30dd027ae947870fb17276fbe8ee04e0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

30dd027ae947870fb17276fbe8ee04e0N.exe
Size

880KB
MD5

30dd027ae947870fb17276fbe8ee04e0
SHA1

abea529b101067c66568cc4cf8eb1e4374339c2f
SHA256

d03699749e3dd63470e5e6a8dc8a6bb9d0277f02305bbe8eded3eeb43a1a370c
SHA512

0648fb3c08a4a6ed5bfe6a3a2336298b931f479dd5e32426d3c3d00f9940f8a430d691de3cbe97d6611b0f79e651d43af01d04092a4e535b584b6f6ceade579f
SSDEEP

6144:0IjNdYjf4cPFv29GfwC3JfOdSpVaVcjp7TqlXpKbU5SCWrKz4Xy8srmzIxk44IDB:HY/9viAJKSpVTqlZK8SC6Wd/rmzIx3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30dd027ae947870fb17276fbe8ee04e0N.exe

Files

30dd027ae947870fb17276fbe8ee04e0N.exe
.exe windows:4 windows x86 arch:x86

a03cdc8bc05e798705dcc541536ac2ef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\WORK2005\BinOut\FarmManager.pdb

Imports

kernel32

lstrlenA
GlobalMemoryStatus
Sleep
GetTickCount
GetLocalTime
DeleteCriticalSection
LeaveCriticalSection
CreateTimerQueueTimer
DeleteTimerQueueTimer
EnterCriticalSection
InterlockedIncrement
FreeLibrary
PostQueuedCompletionStatus
CreateFileA
GetFileSize
ReadFile
CloseHandle
CompareStringA
GetSystemInfo
GetCurrentThreadId
GetModuleFileNameA
LoadLibraryA
GetCurrentProcessId
Process32Next
CreateToolhelp32Snapshot
Process32First
DebugBreak
CreateEventA
CreateThread
SetEvent
WaitForSingleObject
GetProcAddress
GetCurrentProcess
GetLastError
SetUnhandledExceptionFilter
GetQueuedCompletionStatus
CreateIoCompletionPort
SetConsoleTextAttribute
WriteConsoleA
AllocConsole
GetConsoleWindow
GetStdHandle
SetConsoleCtrlHandler
SetConsoleMode
WideCharToMultiByte
CreateSemaphoreA
GetUserDefaultLangID
MulDiv
GetTimeFormatA
GetDateFormatA
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcmpiA
QueryPerformanceCounter
ResumeThread
SuspendThread
OutputDebugStringA
QueryPerformanceFrequency
GetWindowsDirectoryA
GetCurrentThread
IsDebuggerPresent
ExitProcess
ResetEvent
InterlockedDecrement
ReleaseSemaphore
InitializeCriticalSection
lstrcpynA
MultiByteToWideChar
FlushFileBuffers
SetFilePointer
SetEndOfFile
WriteFile
UnmapViewOfFile
FlushViewOfFile
CreateFileMappingA
MapViewOfFile
CreateDirectoryA
SleepEx
SetThreadPriority
FlushInstructionCache
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetSystemTimeAsFileTime
ExitThread
TerminateProcess
UnhandledExceptionFilter
RaiseException
RtlUnwind
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
GetCPInfo
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
FatalAppExitA
VirtualAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
CompareStringW
SetEnvironmentVariableA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoA
GetThreadLocale
GetACP
InterlockedExchange
TerminateThread
GetVersionExA

ws2_32

WSACreateEvent
WSACleanup
recvfrom
WSASetEvent
WSAGetOverlappedResult
WSAWaitForMultipleEvents
WSAResetEvent
WSACloseEvent
ntohs
inet_ntoa
WSASendTo
WSARecvFrom
WSASend
getsockopt
getpeername
accept
connect
getsockname
WSAGetLastError
setsockopt
WSARecv
WSAIoctl
shutdown
listen
WSASocketA
sendto
socket
bind
htons
gethostbyname
inet_addr
closesocket
WSAStartup

iphlpapi

GetAdaptersInfo
GetIpAddrTable

user32

SetForegroundWindow
SendMessageA
MessageBoxA
PtInRect
OffsetRect
GetDC
SetCapture
SetCursor
ReleaseCapture
GetSystemMetrics
CreatePopupMenu
AppendMenuA
ReleaseDC
CheckMenuItem
LoadIconA
GetCursorPos
ScreenToClient
TrackPopupMenu
BeginPaint
DestroyMenu
GetSysColor
IntersectRect
EndPaint
DrawIcon
InflateRect
SetRect
LoadCursorA
CopyRect
UnionRect
GetParent
RedrawWindow
AdjustWindowRect
GetWindowLongA
MoveWindow
DefWindowProcA
RegisterClassA
CreateWindowExA
DestroyWindow
PostQuitMessage
SetWindowPos
ShowWindow
UpdateWindow
GetWindowRect
GetClientRect
LoadMenuA
SetTimer
GetSubMenu
GetMenu
DrawTextA
CharNextA
GetWindowTextA
GetClassNameA
EnumChildWindows
EnableWindow
GetDlgItem
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
EndDialog
SetDlgItemInt
GetDlgItemInt
SetDlgItemTextA
GetDlgItemTextA
DialogBoxParamA
CreateDialogParamA
GetDesktopWindow
SetWindowTextA
TranslateMessage
PeekMessageA
DispatchMessageA
IsWindow
PostMessageA

gdi32

DeleteDC
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontA
DeleteObject
GetNearestColor
SetPixel
GetStockObject
Ellipse
LineTo
MoveToEx
RoundRect
Rectangle
SetBkColor
TextOutA
SetTextAlign
GetDeviceCaps
CreateSolidBrush
CreatePen
SetTextColor
GetTextExtentPoint32A
BitBlt
SetBkMode

advapi32

StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegisterEventSourceA
DeregisterEventSource
OpenSCManagerA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegOpenKeyA
RegCreateKeyA
ReportEventA
DeleteService
ControlService
OpenServiceA
CloseServiceHandle
CreateServiceA

ole32

CoCreateGuid

Sections

.text
Size: 748KB - Virtual size: 747KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a03cdc8bc05e798705dcc541536ac2ef

Headers

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

iphlpapi

user32

gdi32

advapi32

ole32

Sections

.text Size: 748KB - Virtual size: 747KB

.rdata Size: 108KB - Virtual size: 106KB

.data Size: 16KB - Virtual size: 294KB

.rsrc Size: 4KB - Virtual size: 176B

.text
Size: 748KB - Virtual size: 747KB

.rdata
Size: 108KB - Virtual size: 106KB

.data
Size: 16KB - Virtual size: 294KB

.rsrc
Size: 4KB - Virtual size: 176B