e1953d89d763e974d45868a4f048e580N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

e1953d89d763e974d45868a4f048e580N.exe
Size

3.4MB
MD5

e1953d89d763e974d45868a4f048e580
SHA1

c4e4d3c3c6d5252f647de5cbc02cbedaaea6518b
SHA256

0bcbe6167f0bf8938d5f44e947f4fc26acec8e95774725900e9b8b42f31888a7
SHA512

4aadaffb592456810e6e2b20ddb7a0a46dfce09e40d0b5fbb644b3d1cd3bcdbe576563ca2bb8662a5200e2e20ab1dca4aa38e519101504964cb80b02c37d04d4
SSDEEP

49152:9DOOqxekIwZbn005yZL8BFi0fXpn3pL/+9hBZhOh5PSSNPigdyPpQul+Lupy0yDq:adn5etNCWQu3pynD527BWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1953d89d763e974d45868a4f048e580N.exe

Files

e1953d89d763e974d45868a4f048e580N.exe
.exe windows:6 windows x64 arch:x64

f74866a8f79f1a22ee681605c0bcd49d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\jenkins\workspace\N_MBVpnTunnel\bin\x64\Release\MBVpnTunnelService.pdb

Imports

ws2_32

inet_ntop
InetPtonW
WSAStartup
WSACleanup
recv
closesocket
WSAGetLastError
WSASetLastError
send

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgClose
CryptQueryObject
CertGetNameStringW
CertOpenStore
CertCloseStore
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CryptMsgGetParam
CryptDecodeObjectEx
CryptDecodeObject
CertDuplicateCertificateContext

kernel32

FileTimeToSystemTime
GetModuleFileNameW
GetCurrentProcess
GetWindowsDirectoryW
GetLongPathNameW
QueryDosDeviceW
GetFileInformationByHandle
SetFilePointer
GetFileSizeEx
GetLogicalDriveStringsW
CreateProcessW
GetExitCodeProcess
GetCurrentThread
GetFileSize
lstrcmpA
GetFileAttributesW
GetFileAttributesExW
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
DeleteFileW
FormatMessageW
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsW
LocalAlloc
OutputDebugStringW
GetCurrentThreadId
SetEndOfFile
FindNextFileW
GetModuleHandleA
GetStdHandle
GetCurrentDirectoryW
GetSystemTime
ResetEvent
ReleaseMutex
CreateMutexW
TerminateProcess
GetStartupInfoW
GetExitCodeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetEnvironmentVariableW
SetEnvironmentVariableW
SystemTimeToFileTime
DeleteFiber
GetFileType
QueryPerformanceCounter
ConvertFiberToThread
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetFullPathNameW
HeapReAlloc
GetLocalTime
GetTickCount
GetTimeZoneInformation
LocalFree
GetSystemInfo
VerifyVersionInfoW
VerSetConditionMask
GetVersionExW
CopyFileW
MoveFileExW
MultiByteToWideChar
WideCharToMultiByte
CloseThreadpoolCleanupGroup
CloseThreadpool
CloseThreadpoolWork
CloseThreadpoolCleanupGroupMembers
SubmitThreadpoolWork
CreateThreadpoolWork
CreateNamedPipeW
WaitForSingleObject
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
CreateThreadpoolCleanupGroup
CreateThreadpool
ConnectNamedPipe
WriteFile
ReadFile
DisconnectNamedPipe
FlushFileBuffers
WaitForMultipleObjects
GetOverlappedResult
CancelIoEx
SetLastError
SetEvent
CreateEventW
HeapFree
GetProcessHeap
HeapAlloc
MapViewOfFile
OpenFileMappingW
GetProcessTimes
OpenProcess
UnmapViewOfFile
GetCurrentProcessId
CloseHandle
DecodePointer
GetModuleHandleW
DeleteCriticalSection
InitializeCriticalSectionEx
RaiseException
EnterCriticalSection
LeaveCriticalSection
SwitchToThread
Sleep
GetProcAddress
LoadLibraryW
FreeLibrary
FindClose
FindFirstFileW
GetLastError
GetSystemDirectoryW
CreateFileW
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
SetFilePointerEx
GetConsoleCP
GetCommandLineW
GetCommandLineA
SetConsoleCtrlHandler
ExitProcess
PeekNamedPipe
GetDriveTypeW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
RtlPcToFileHeader
InterlockedPushEntrySList
RtlUnwindEx
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
WaitForSingleObjectEx
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
GetStringTypeW
SetThreadPriority
SystemTimeToTzSpecificLocalTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
WriteConsoleW
InitializeCriticalSectionAndSpinCount

user32

GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation

advapi32

CryptAcquireContextW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW
IsTextUnicode
OpenProcessToken
CryptCreateHash
CryptReleaseContext
CryptDestroyHash
OpenThreadToken
AllocateAndInitializeSid
FreeSid
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CreateWellKnownSid
GetSidSubAuthority
GetSidSubAuthorityCount
AreAllAccessesGranted
MapGenericMask
ConvertStringSidToSidW
ConvertSidToStringSidW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegQueryInfoKeyW
RegLoadAppKeyW
RegLoadKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
TreeSetNamedSecurityInfoW
SetSecurityInfo
GetSecurityInfo
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
DeleteAce
GetExplicitEntriesFromAclW
RegOpenKeyExW

shell32

SHGetFolderPathW

oleaut32

VariantClear

mpr

WNetGetConnectionW

netapi32

NetApiBufferFree
NetWkstaGetInfo

sfc

SfcIsFileProtected

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetProcessImageFileNameW

bcrypt

BCryptVerifySignature
BCryptGetProperty
BCryptDestroyKey
BCryptFinishHash
BCryptImportKeyPair
BCryptHashData
BCryptCreateHash
BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptDestroyHash

wintrust

CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
WinVerifyTrust
CryptCATAdminReleaseCatalogContext
CryptCATAdminAcquireContext

authz

AuthzFreeResourceManager
AuthzInitializeContextFromSid
AuthzAccessCheck
AuthzInitializeResourceManager
AuthzFreeContext

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 917KB - Virtual size: 916KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 596KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f74866a8f79f1a22ee681605c0bcd49d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

crypt32

kernel32

user32

advapi32

shell32

oleaut32

mpr

netapi32

sfc

version

psapi

bcrypt

wintrust

authz

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 917KB - Virtual size: 916KB

.data Size: 42KB - Virtual size: 63KB

.pdata Size: 90KB - Virtual size: 90KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 596KB - Virtual size: 600KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 917KB - Virtual size: 916KB

.data
Size: 42KB - Virtual size: 63KB

.pdata
Size: 90KB - Virtual size: 90KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 596KB - Virtual size: 600KB