ca5c21f1f6ec2720f105d5b6e4903200N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ca5c21f1f6ec2720f105d5b6e4903200N.exe
Size

5.9MB
MD5

ca5c21f1f6ec2720f105d5b6e4903200
SHA1

19e824ce163e10c4fe36384a51a68fb8524a7418
SHA256

e7d7fc4f9f320ae74f296278beadf5a335ec7f4c71bc2f3fdac2ba0069376a0c
SHA512

6360cc9876fcb8434ad7271925a918bac6a9ff0d6087ac9653642311dffe70d604218b2ec37200a8101f4860f11b5753ce1b337a106ab63bdaca9681f4f9561c
SSDEEP

6144:HX4thSUHz9HRg1c96R7b3/dyTl8W2p7/j1qBl9scLGUNhN:Hqh3Hz9HeTZzdwl8W2ZR6aU3N

Score

1^/10

Malware Config

Signatures

Files

ca5c21f1f6ec2720f105d5b6e4903200N.exe
.exe windows:5 windows x86 arch:x86

920aca8fdc4985e3316b3693228113b0

Code Sign

23:5a:1c:76:22:8c:6f:81:4a:36:15:e0:21:d3:a8:a6
Certificate

Issuer

CN=IOCRSIHZPSQUIZFOZQ

Not Before

09-09-2020 13:46

Not After

31-12-2039 23:59

Subject

CN=IOCRSIHZPSQUIZFOZQ

Extended Key Usages

ExtKeyUsageCodeSigning

c2:29:72:be:09:8c:06:17:7c:dd:32:20:0e:a1:e6:31:4f:1c:c8:65
Signer

Actual PE Digest

c2:29:72:be:09:8c:06:17:7c:dd:32:20:0e:a1:e6:31:4f:1c:c8:65

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
Sleep
VirtualAllocEx
GetModuleHandleW
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
SetEvent
InitializeCriticalSection
SizeofResource
MultiByteToWideChar
lstrlenW
RaiseException
GetLastError
LoadLibraryExW
lstrcmpiW
DeleteCriticalSection
GetCurrentThreadId
CreateThread
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadResource
FreeLibrary
FindResourceW
GetCommandLineW
CloseHandle
GetModuleFileNameW
OutputDebugStringW
CreateEventW
CreateProcessW
GetCurrentProcess
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
DeleteVolumeMountPointW
GetCommTimeouts
GetTapePosition
EnumCalendarInfoA
GetCommModemStatus
GetComputerNameExA
CommConfigDialogA
SetNamedPipeHandleState
LocalSize
GetWriteWatch
GetCPInfoExA
FindVolumeClose
PrepareTape
SetCurrentDirectoryW
DeviceIoControl
SleepEx
FindNextChangeNotification
ReadConsoleA
UnlockFile
BackupSeek
FreeUserPhysicalPages
ExitProcess
GetTempFileNameW
SetThreadPriorityBoost
CancelDeviceWakeupRequest
VirtualProtectEx
GlobalFindAtomW
GetProcessHeap
RtlUnwind
HeapReAlloc
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
HeapAlloc
VirtualAlloc
GetCPInfo
GetOEMCP
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
HeapFree
SetErrorMode
lstrlenA
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
lstrcpyW
SystemTimeToFileTime
PulseEvent
OpenProcess
OpenEventW
LoadLibraryW
GetSystemTime
GetFileTime
FindFirstFileW
FindClose
FileTimeToSystemTime
CreateFileW

user32

LoadCursorA
DispatchMessageW
PostThreadMessageW
CharUpperW
TranslateMessage
CharNextW
UnregisterClassA
GetMessageW
SetDlgItemTextW
DdeGetLastError
GetKeyNameTextW
SwitchDesktop
OpenDesktopA
EnumChildWindows
InternalGetWindowText
SetWinEventHook
CharPrevW
SwapMouseButton
IMPGetIMEW
GetClassInfoExW
GetMessagePos
CharLowerBuffA
RegisterClassExA
DestroyIcon
SetCapture
IsClipboardFormatAvailable
GetDlgCtrlID
GetClassNameW
GetClipboardData
InvertRect
MonitorFromPoint
GetClassInfoA
EnumWindowStationsW
EnumDesktopsA
AppendMenuA
OffsetRect

gdi32

GetStockObject
GetEnhMetaFileBits
ResetDCW
TextOutA
CombineTransform
UnrealizeObject
ResizePalette
GdiStartDocEMF
GdiPlayJournal
GdiSetServerAttr
PolyPatBlt
GetKerningPairsA
NamedEscape
DeleteDC
GetDeviceCaps
ScaleWindowExtEx
DeleteObject
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
CreateBitmap
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
ExtTextOutW
GetObjectW

advapi32

RegOpenKeyA
RegQueryValueExA
GetUserNameA
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW

shell32

ExtractIconA
ExtractAssociatedIconW
SHEmptyRecycleBinW
FindExecutableW
DragQueryFileAorW
FindExecutableA
DoEnvironmentSubstW
SHLoadInProc
SHGetFileInfo
ShellAboutW
SHGetDataFromIDListA
SHFreeNameMappings
SHGetInstanceExplorer
SHGetDiskFreeSpaceExA
SHGetDataFromIDListW
DragAcceptFiles
ShellExecuteA
SHGetSpecialFolderPathW
Shell_NotifyIconW

ole32

CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoInitialize
StringFromGUID2
CoTaskMemRealloc
CoUninitialize
CoCreateInstance
CoTaskMemAlloc

shlwapi

StrCmpNIW
StrStrW
StrRChrW
StrStrIW
StrChrA
StrCmpNIA

comctl32

InitCommonControlsEx

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 306B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

920aca8fdc4985e3316b3693228113b0

Code Sign

23:5a:1c:76:22:8c:6f:81:4a:36:15:e0:21:d3:a8:a6Certificate

Extended Key Usages

c2:29:72:be:09:8c:06:17:7c:dd:32:20:0e:a1:e6:31:4f:1c:c8:65Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 130KB - Virtual size: 130KB

.rdata Size: 512B - Virtual size: 306B

.data Size: 5.6MB - Virtual size: 5.6MB

.rsrc Size: 165KB - Virtual size: 164KB

23:5a:1c:76:22:8c:6f:81:4a:36:15:e0:21:d3:a8:a6
Certificate

c2:29:72:be:09:8c:06:17:7c:dd:32:20:0e:a1:e6:31:4f:1c:c8:65
Signer

.text
Size: 130KB - Virtual size: 130KB

.rdata
Size: 512B - Virtual size: 306B

.data
Size: 5.6MB - Virtual size: 5.6MB

.rsrc
Size: 165KB - Virtual size: 164KB