751a7e5b1eac01d74d5c763706fc444

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

iphlpapi

GetTcpTable

dbghelp

SymGetModuleInfo
SymInitialize
SymGetModuleBase
SymSetOptions
SymGetSymFromAddr

msvcrt

_except_handler3
memset
memcpy
_snprintf
fclose
fseek
realloc
fwrite
fread
fopen
strncpy
malloc
calloc
free
sprintf
atoi
isprint
strstr

psapi

GetModuleFileNameExA

netapi32

NetQueryDisplayInformation
NetApiBufferFree

dnsapi

DnsFlushResolverCache

wininet

InternetConnectA
InternetReadFile
HttpOpenRequestA
InternetCheckConnectionA
HttpSendRequestA
InternetOpenA
InternetQueryOptionA
InternetSetStatusCallback
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpQueryInfoA
InternetCloseHandle

ws2_32

ntohs
WSASetLastError
WSAGetLastError
accept
listen
send
gethostbyname
closesocket
socket
bind
recv
shutdown
htons
WSAStartup
inet_ntoa
connect
gethostname
getpeername
htonl
setsockopt
select
__WSAFDIsSet
inet_addr
recvfrom

shell32

ExtractIconExA
ShellExecuteA
SHGetFolderPathA
SHFileOperationA
ord680

shlwapi

PathMakeSystemFolderA
PathFileExistsA
StrCmpNIA
PathGetDriveNumberA
PathAppendA
StrStrA
StrChrIA
PathAddBackslashA
PathFindFileNameA
StrStrIW
StrStrIA
StrToIntA

ntdll

ZwQueryInformationThread
RtlImageNtHeader
RtlCreateUserThread

kernel32

FileTimeToSystemTime
GetSystemTime
LocalFree
GetFileInformationByHandle
GetFileType
LocalAlloc
GetLocalTime
SystemTimeToFileTime
SetFilePointer
GetFileSize
FileTimeToDosDateTime
WriteProcessMemory
Module32Next
VirtualAllocEx
Module32First
GetProcessTimes
CreateRemoteThread
VirtualQuery
GetPrivateProfileStringA
GetShortPathNameA
GetFileAttributesW
GetFileAttributesA
GetVersionExW
WideCharToMultiByte
VirtualProtect
GetThreadPriority
InterlockedExchange
FlushInstructionCache
lstrcmpA
FindFirstChangeNotificationA
FindNextChangeNotification
TerminateThread
WinExec
MoveFileA
ExitThread
GetCommandLineA
GetCommandLineW
ExitProcess
HeapValidate
GetProcessHeap
GetTempPathA
GetCurrentDirectoryA
GetTempFileNameA
CopyFileA
WaitForMultipleObjects
GetLogicalDriveStringsA
SetCurrentDirectoryA
SetThreadPriority
GetDriveTypeA
SetErrorMode
GlobalUnlock
GlobalLock
EnterCriticalSection
GetLastError
SetLastError
GetProcAddress
GetModuleFileNameA
GetModuleHandleA
GetTickCount
GetVolumeInformationA
GetSystemWindowsDirectoryA
CreateMutexA
GetCurrentProcess
GetTimeFormatA
GetCurrentThread
VirtualFree
GetDateFormatA
VirtualAlloc
AddVectoredExceptionHandler
DeleteFileA
GetSystemDefaultLangID
Process32First
OpenProcess
GetTimeZoneInformation
GetEnvironmentVariableA
Process32Next
CreateToolhelp32Snapshot
CloseHandle
WaitForSingleObject
LoadLibraryExA
ReleaseMutex
CreateFileA
MoveFileExA
lstrcpynA
SetEndOfFile
SetFilePointerEx
WriteFile
IsBadWritePtr
ReadFile
CreateDirectoryA
GetFileSizeEx
FindFirstFileA
RemoveDirectoryA
SetFileAttributesA
FindClose
FindNextFileA
HeapReAlloc
HeapAlloc
HeapFree
SetEvent
Sleep
OpenMutexA
GetCurrentThreadId
lstrcpyA
MapViewOfFile
UnmapViewOfFile
IsBadReadPtr
CreateFileMappingA
CreateProcessA
CreateThread
HeapCreate
lstrcmpiA
OpenEventA
lstrcmpiW
GetCurrentProcessId
OpenFileMappingA
GetComputerNameA
lstrlenA
CreateEventA
GetVersionExA
ResetEvent
InitializeCriticalSection
LeaveCriticalSection

user32

GetWindowDC
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageW
DispatchMessageW
CharUpperA
GetSystemMetrics
GetDC
SetThreadDesktop
GetThreadDesktop
ReleaseDC
GetShellWindow
GetWindow
DestroyIcon
FindWindowA
GetDesktopWindow
GetIconInfo
RegisterWindowMessageA
SendMessageA
WindowFromPoint
DrawIcon
CreateDesktopA
GetTopWindow
IsWindowVisible
PostMessageA
IsWindow
MapVirtualKeyA
IsIconic
IsRectEmpty
GetClassLongA
GetWindowThreadProcessId
MapWindowPoints
GetMenuItemInfoA
SetWindowPos
SendMessageTimeoutA
GetWindowLongA
GetAncestor
GetWindowInfo
GetParent
GetWindowRect
GetSystemMenu
DefWindowProcW
EndMenu
HiliteMenuItem
DefMDIChildProcA
GetCursor
GetMenuItemCount
DefMDIChildProcW
DefWindowProcA
GetMenuState
CopyIcon
TrackPopupMenuEx
GetMenuItemRect
GetMenu
MenuItemFromPoint
GetSubMenu
SetKeyboardState
GetMenuItemID
OpenDesktopA
PrintWindow
WindowFromDC
SetLayeredWindowAttributes
EnumChildWindows
RedrawWindow
GetWindowRgn
SetClassLongA
SetWindowLongA
GetScrollBarInfo
MoveWindow
DialogBoxIndirectParamA
SetWindowTextA
ShowWindow
EndDialog
GetDlgItem
CreateWindowExA
GetWindowTextLengthA
GetClientRect
LoadIconA
AttachThreadInput
DestroyWindow
wsprintfA
GetUserObjectInformationA
PtInRect
GetFocus
GetLastActivePopup
RealChildWindowFromPoint
GetClassNameA
GetOpenClipboardWindow
GetActiveWindow
GetWindowTextA
GetGUIThreadInfo
GetKeyboardState
ToAscii

gdi32

CreateFontIndirectA
GetObjectA
GetClipRgn
BitBlt
GetViewportOrgEx
GetDeviceCaps
SelectClipRgn
OffsetRgn
CreateRectRgn
DeleteDC
CreateDIBSection
GetDIBits
GdiFlush
SetViewportOrgEx
CreateCompatibleBitmap
DeleteObject
SelectObject
CreateCompatibleDC

advapi32

RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
GetTokenInformation
OpenProcessToken
RegNotifyChangeKeyValue
RegEnumKeyExA
GetUserNameA
RegCloseKey
RegFlushKey
RegOpenKeyExA

Sections

.text
Size: 221KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0751a7e5b1eac01d74d5c763706fc444

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

dbghelp

msvcrt

psapi

netapi32

dnsapi

wininet

ws2_32

shell32

shlwapi

ntdll

kernel32

user32

gdi32

advapi32

Sections

.text Size: 221KB - Virtual size: 224KB

.rdata Size: 29KB - Virtual size: 32KB

.data Size: 5KB - Virtual size: 68KB

.reloc Size: 13KB - Virtual size: 14KB

.text
Size: 221KB - Virtual size: 224KB

.rdata
Size: 29KB - Virtual size: 32KB

.data
Size: 5KB - Virtual size: 68KB

.reloc
Size: 13KB - Virtual size: 14KB