3c2c33a17e0e24fc1b23ed1ce6fcc7b0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

3c2c33a17e0e24fc1b23ed1ce6fcc7b0N.exe
Size

3.7MB
MD5

3c2c33a17e0e24fc1b23ed1ce6fcc7b0
SHA1

1396b6126150b61d40f26428af911539e62836f2
SHA256

ffb2e2dc1ebdc95fb91ff3764c04f54bcd722a830f906524e4efe44b2ff4c80b
SHA512

da4fb6a6e284c8c1e8b8b4dd4e4529bf444799e977225dfb5107fee3546dda7b0dca7687357f02f84f51a5278560c70dda6a17444d037c23c8e0a5a5e0ea0884
SSDEEP

24576:FL7QfEUT4EeJtrVKh0aLIh6ocfEtiT7HwXezIM5abnQsc36bLmW92LhHRqZeckTM:xrJtEDLT8Esc364Q9QqXFxoLZs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c2c33a17e0e24fc1b23ed1ce6fcc7b0N.exe

Files

3c2c33a17e0e24fc1b23ed1ce6fcc7b0N.exe
.exe windows:4 windows x86 arch:x86

db1fefbcd03ddca6eb3cacbc168bfc18

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\WORK2005\BinOut\SR_ShardManager.pdb

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
DebugBreak
ReadFile
GetFileSize
CreateFileA
GetVersionExA
GetACP
GetLocaleInfoA
QueryPerformanceFrequency
QueryPerformanceCounter
lstrlenW
CompareStringA
CloseHandle
SetThreadPriority
CreateThread
GetTickCount
InterlockedExchange
GetLocalTime
GetLastError
CreateDirectoryA
Sleep
lstrlenA
SetEnvironmentVariableA
CompareStringW
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
SetStdHandle
GetSystemInfo
GetCurrentThreadId
GetModuleFileNameA
LoadLibraryA
FreeLibrary
PostQueuedCompletionStatus
GetCurrentProcessId
InterlockedIncrement
CreateTimerQueueTimer
DeleteTimerQueueTimer
GlobalMemoryStatus
WideCharToMultiByte
CreateIoCompletionPort
GetQueuedCompletionStatus
WriteConsoleA
GetStdHandle
SetConsoleCtrlHandler
CreateSemaphoreA
GetProcAddress
GetCurrentProcess
WaitForSingleObject
SetUnhandledExceptionFilter
CreateEventA
SetEvent
GetUserDefaultLangID
TerminateThread
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcmpiA
GetWindowsDirectoryA
GetCurrentThread
IsDebuggerPresent
ExitProcess
InterlockedDecrement
OutputDebugStringA
ResetEvent
InitializeCriticalSection
MultiByteToWideChar
FlushFileBuffers
SetFilePointer
SetEndOfFile
WriteFile
UnmapViewOfFile
FlushViewOfFile
CreateFileMappingA
MapViewOfFile
SleepEx
ResumeThread
SuspendThread
FlushInstructionCache
GetDriveTypeA
GetFullPathNameA
GetModuleHandleA
GetSystemTimeAsFileTime
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
GetTimeZoneInformation
ExitThread
RaiseException
RtlUnwind
GetConsoleCP
GetConsoleMode
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
GetCurrentDirectoryA
GetCPInfo
GetOEMCP
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetConsoleOutputCP
WriteConsoleW

user32

LoadCursorA
GetDC
GetSystemMetrics
ReleaseDC
LoadIconA
BeginPaint
GetSysColor
IntersectRect
EndPaint
DrawIcon
InflateRect
SetRect
CopyRect
UnionRect
PtInRect
OffsetRect
SetCapture
SetCursor
ReleaseCapture
CreatePopupMenu
AppendMenuA
CheckMenuItem
GetCursorPos
ScreenToClient
TrackPopupMenu
MessageBoxA
LoadMenuA
SetTimer
GetSubMenu
GetMenu
ShowWindow
DefWindowProcA
RegisterClassA
CreateWindowExA
DestroyWindow
PostQuitMessage
UpdateWindow
GetClientRect
RedrawWindow
MoveWindow
DrawTextA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SendMessageA
DispatchMessageA
TranslateMessage
PeekMessageA
IsWindow
PostMessageA
DestroyMenu
CharNextA

iphlpapi

GetAdaptersInfo
GetIpAddrTable

ws2_32

WSACreateEvent
closesocket
bind
setsockopt
WSAGetLastError
WSASocketA
ntohs
WSASendTo
htons
WSACloseEvent
WSARecvFrom
shutdown
WSAWaitForMultipleEvents
WSAResetEvent
WSAIoctl
WSARecv
WSAGetOverlappedResult
WSASetEvent
getsockname
connect
accept
getpeername
getsockopt
WSASend
listen
gethostbyname
inet_addr
socket
WSAStartup
WSACleanup
inet_ntoa

wininet

FtpDeleteFileA
InternetGetLastResponseInfoA
FtpSetCurrentDirectoryA
InternetCloseHandle
InternetConnectA
InternetCrackUrlA
InternetOpenA
FtpOpenFileA
InternetWriteFile

gdi32

MoveToEx
LineTo
Ellipse
SetPixel
GetNearestColor
Rectangle
TextOutA
SetTextAlign
GetDeviceCaps
CreateSolidBrush
CreatePen
SetTextColor
GetTextExtentPoint32A
CreateFontA
BitBlt
SetBkMode
DeleteDC
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject

advapi32

RegOpenKeyA
RegCloseKey
RegSetValueExA
RegQueryValueExA

ole32

CoCreateGuid

odbc32

ord36
ord40
ord72
ord26
ord30
ord4
ord75
ord41
ord31
ord76
ord11
ord13
ord61
ord18
ord8
ord43
ord16
ord24

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 660KB - Virtual size: 658KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

db1fefbcd03ddca6eb3cacbc168bfc18

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

iphlpapi

ws2_32

wininet

gdi32

advapi32

ole32

odbc32

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 660KB - Virtual size: 658KB

.data Size: 68KB - Virtual size: 384KB

.rsrc Size: 4KB - Virtual size: 176B

.text Size: 108KB - Virtual size: 108KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 660KB - Virtual size: 658KB

.data
Size: 68KB - Virtual size: 384KB

.rsrc
Size: 4KB - Virtual size: 176B

.text
Size: 108KB - Virtual size: 108KB