1a7d52ce0955fbd7ed07b4708ee23690N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1a7d52ce0955fbd7ed07b4708ee23690N.exe
Size

815KB
MD5

1a7d52ce0955fbd7ed07b4708ee23690
SHA1

f7b358489ea7a3a7e3f6add30126b00bb831d46c
SHA256

537b374a27d677637dba8a90546f94a7ba4aa85a0a0844dc5ca1da6497528876
SHA512

51a55d5121854624057a07e8b316fcbdfc77caea92fbadfa1abed0139e64c5bcb35a7af5099c0d1671b3ff4c7bc6dc2d7918adef9811c761e8ac7a40bd29d868
SSDEEP

24576:0694GTWYH06oFpAXzN2pgtsP13eRarwYTlN:Z94u0fOaP13eRarwYpN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a7d52ce0955fbd7ed07b4708ee23690N.exe

Files

1a7d52ce0955fbd7ed07b4708ee23690N.exe
.exe windows:6 windows x86 arch:x86

4a26c10d101657fd63f31ce7ce361a29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Work\Install_Driver\Driver_helper\Release\wuhost.pdb

Imports

ws2_32

ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
socket
WSAGetLastError
send
closesocket
setsockopt
ntohl
gethostname
ioctlsocket
sendto
recvfrom
freeaddrinfo
getaddrinfo
listen
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError

wldap32

ord27
ord22
ord41
ord50
ord45
ord30
ord32
ord60
ord211
ord46
ord217
ord26
ord33
ord301
ord200
ord35
ord79
ord143

crypt32

CryptQueryObject
CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CertOpenStore
CertGetNameStringA
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore

normaliz

IdnToAscii

kernel32

ResetEvent
SetEvent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
GetCurrentThreadId
InitializeSListHead
RtlUnwind
LoadLibraryExW
GetFileInformationByHandle
CreateThread
ExitThread
FreeLibraryAndExitThread
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
HeapSize
GetLastError
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
CreateMutexW
Sleep
CloseHandle
GetModuleFileNameA
SetPriorityClass
GetCurrentProcess
SetThreadPriority
CopyFileA
GetFileAttributesA
OutputDebugStringW
GetCurrentThread
DeleteFileA
DeleteFileW
GetLocalTime
GetProcAddress
ExitProcess
CreateProcessW
GetModuleHandleW
CreateFileW
GetFileSize
ReadFile
WriteFile
SetFilePointerEx
GetDriveTypeW
FindClose
GetTickCount
FindNextFileW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
MoveFileExW
LocalFree
GetModuleFileNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateProcess
GetModuleHandleExW
GetCurrentProcessId
WideCharToMultiByte
MultiByteToWideChar
GetCurrentDirectoryW
FreeLibrary
ExpandEnvironmentStringsA
VerSetConditionMask
GetCommandLineA
SetLastError
FormatMessageA
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
VerifyVersionInfoA
QueryPerformanceCounter
WaitForSingleObjectEx
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
ReadConsoleW
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
GetConsoleMode
GetCommandLineW
GetConsoleCP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetFullPathNameW
SetStdHandle
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetFileAttributesExW
SetEndOfFile
WriteConsoleW
TlsGetValue
TlsAlloc
SwitchToThread
CreateEventW
InitializeCriticalSectionAndSpinCount

advapi32

CryptImportKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
CryptEncrypt
CryptDestroyKey

shell32

SHGetFolderPathA
SHChangeNotify
ShellExecuteExA
ShellExecuteA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantClear

shlwapi

PathFindFileNameA
PathFindFileNameW
PathFileExistsA
PathAppendA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 583KB - Virtual size: 583KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 93KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4a26c10d101657fd63f31ce7ce361a29

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wldap32

crypt32

normaliz

kernel32

advapi32

shell32

ole32

oleaut32

shlwapi

version

Sections

.text Size: 583KB - Virtual size: 583KB

.rdata Size: 127KB - Virtual size: 127KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 952B

.reloc Size: 93KB - Virtual size: 96KB

.text
Size: 583KB - Virtual size: 583KB

.rdata
Size: 127KB - Virtual size: 127KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 952B

.reloc
Size: 93KB - Virtual size: 96KB