8d02ea3af0c450c85a57f86b9c037f60N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

8d02ea3af0c450c85a57f86b9c037f60N.exe
Size

245KB
MD5

8d02ea3af0c450c85a57f86b9c037f60
SHA1

3940faffc9a413c9c842733bf6464359217f3871
SHA256

99e6d0fbdadaf29003937680cba34c1657aadf6a48c0cf390473cc94700cc46d
SHA512

d78969f3df135798a3de97e6d78945648bacd50cd76092b76e365163efa845bf72e956267b0fc7fb17df188743d894f9e4672216613b1f6fb1470670284fd5be
SSDEEP

6144:iusw1S3CBGx1E2Pq9nnQkhrl/C+kPeXo9ck:iusw1S3CBGx1E4q9npUC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d02ea3af0c450c85a57f86b9c037f60N.exe

Files

8d02ea3af0c450c85a57f86b9c037f60N.exe
.exe windows:6 windows x86 arch:x86

9f93aa4082883edcb4d5e171efc56228

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Asr_Src\Asr\AllCommand\Commands\Win32\Release\FileCpMv.pdb

Imports

mfc140u

ord14507
ord7493
ord3797
ord458
ord7107
ord12131
ord11015
ord11396
ord4092
ord3404
ord3403
ord3164
ord6218
ord13752
ord2760
ord12173
ord9235
ord9210
ord8163
ord4485
ord9040
ord10472
ord7495
ord3816
ord3697
ord1113
ord6489
ord6566
ord3882
ord1111
ord1405
ord6801
ord3237
ord3359
ord462
ord7109
ord9468
ord8066
ord1071
ord6497
ord3147
ord1070
ord6129
ord9128
ord3148
ord4222
ord8744
ord2993
ord3872
ord3339
ord7074
ord5882
ord14234
ord5422
ord12620
ord4109
ord1846
ord1457
ord980
ord2246
ord2865
ord8049
ord12643
ord14598
ord8776
ord14600
ord14131
ord14137
ord7820
ord2244
ord1690
ord1524
ord13654
ord8062
ord6973
ord4884
ord7509
ord3959
ord2524
ord1171
ord540
ord1180
ord9132
ord4225
ord7165
ord8360
ord12921
ord8756
ord14409
ord14415
ord14405
ord8712
ord4664
ord4663
ord12762
ord2927
ord5074
ord1653
ord1046
ord310
ord5885
ord1665
ord293
ord6751
ord3236
ord258
ord12172
ord14604
ord12348
ord2378
ord12405
ord261
ord14657
ord4886
ord2256
ord5117
ord13028
ord290
ord1689
ord3075
ord1692
ord8757
ord1526
ord13964
ord1687
ord2304
ord2996
ord8182
ord8464
ord266
ord822
ord4323
ord4815
ord2385
ord2389
ord12645
ord13965
ord2172
ord13259
ord1465
ord987
ord265
ord12763
ord6220
ord13756
ord3305
ord3302
ord8210
ord2761
ord14785
ord10285
ord10287
ord10286
ord10284
ord10288
ord5652
ord11725
ord11726
ord9139
ord12089
ord3838
ord11936
ord14588
ord8965
ord12220
ord6978
ord11002
ord9256
ord3266
ord13878
ord12262
ord12258
ord1722
ord1744
ord1770
ord1756
ord1777
ord4936
ord5003
ord4948
ord4966
ord4960
ord4954
ord5013
ord4997
ord4942
ord5019
ord4974
ord4912
ord4927
ord4988
ord4502
ord9693
ord4494
ord3055
ord14590
ord7923
ord14596
ord6877
ord11717
ord13703
ord5935
ord2682
ord12124
ord3372
ord3371
ord12168
ord5249
ord1045
ord1523
ord5884
ord2409
ord280
ord1663
ord8817
ord5549
ord5760
ord9350
ord5525
ord5790
ord5252
ord5411
ord5228
ord7722
ord7723
ord7712
ord3696
ord3677
ord4856
ord3693
ord5409
ord8219
ord10255
ord9209
ord6865
ord3941
ord14377
ord3265
ord286
ord1412
ord928
ord3833
ord4881
ord1476
ord1002
ord7654
ord13544
ord8719
ord296
ord13256
ord14417
ord2526
ord6533
ord7027
ord4477
ord13257
ord3694
ord2383
ord6588
ord2990
ord9131
ord3189
ord4224
ord8745
ord2994
ord3874
ord14573
ord13258
ord1450
ord2753
ord13649
ord8470
ord8386
ord12865
ord8324
ord5357
ord2486
ord974
ord12541
ord12542
ord14589
ord7922
ord3932
ord14595
ord9398
ord4152
ord4090
ord12947
ord7941
ord6607
ord2034
ord11982
ord4227
ord11983
ord14466
ord8746
ord12531
ord8000
ord14667
ord6348
ord14669
ord6350
ord14668
ord6349
ord3852
ord5918
ord12239
ord1525
ord1511
ord12247
ord4589
ord8217
ord10433
ord12251
ord12219
ord12928
ord5763
ord10250
ord6860
ord1179
ord952
ord7997
ord1472
ord995
ord285
ord7653
ord5921
ord12559
ord10379
ord3009
ord1513

kernel32

CreateFileW
LoadLibraryW
GetProcAddress
FreeLibrary
FormatMessageW
LocalFree
SetFileAttributesW
GetFileSizeEx
GetSystemDirectoryW
RemoveDirectoryW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
CompareFileTime
GetLongPathNameW
GetShortPathNameW
CreateProcessW
FindFirstFileW
FindFirstFileExW
GlobalUnlock
GlobalLock
GlobalAlloc
MultiByteToWideChar
CreateMutexW
GetTickCount
GetModuleHandleW
InitializeCriticalSectionEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
WideCharToMultiByte
OpenMutexW
GetTickCount64
GetCurrentProcessId
FileTimeToLocalFileTime
FileTimeToSystemTime
GetExitCodeProcess
TerminateProcess
WaitForSingleObject
MapViewOfFile
GetCurrentThreadId
GetSystemTimeAsFileTime
GetFileAttributesW
CreateFileMappingW
CloseHandle
OutputDebugStringW
Sleep
QueryPerformanceCounter
QueryPerformanceFrequency
FindClose
UnmapViewOfFile
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
FindNextFileW

user32

PostMessageW
SendMessageW
IsWindow
FindWindowW
EnableWindow
SetCursorPos
SetForegroundWindow
IsMenu
SystemParametersInfoW
CreatePopupMenu
AppendMenuW
GetMonitorInfoW
DispatchMessageW
SetWindowPos
GetWindowRect
MonitorFromWindow
GetKeyState
OpenClipboard
GetSystemMetrics
SetClipboardData
CloseClipboard
GetClipboardData
GetForegroundWindow
AttachThreadInput
PeekMessageW
GetClientRect
GetDC
ReleaseDC
TranslateMessage
GetWindowTextW
MessageBoxW
IsWindowVisible
GetWindowThreadProcessId
WaitForInputIdle
GetDesktopWindow
FindWindowExW
wsprintfW
ShowWindow
KillTimer
EmptyClipboard
SetTimer
GetActiveWindow
GetDlgCtrlID
GetClassNameW
SetMenuItemInfoW
LoadStringW
GetMenuItemCount
DrawTextW

gdi32

GetTextExtentPoint32W
DeleteObject

advapi32

RegSetValueExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
GetUserNameW

shell32

SHCreateItemFromParsingName
ord165
DragQueryFileW
SHBrowseForFolderW
SHChangeNotify
ShellExecuteExW
SHGetPathFromIDListEx
SHGetFileInfoW
ord71
SHGetSpecialFolderPathW
ord155
SHBindToParent
ord190
DragAcceptFiles

comctl32

InitCommonControlsEx

shlwapi

StrCpyW
PathIsRootW
PathFileExistsW
StrCmpW
StrStrIW
StrCmpLogicalW
StrCmpIW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VarUdateFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

vcruntime140

__current_exception
memmove
_CxxThrowException
__CxxFrameHandler3
__std_terminate
__std_exception_copy
__std_exception_destroy
wcschr
memset
__current_exception_context
_except_handler4_common
memcpy

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
__p___wargv
_seh_filter_exe
_controlfp_s
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
__p___argc
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_set_app_type
_exit
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv

api-ms-win-crt-stdio-l1-1-0

_wsopen_s
__p__commode
_set_fmode
__stdio_common_vswscanf
fgetws
_filelength
_read
_close
fclose
_wfsopen
fwrite
_wfopen_s
fputws

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
malloc
_recalloc
calloc

api-ms-win-crt-string-l1-1-0

isalpha
_wcsnicmp
wcscpy_s
isspace
_wcsicmp
isdigit
isxdigit

api-ms-win-crt-convert-l1-1-0

_wtoi
_wtoi64
wcstod
wcstol

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-time-l1-1-0

_time64
wcsftime
_localtime64_s

api-ms-win-crt-filesystem-l1-1-0

_wfullpath
_wrename

api-ms-win-crt-locale-l1-1-0

_wsetlocale
_configthreadlocale

api-ms-win-crt-math-l1-1-0

_CIfmod
ceil
__setusermatherr

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f93aa4082883edcb4d5e171efc56228

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc140u

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp140

version

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 172KB - Virtual size: 172KB

.rdata Size: 43KB - Virtual size: 42KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 172KB - Virtual size: 172KB

.rdata
Size: 43KB - Virtual size: 42KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 20KB - Virtual size: 19KB