1d9699f9e7fbb61ffa5548f67e2ade20N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1d9699f9e7fbb61ffa5548f67e2ade20N.exe
Size

3.7MB
MD5

1d9699f9e7fbb61ffa5548f67e2ade20
SHA1

83af89e622a2568a657edab618b70cb319324190
SHA256

3785c9043bf824a824a018bf82dfd6755b7bdedf50ed02798144c53aef9501e6
SHA512

d9ee2de33245d350b598dc5741d8e0565d55f2d3a1789df0a7f7796f5942cd3beb311d36e74dc0b7a56944b3fd0582d88746984e480749d7a848c0b6499a0b93
SSDEEP

49152:Iqegy8VzQAv1KawEDAyGx0nYScwE2wNld+XA4wTWPp/LCkSwBbkojqgp:Y8VzzeETY0YScSwJoA4rW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d9699f9e7fbb61ffa5548f67e2ade20N.exe

Files

1d9699f9e7fbb61ffa5548f67e2ade20N.exe
.exe windows:4 windows x86 arch:x86

6a256be6309119079726edcf7a7c1db4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetModuleFileNameExW
GetProcessImageFileNameW

ws2_32

recv
getservbyname
select
__WSAFDIsSet
shutdown
recvfrom
getsockname
bind
sendto
WSASocketA
accept
listen
WSAIoctl
WSAEventSelect
ioctlsocket
WSAAsyncSelect
WSAStartup
WSACleanup
socket
htonl
inet_addr
gethostname
connect
send
closesocket
inet_ntoa
setsockopt
WSCGetProviderPath
WSCEnumProtocols
ntohs
getservbyport
gethostbyaddr
gethostbyname
WSAGetLastError
WSASetLastError
htons

kernel32

GetSystemDirectoryW
GetTempPathA
GetModuleHandleA
DeleteFileW
CreateProcessW
Process32Next
Process32First
CreateToolhelp32Snapshot
GetLogicalDriveStringsA
VerifyVersionInfoA
VerSetConditionMask
GetVersionExA
GetCurrentProcess
GetTempPathW
TerminateProcess
OpenProcess
CopyFileW
lstrlenW
CreateThread
GetCurrentThreadId
GetCurrentThread
SetCurrentDirectoryW
lstrcmpiA
GetCurrentDirectoryA
GetCommandLineA
lstrcatA
GetModuleFileNameA
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
Process32NextW
Process32FirstW
FreeConsole
WriteConsoleInputA
GetStdHandle
SetFileAttributesW
GetSystemInfo
FormatMessageA
GetFileSize
WaitForMultipleObjects
WaitForSingleObject
PulseEvent
ResumeThread
InitializeCriticalSection
SetThreadAffinityMask
SetThreadPriority
GetThreadPriority
CreateSemaphoreA
ReleaseSemaphore
CreateMutexA
ReleaseMutex
CreateFileW
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetWindowsDirectoryW
FlushFileBuffers
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
ExpandEnvironmentStringsA
CreateDirectoryA
SetEvent
Sleep
LocalAlloc
CreateEventA
ResetEvent
LocalFree
GetWindowsDirectoryA
GetSystemDirectoryA
GetLastError
LoadLibraryA
GetProcAddress
FreeLibrary
CloseHandle
GetTickCount
GetCurrentProcessId
InterlockedIncrement
lstrcpyA
MultiByteToWideChar
SetCurrentDirectoryA
lstrlenA
InterlockedDecrement
GetModuleFileNameW
FindResourceW
LoadResource
LockResource
SizeofResource
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
SetEndOfFile
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
FindNextFileA
FindFirstFileA
FindClose
GlobalMemoryStatus
QueryPerformanceCounter
FlushConsoleInputBuffer
GetLocalTime
GetSystemTime
GetDateFormatA
GetTimeFormatA
DeviceIoControl
CreateFileA
ExpandEnvironmentStringsW
LoadLibraryW
SetLastError
GetCPInfo
DeleteCriticalSection
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
GetEnvironmentVariableA
SetFilePointer
GetFileType
SetHandleCount
ReadFile
SetConsoleCtrlHandler
SetUnhandledExceptionFilter
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
WriteFile
HeapSize
FatalAppExitA
HeapReAlloc
ExitProcess
GetVersion
GetStartupInfoA
HeapAlloc
HeapFree
RaiseException
RtlUnwind
InterlockedExchange
DeleteFileA
SystemTimeToFileTime
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetSystemTimeAsFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
SetFileAttributesA
GetFileAttributesA
WriteConsoleA
GetFullPathNameA
TerminateThread

user32

DispatchMessageA
PeekMessageA
CreateDesktopA
LoadStringA
MessageBoxA
GetDesktopWindow
GetUserObjectInformationW
SetProcessWindowStation
CharNextA
MsgWaitForMultipleObjectsEx
DefWindowProcA
RegisterClassA
UnregisterClassA
DestroyWindow
CreateWindowExA
PostMessageA
GetMessageA
TranslateMessage
KillTimer
SetTimer
SetThreadDesktop
GetProcessWindowStation
PostThreadMessageA

advapi32

RegOpenKeyExW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclA
AllocateAndInitializeSid
RegSetValueExA
RegCloseKey
RegCreateKeyA
StartServiceA
LookupPrivilegeValueA
RegisterEventSourceA
AdjustTokenPrivileges
StartServiceCtrlDispatcherA
RegDeleteKeyA
QueryServiceStatusEx
ChangeServiceConfigW
DeleteService
CreateServiceW
ChangeServiceConfig2A
RegCreateKeyExA
RegDeleteValueA
OpenThreadToken
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetLengthSid
CopySid
SetServiceStatus
RegisterServiceCtrlHandlerW
RegisterEventSourceW
ReportEventA
DeregisterEventSource
OpenServiceW
GetSecurityDescriptorLength
ConvertStringSecurityDescriptorToSecurityDescriptorW
ControlService
ChangeServiceConfigA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceConfigW
OpenProcessToken
GetTokenInformation
RegEnumKeyA
ConvertStringSidToSidA
LookupAccountSidW
RegOpenKeyA
RegEnumKeyExA
RegQueryValueExW
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegQueryValueExA
RegOpenKeyExA
SetNamedSecurityInfoA

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateGuid
StringFromGUID2
CoCreateInstance
CoRegisterClassObject
CoRevokeClassObject
CoInitialize
CoCreateFreeThreadedMarshaler
ProgIDFromCLSID
CoTaskMemFree

oleaut32

GetErrorInfo
VariantClear
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
VariantInit
SysAllocStringLen
CreateErrorInfo
SetErrorInfo
SysStringLen
SysAllocString
SysFreeString
VariantChangeType

secur32

GetUserNameExW

iphlpapi

GetAdaptersInfo

crypt32

CertOpenSystemStoreA
CertCloseStore
CertOpenStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertFreeCertificateChain
CertGetCertificateChain
CertCreateCertificateContext
CertNameToStrA
CertEnumCRLsInStore

gdi32

CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
GetObjectA
BitBlt
GetBitmapBits
DeleteObject
DeleteDC
CreateDCA

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 436KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a256be6309119079726edcf7a7c1db4

Headers

File Characteristics

Imports

version

psapi

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

secur32

iphlpapi

crypt32

gdi32

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 436KB - Virtual size: 432KB

.data Size: 132KB - Virtual size: 156KB

.idata Size: 12KB - Virtual size: 11KB

.rsrc Size: 76KB - Virtual size: 73KB

.reloc Size: 124KB - Virtual size: 120KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 436KB - Virtual size: 432KB

.data
Size: 132KB - Virtual size: 156KB

.idata
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 76KB - Virtual size: 73KB

.reloc
Size: 124KB - Virtual size: 120KB