73044ce13bcbc4e899b9f8f658653540N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

73044ce13bcbc4e899b9f8f658653540N.exe
Size

608KB
MD5

73044ce13bcbc4e899b9f8f658653540
SHA1

50ab1f9066b6a1096d608cf0725ed2a7ea3d7dc9
SHA256

d25c497050dffab5e85fad4f36c3b27868c14274959baa82f0a3ece2bef328e3
SHA512

f8edf9b10bf851ef11aca9b6ab7c66e9e784458822da67ae1245e2e478455b6a4b08feb9878ec5b5be30372c012587172445b0b709984f502d09e35e51feb3c3
SSDEEP

12288:FV6YHqSlF3NYXI9C04A3C9gOKSRvnHJOLRmSjA:OYHqSlBNYXpbA3C9fDvnHFS0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
73044ce13bcbc4e899b9f8f658653540N.exe

Files

73044ce13bcbc4e899b9f8f658653540N.exe
.dll windows:4 windows x86 arch:x86

92af373dacb57b645d637217aaabc4ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
GlobalMemoryStatusEx
GetSystemInfo
GetShortPathNameA
ExpandEnvironmentStringsA
MoveFileExA
GetTempFileNameA
OpenEventA
CreateMutexA
SetErrorMode
Process32Next
Process32First
CreateToolhelp32Snapshot
GetEnvironmentVariableA
FileTimeToSystemTime
FileTimeToLocalFileTime
WinExec
lstrcmpiA
GetCurrentThreadId
Module32Next
Module32First
lstrlenW
InterlockedDecrement
AreFileApisANSI
CreateFileW
CreateFileMappingA
CreateFileMappingW
CreateMutexW
DeleteFileW
GetVersion
FormatMessageA
FormatMessageW
GetCurrentProcessId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesW
GetFileAttributesExW
GetFullPathNameA
GetFullPathNameW
GetSystemTime
GetSystemTimeAsFileTime
DisconnectNamedPipe
GetVersionExW
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
HeapValidate
HeapCompact
LoadLibraryW
LockFile
LockFileEx
MapViewOfFile
QueryPerformanceCounter
SetEndOfFile
SystemTimeToFileTime
UnlockFile
UnlockFileEx
UnmapViewOfFile
OutputDebugStringW
InterlockedCompareExchange
CreatePipe
DeviceIoControl
GetStartupInfoA
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
GetCurrentProcess
ExitProcess
CopyFileA
SetFileAttributesA
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetModuleHandleA
GetLocalTime
SetLastError
GetModuleFileNameA
MoveFileA
WriteFile
SetFilePointer
ReadFile
GetFileTime
GetFileSize
RemoveDirectoryA
LocalAlloc
CreateEventA
FindFirstFileA
LocalReAlloc
FindNextFileA
LocalFree
FindClose
GlobalFree
LocalSize
GetProcessHeap
HeapAlloc
HeapFree
GetExitCodeThread
ExitThread
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetTempPathW
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
CreateProcessA
GetFileAttributesA
CreateDirectoryA
GetLastError
CreateFileA
SetFileTime
DeleteFileA
GetVersionExA
GetPrivateProfileStringA
lstrcmpA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
FreeLibrary
GetWindowsDirectoryA
lstrcatA
GetPrivateProfileSectionNamesA
lstrlenA
CancelIo
lstrcpyA
ResetEvent
OutputDebugStringA
WideCharToMultiByte
InterlockedExchange
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
Sleep
CreateThread
ResumeThread
SetEvent
WaitForSingleObject
TerminateThread
CloseHandle
FlushFileBuffers

user32

GetProcessWindowStation
wsprintfW
GetWindowLongA
CloseWindowStation
SetThreadDesktop
OpenWindowStationA
SetProcessWindowStation
GetCursorInfo
GetCursorPos
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
GetClientRect
ReleaseDC
GetDC
wsprintfA
CharNextA
SetRect
CreateDesktopA
GetKeyNameTextA
ToAscii
MapVirtualKeyA
GetKeyboardState
GetKeyState
PostQuitMessage
EndPaint
BeginPaint
GetWindowTextA
GetForegroundWindow
DefWindowProcA
UpdateWindow
ShowWindow
RegisterClassExA
LoadCursorA
LoadIconA
DestroyWindow
FindWindowA
MessageBoxA
OpenInputDesktop
GetUserObjectInformationA
GetThreadDesktop
OpenDesktopA
IsWindow
SendMessageA
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
ExitWindowsEx
GetDesktopWindow
SetTimer
PostMessageA
GetSystemMetrics
GetClipboardData
OpenClipboard
GetAsyncKeyState
KillTimer
EmptyClipboard
SystemParametersInfoA
DestroyCursor
RegisterClassA
SetClipboardData
CloseClipboard
SetCursorPos
mouse_event
BlockInput
GetWindowTextLengthA
keybd_event
CloseDesktop

gdi32

TextOutA
SelectObject
GetDIBits
DeleteObject
CreateCompatibleDC
GetObjectA
BitBlt
GetStockObject
CreateDIBSection
DeleteDC
CreateCompatibleBitmap

advapi32

RegSaveKeyA
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
FreeSid
CreateProcessAsUserA
RegCreateKeyExA
RegDeleteKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
AbortSystemShutdownA
OpenEventLogA
ClearEventLogA
CloseEventLog
RegOpenKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
SetEntriesInAclA
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetNamedSecurityInfoA
RegCreateKeyA
RegSetValueExA
RegCloseKey
StartServiceA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
ControlService
DeleteService
CloseServiceHandle
LsaFreeMemory
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
LookupAccountNameA
IsValidSid
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegQueryInfoKeyA
RegRestoreKeyA
EnumServicesStatusA
QueryServiceConfigA
UnlockServiceDatabase
ChangeServiceConfigA
LockServiceDatabase
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW
LookupAccountSidA
GetTokenInformation
SetTokenInformation
DuplicateTokenEx
AllocateAndInitializeSid

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA
ShellExecuteA

ole32

CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
CoInitializeEx

oleaut32

SafeArrayGetUBound
SafeArrayGetElement
SysAllocString
SafeArrayGetLBound
SysAllocStringLen
SysFreeString
VariantInit
VariantClear
SafeArrayDestroy

shlwapi

SHSetValueA
SHDeleteKeyA

msvcrt

_msize
_stricmp
_strlwr
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
fputc
_errno
_fdopen
_beginthreadex
fputs
sprintf
perror
calloc
fgets
printf
_iob
fprintf
localtime
strncmp
_CxxThrowException
_strcmpi
_fileno
_setmode
_strnicmp
wcschr
wcslen
wcscpy
strtoul
realloc
strncat
atoi
_snprintf
_mbscmp
fseek
ftell
fread
wcsstr
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
rand
__CxxFrameHandler
memmove
ceil
_ftol
strlen
strstr
memcmp
srand
time
strchr
malloc
strcpy
strcmp
free
_except_handler3
strcat
strncpy
strrchr
fclose
fwrite
fopen
wcscmp
wcscat

winmm

waveOutReset
waveOutUnprepareHeader
waveInUnprepareHeader
waveInReset
waveInStop
waveOutWrite
waveInStart
waveInAddBuffer
waveOutClose
waveInClose
waveInPrepareHeader
waveInOpen
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
waveInGetNumDevs

ws2_32

recv
inet_ntoa
getsockname
gethostname
ioctlsocket
inet_addr
send
select
closesocket
WSAStartup
ntohs
socket
gethostbyname
htons
connect
WSAGetLastError
setsockopt
WSAIoctl
WSACleanup

msvcp60

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

gdiplus

GdipFree
GdipLoadImageFromFileICM
GdiplusStartup
GdiplusShutdown
GdipLoadImageFromFile
GdipAlloc
GdipGetImageEncoders
GdipDisposeImage
GdipCloneImage
GdipSaveImageToFile
GdipGetImageEncodersSize

iphlpapi

GetAdaptersInfo

dinput8

DirectInput8Create

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

msvfw32

ICSendMessage
ICClose
ICOpen
ICSeqCompressFrameStart
ICSeqCompressFrameEnd
ICCompressorFree

crypt32

CryptUnprotectData

psapi

EnumProcessModules
GetModuleFileNameExA

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSQuerySessionInformationA

userenv

CreateEnvironmentBlock

Exports

Exports

ODBC2
Test

Sections

.text
Size: 503KB - Virtual size: 503KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92af373dacb57b645d637217aaabc4ff

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcrt

winmm

ws2_32

msvcp60

gdiplus

iphlpapi

dinput8

wininet

avicap32

msvfw32

crypt32

psapi

wtsapi32

userenv

Exports

Exports

Sections

.text Size: 503KB - Virtual size: 503KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 47KB - Virtual size: 52KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 503KB - Virtual size: 503KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 47KB - Virtual size: 52KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 18KB - Virtual size: 18KB