c86ff1b6fb267c6d2aed2b6659d83bd0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

c86ff1b6fb267c6d2aed2b6659d83bd0N.exe
Size

144KB
MD5

c86ff1b6fb267c6d2aed2b6659d83bd0
SHA1

92203c09ba87196d73d394b66e647b4a6b9778a0
SHA256

2ce3291e7b26a96f26d28551b5a799a6553e160a21cf24234bcb0d7d43c32800
SHA512

12c25f8179868d2581689259d3557267f6dedf6f45a0f78d4107849b63a47fb59a21a6defe30bde8b6d8752d6cd00ae62b516bb6101adb83e306bda22d6204b3
SSDEEP

1536:YYDYJdEehO+lWcwCfN+b7g9hw0qVeomzXCRw/5xPW0EWJBJrJv/78si9:YY8QeQBcwWIbcYEoBK/5lW0EWprJXYz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c86ff1b6fb267c6d2aed2b6659d83bd0N.exe

Files

c86ff1b6fb267c6d2aed2b6659d83bd0N.exe
.exe windows:4 windows x86 arch:x86

bbe0679ada8b409ef67de3a217d1c8f9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetCommandLineW
LockResource
FlushInstructionCache
GetCurrentProcess
LoadLibraryW
WideCharToMultiByte
GetProcAddress
FindResourceExW
EnterCriticalSection
LeaveCriticalSection
SetLastError
GetOEMCP
GetCPInfo
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
FreeLibrary
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleA
HeapCreate
GetStartupInfoW
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
SetEvent
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
GetModuleHandleW
CreateEventW
Sleep
CreateThread
GetModuleFileNameW
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
WaitForSingleObject
GetFileType
CloseHandle
GetProcessHeap
HeapSize
HeapReAlloc
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

CreateDialogParamW
IsWindowVisible
GetWindow
GetWindowRect
SystemParametersInfoW
MapWindowPoints
UnregisterClassA
ShowWindow
BringWindowToTop
SetWindowTextW
DestroyWindow
IsDialogMessageW
GetMessageW
TranslateMessage
DispatchMessageW
MessageBoxW
PostMessageW
CallWindowProcW
DefWindowProcW
ReleaseCapture
PtInRect
GetParent
SetCapture
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SendMessageW
LoadImageW
SetCursor
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
IsWindow
GetWindowLongW
SetWindowLongW
SetWindowPos
SetTimer
CharUpperW
CharNextW
PostThreadMessageW
KillTimer
GetDlgItem

gdi32

SetTextColor
SetBkMode
GetStockObject
DeleteObject
GetObjectW
CreateFontIndirectW
SelectObject

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW

shell32

ShellExecuteW

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemRealloc
CoUninitialize
CoInitialize
CoTaskMemAlloc

oleaut32

VARIANT_UserMarshal
VARIANT_UserSize
LoadRegTypeLi
VARIANT_UserUnmarshal
SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
VARIANT_UserFree

rpcrt4

NdrCStdStubBuffer2_Release
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
NdrStubCall2

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.orpc
Size: 4KB - Virtual size: 267B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ghjbngw
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bbe0679ada8b409ef67de3a217d1c8f9

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

rpcrt4

Sections

.text Size: 64KB - Virtual size: 64KB

.orpc Size: 4KB - Virtual size: 267B

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 36KB - Virtual size: 36KB

ghjbngw Size: - Virtual size: 4KB

.text
Size: 64KB - Virtual size: 64KB

.orpc
Size: 4KB - Virtual size: 267B

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 36KB - Virtual size: 36KB

ghjbngw
Size: - Virtual size: 4KB