31e1d2ea374e76bac992cc59aa9c3210N[.]exe

General

Target

31e1d2ea374e76bac992cc59aa9c3210N.exe
Size

43KB
MD5

31e1d2ea374e76bac992cc59aa9c3210
SHA1

47b36b23c50f717773b6f050a1df8c6121985ddc
SHA256

e8e282e9b16cbb0c00ae7fbc6e37ad41a6c02a3eb46be082c1e0a33e0ea162ac
SHA512

3d4ff57980a04176d74e3beff964eb38cb99774ab71e448dc5bab8d943ec979d7a44f565990e4180cd74c0197e88815693c1e837bd35e650ba599537bb5d6dc7
SSDEEP

768:k6F9VR14LrEuTgD+JrRigiN0IvAbuTkV7g/fCAsKSlVc7:5fVR1SpxtxieIvA+Q7CfCAsKQVc7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31e1d2ea374e76bac992cc59aa9c3210N.exe

Files

31e1d2ea374e76bac992cc59aa9c3210N.exe
.dll windows:3 windows x86 arch:x86

d7a3c0adf7c08340a1835e10424147ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

crtdll

_stricmp
printf
_itoa
sprintf
vsprintf
rand
mbstowcs
srand

ntdll

NtClose

user32

CharToOemA

advapi32

RegOpenKeyExA
RegEnumKeyExA
OpenServiceA
QueryServiceStatus
OpenSCManagerA
GetSidLengthRequired
InitializeSid
CloseServiceHandle
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetSecurityDescriptorOwner
RegCloseKey
RegQueryValueExA
RegQueryInfoKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorGroup
GetLengthSid
SetSecurityDescriptorDacl
InitializeAcl
AddAccessAllowedAce
GetSidSubAuthority

kernel32

ExpandEnvironmentStringsA
LocalFree
GetLastError
GetProcAddress
LoadLibraryA
WriteFileEx
LocalAlloc
CreateFileA
CreateThread
CreateMutexA
CreateEventA
CloseHandle
SetEvent
ConnectNamedPipe
ResetEvent
CreateNamedPipeA
ReadFileEx
ReleaseMutex
WaitForMultipleObjectsEx
WaitForSingleObjectEx
DisconnectNamedPipe
FlushFileBuffers
GetTickCount
LocalReAlloc
GetComputerNameA
GetSystemTime
WriteFile
WaitForSingleObject
Sleep

rasman

RasFreeBuffer
RasPortReceive
RasPortCancelReceive
RasGetFramingCapabilities
RasPortSetFramingEx
RasGetInfo
RasPortSend
RasGetBuffer

Exports

Exports

StartPPP
StopPPP

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7a3c0adf7c08340a1835e10424147ad

Headers

File Characteristics

Imports

crtdll

ntdll

user32

advapi32

kernel32

rasman

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 31KB

.data Size: 6KB - Virtual size: 6KB

.rsrc Size: 1024B - Virtual size: 936B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 31KB - Virtual size: 31KB

.data
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 2KB - Virtual size: 1KB