4a5782a7825dd004b8e8e5e8338d8d30N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

4a5782a7825dd004b8e8e5e8338d8d30N.exe
Size

152KB
MD5

4a5782a7825dd004b8e8e5e8338d8d30
SHA1

4fa94829525d4f0fdb2c030fc9b2d56da99a4e9c
SHA256

e24f141a3ac276ddd5fa5c585b7dde0b08bae71292790a14d334fac481e77cad
SHA512

a45503ed6c7fc4f918a1de4e7a6586a06811e16e4fe7ffd298b1df60b970736259b9205876543a49cef96a9221c435cb6dd1327ce79603713416553142d1b99e
SSDEEP

3072:uZm5TWg259EDfLAUjFXxofkP3qYTtTfBgCanzQTBfvVg2Zt/:uZm5qgeynNpXxx3qufKVnzQTBn7b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a5782a7825dd004b8e8e5e8338d8d30N.exe

Files

4a5782a7825dd004b8e8e5e8338d8d30N.exe
.exe windows:4 windows x86 arch:x86

da52c5d05cdebd728ad0ac73ac2f3497

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Work\PlatformDev\_tag\China\20121031_NGM\NGM\NGM\Release\NGM.pdb

Imports

kernel32

LockResource
LoadResource
FindResourceA
FindResourceExA
GetProcessHeap
HeapAlloc
HeapFree
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
WaitForSingleObject
lstrlenA
WideCharToMultiByte
HeapReAlloc
CloseHandle
WriteFile
CreateFileA
GetModuleFileNameA
MoveFileA
DeleteFileA
SetFileAttributesA
GetFileAttributesA
ReadFile
SizeofResource
RaiseException
GetVersion
CreateDirectoryA
FindClose
FindFirstFileA
SetEndOfFile
SetStdHandle
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FormatMessageA
LocalFree
GetLastError
LocalAlloc
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
MultiByteToWideChar
InterlockedExchange
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetFilePointer
FlushFileBuffers
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
IsBadWritePtr
VirtualFree
HeapCreate
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetCommandLineA
GetStartupInfoA
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapDestroy
HeapSize
ExitProcess
RtlUnwind
GetModuleHandleA
TerminateProcess
GetCurrentProcess
VirtualProtect

user32

MessageBoxA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
FreeSid
AllocateAndInitializeSid
SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

shell32

SHGetSpecialFolderPathA

shlwapi

PathRemoveFileSpecA
PathFileExistsA

ws2_32

WSACloseEvent
WSASetLastError
ntohs
getservbyport
gethostbyaddr
htons
htonl
inet_ntoa
gethostbyname
WSAGetLastError
inet_addr
WSAEnumNetworkEvents
WSAConnect
WSAGetOverlappedResult
WSASend
WSAResetEvent
WSARecv
WSAEventSelect
WSASetEvent
WSACreateEvent
WSAStartup
closesocket
WSASocketA
WSACleanup
getservbyname

wininet

InternetSetFilePointer
InternetQueryDataAvailable
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
InternetGetLastResponseInfoA
InternetOpenA
InternetReadFile
InternetConnectA
HttpQueryInfoA

Sections

.text
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

da52c5d05cdebd728ad0ac73ac2f3497

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

shlwapi

ws2_32

wininet

Sections

.text Size: 112KB - Virtual size: 109KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 8KB - Virtual size: 10KB

.text
Size: 112KB - Virtual size: 109KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 8KB - Virtual size: 10KB