35a4f26e7e9268ee650169250716a8afbf3ee3ded6251ca99c976181ed58d251[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

35a4f26e7e9268ee650169250716a8afbf3ee3ded6251ca99c976181ed58d251.exe
Size

41KB
MD5

6c583bfeb1ad04fd597bc88e9d1e1fc5
SHA1

2bcbd8dae47d96e34180f097efa0e3970d3fb659
SHA256

35a4f26e7e9268ee650169250716a8afbf3ee3ded6251ca99c976181ed58d251
SHA512

2d802ec961bef97573e2d78fd8695e4c70f15dce88bfa96dfc59d39cc0f6cbcb471c7170ba7df08daa9e867787d54f78f472f22c4770b089dba0efa1ca358123
SSDEEP

768:EHaFknubRem6Wrv4YXr1gIg8qgLPNKRNOeTtD7KLlPLtBiCQRaTQUOX:Elsem6Wr3W7NWPNTKtyJPLb0UO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35a4f26e7e9268ee650169250716a8afbf3ee3ded6251ca99c976181ed58d251.exe

Files

35a4f26e7e9268ee650169250716a8afbf3ee3ded6251ca99c976181ed58d251.exe
.exe windows:10 windows x86 arch:x86

1ce24f8d171d420dcf77580404df2579

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

rasphone.pdb

Imports

advapi32

RegCloseKey
RegSetValueExW
RegDeleteKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken

kernel32

GetModuleFileNameW
DeactivateActCtx
CompareStringW
FreeLibrary
LoadLibraryExW
GetPrivateProfileStringW
ActivateActCtx
FormatMessageW
CreateActCtxW
GetModuleHandleW
GetProcAddress
HeapSetInformation
lstrlenA
ReleaseActCtx
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetLastError
CloseHandle
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
GlobalAlloc
GlobalFree
LocalFree
GlobalReAlloc

msvcrt

__argv
_XcptFilter
__p__commode
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
__p__fmode
__argc
__setusermatherr
_initterm
_acmdln
?terminate@@YAXXZ
_controlfp
_except_handler4_common
_ismbblead
memset

rtutils

TraceDeregisterExA
TracePrintfExA
TraceRegisterExA

ntdll

NtQueryInformationToken
_vsnwprintf
_wtol

user32

CharNextW
CharPrevW
LoadStringW
MessageBoxW

rpcrt4

I_RpcExceptionFilter

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ce24f8d171d420dcf77580404df2579

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

rtutils

ntdll

user32

rpcrt4

Sections

.text Size: 22KB - Virtual size: 22KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 22KB - Virtual size: 22KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 12KB - Virtual size: 12KB