2b576743df1e08910b079467549c54a0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2b576743df1e08910b079467549c54a0N.exe
Size

860KB
MD5

2b576743df1e08910b079467549c54a0
SHA1

762ae729fe5177afffa44b9a6025b8a774105ed0
SHA256

c927d8999c2a41aa71b373d92762b7252eebec8867de071ebeedea81e0fedfc8
SHA512

4b91ab39ee5f23c3ff6a48eb07f6a0acac31ddd7d41bfe95e80e1962298b3b67062d3ef2d1a468406de4fa7dde372ca279460b6a8e93081deadfa12ed1dff85a
SSDEEP

12288:feoowv+is08UHerNd7dCSBZI7QKAXbNtYXCOYuft:WKv+pxZd7dLI7QNhtQl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b576743df1e08910b079467549c54a0N.exe

Files

2b576743df1e08910b079467549c54a0N.exe
.exe windows:4 windows x86 arch:x86

6783d77dc632b13bf10164328c9d3db8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\WORK2005\JMX_CommonServers\Tools\ServiceManager\SMC\SMC___Win32_Release_SR_VIETNAM\SMC.pdb

Imports

kernel32

GetThreadLocale
GetACP
GetVersionExA
GetLocaleInfoA
InterlockedExchange
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GlobalMemoryStatus
CompareStringA
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetCurrentDirectoryA
GetModuleFileNameA
GetTickCount
GetLocalTime
FindClose
FindNextFileA
lstrlenA
GetModuleHandleA
FreeLibrary
GetProcAddress
LoadLibraryA
FindFirstFileA
GetLastError
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEnvironmentVariableA
CompareStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
SetConsoleCtrlHandler
SetStdHandle
GetConsoleMode
GetConsoleCP
HeapReAlloc
VirtualAlloc
GetTimeZoneInformation
FatalAppExitA
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
MultiByteToWideChar
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
HeapSize
GlobalAlloc
GlobalLock
GlobalUnlock
WideCharToMultiByte
InterlockedDecrement
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
SetEvent
WaitForSingleObject
ResetEvent
CreateEventA
GetWindowsDirectoryA
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentThread
IsDebuggerPresent
ExitProcess
GetSystemInfo
ReleaseSemaphore
InitializeCriticalSection
FlushFileBuffers
SetFilePointer
SetEndOfFile
WriteFile
UnmapViewOfFile
FlushViewOfFile
CreateFileMappingA
MapViewOfFile
CreateDirectoryA
SleepEx
FlushInstructionCache
SetThreadPriority
ResumeThread
SuspendThread
MulDiv
GetTimeFormatA
GetDateFormatA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetUserDefaultLangID
lstrcmpiA
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
ExitThread
CreateThread
RaiseException
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep

user32

EnableWindow
GetCursorPos
GetMenu
EnableMenuItem
DefWindowProcA
IsWindow
PostMessageA
SendMessageA
LoadMenuA
CreateWindowExA
GetMessageA
GetFocus
GetParent
GetNextDlgTabItem
GetAsyncKeyState
SetFocus
TranslateMessage
DispatchMessageA
GetDlgItemTextA
SetDlgItemTextA
GetDlgItemInt
SetDlgItemInt
EndDialog
GetDesktopWindow
CreateDialogParamA
DialogBoxParamA
PeekMessageA
AdjustWindowRect
RedrawWindow
GetClientRect
GetWindowRect
UpdateWindow
SetWindowPos
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
CharNextA
DrawTextA
GetSysColor
LoadCursorA
GetDC
GetSystemMetrics
ReleaseDC
BeginPaint
EndPaint
SetParent
PtInRect
MoveWindow
ShowWindow
GetWindowLongA
GetClassNameA
EnumChildWindows
PostQuitMessage
GetDlgItem
SetWindowTextA
GetWindowTextA
CreatePopupMenu
DestroyMenu
AppendMenuA
TrackPopupMenu
SetCapture
ReleaseCapture
SetCursor
RegisterClassA
DestroyWindow
MessageBoxA

advapi32

RegOpenKeyA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegCreateKeyA

comctl32

InitCommonControlsEx

ws2_32

WSASend
closesocket
WSASocketA
WSAGetLastError
listen
shutdown
WSAIoctl
WSARecv
setsockopt
WSASendTo
WSARecvFrom
htons
connect
bind
getsockopt
WSACreateEvent
inet_ntoa
ntohs
gethostbyname
inet_addr
socket
WSAStartup
WSACleanup
ioctlsocket
WSACloseEvent
WSAResetEvent
WSAWaitForMultipleEvents
WSAGetOverlappedResult
WSASetEvent
getpeername
accept
getsockname

winmm

timeSetEvent
timeKillEvent

iphlpapi

GetAdaptersInfo

gdi32

RoundRect
Rectangle
BitBlt
MoveToEx
LineTo
Ellipse
GetStockObject
CreatePen
SelectObject
DeleteObject
CreateSolidBrush
GetDeviceCaps
CreateFontA
SetTextAlign
TextOutA
SetTextColor
SetBkColor
SetBkMode
CreateCompatibleDC
CreateCompatibleBitmap
Polygon
GetTextExtentPoint32A

ole32

CoCreateGuid

Sections

.text
Size: 580KB - Virtual size: 577KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6783d77dc632b13bf10164328c9d3db8

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

comctl32

ws2_32

winmm

iphlpapi

gdi32

ole32

Sections

.text Size: 580KB - Virtual size: 577KB

.rdata Size: 88KB - Virtual size: 84KB

.data Size: 16KB - Virtual size: 292KB

.rsrc Size: 4KB - Virtual size: 912B

.rmnet Size: 60KB - Virtual size: 60KB

.text Size: 108KB - Virtual size: 108KB

.text
Size: 580KB - Virtual size: 577KB

.rdata
Size: 88KB - Virtual size: 84KB

.data
Size: 16KB - Virtual size: 292KB

.rsrc
Size: 4KB - Virtual size: 912B

.rmnet
Size: 60KB - Virtual size: 60KB

.text
Size: 108KB - Virtual size: 108KB