4beb1fd63bb52638c4c8ab0d85886270N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4beb1fd63bb52638c4c8ab0d85886270N.exe
Size

83KB
MD5

4beb1fd63bb52638c4c8ab0d85886270
SHA1

bdb31dc0eb42177b34da4546dcbbf3863b2c4c8e
SHA256

2bcc77ce7096da0d9b4881efa04042a1755e505562796fa894f92f9fd81b7f6c
SHA512

d2bc20ca150d7b4e3d7bccaefe7954d1b52e2f624347f286faae66d3335ea85227f5c1a61f1a8b9cec797251953489d253b25869b9f05f02af2810416d34af01
SSDEEP

1536:wMsQYTo4K0z9GQZiU6N0+73R5yE7lXRp+0z/y:Kfvhid0+z7t3y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4beb1fd63bb52638c4c8ab0d85886270N.exe

Files

4beb1fd63bb52638c4c8ab0d85886270N.exe
.exe windows:5 windows x86 arch:x86

25c4ebd3f4929ce1cecc64d7eec8628c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

gdi32

CreateDIBPatternBrushPt

kernel32

SetThreadAffinityMask
SetTapePosition
SetSystemPowerState
AllocConsole
WritePrivateProfileStructA
DeleteFileA
GetPrivateProfileSectionNamesW
lstrlenA
GetStringTypeExA
SetEnvironmentVariableW
FindNextFileA
FreeLibraryAndExitThread
DecodeSystemPointer
EnumCalendarInfoExW
GetSystemWindowsDirectoryW
ResetEvent
GetStartupInfoW
IsBadWritePtr
ReadConsoleW
GetCalendarInfoA
ReadConsoleA
GetQueuedCompletionStatus
TerminateThread
FindAtomA
LockResource
RemoveVectoredExceptionHandler
GetConsoleCP
CreateDirectoryW
SetCommBreak
FindFirstVolumeA
GetCommandLineA
WideCharToMultiByte
SetEnvironmentVariableA
VerifyVersionInfoA
SetFileShortNameA
GetVolumeInformationW
GetSystemPowerStatus
CopyFileW
GlobalHandle
VirtualProtectEx
GetConsoleFontSize
lstrcpyA
VirtualFree
FindAtomW
GetGeoInfoW
WriteConsoleOutputCharacterW
GetBinaryTypeW
WritePrivateProfileStringA
CreateIoCompletionPort
DebugBreakProcess
SetupComm
LoadLibraryW
ExitProcess
ReleaseActCtx

user32

LoadCursorW
CreateMDIWindowW
InSendMessageEx
RegisterWindowMessageW

msvcrt

strncpy
ungetwc
memcmp
towlower
free
atol
sin
fgetpos
calloc

oleaut32

VarR8FromBool
VarUI2FromI4

shell32

ord180
SHInvokePrinterCommandW

setupapi

SetupGetLineTextA

mprapi

MprAdminInterfaceUpdatePhonebookInfo

clusapi

SetClusterResourceName
RemoveClusterResourceNode

esent

JetRestore2

pdh

PdhGetLogFileSize
PdhRemoveCounter
PdhLookupPerfNameByIndexW

urlmon

URLDownloadToFileA
SetSoftwareUpdateAdvertisementState
CreateURLMonikerEx
CoInternetGetSecurityUrl
FaultInIEFeature

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

25c4ebd3f4929ce1cecc64d7eec8628c

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

kernel32

user32

msvcrt

oleaut32

shell32

setupapi

mprapi

clusapi

esent

pdh

urlmon

Sections

.text Size: 75KB - Virtual size: 74KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 1024B - Virtual size: 1000B

.text
Size: 75KB - Virtual size: 74KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 1000B