f48ee1e1330cb00fd6ce318d6ce49bc0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

f48ee1e1330cb00fd6ce318d6ce49bc0N.exe
Size

204KB
MD5

f48ee1e1330cb00fd6ce318d6ce49bc0
SHA1

5f1359e70944007bc84bd1a0737d00ad07521dbb
SHA256

beabed7a594bd955ee9f1b17bdd1a5c7be1e35ba29d50df6c649e87591b3af31
SHA512

5b967fec5d9992152259d31bbd817e15e0398d9fb1ee6aa6d1286c65ec4c4057c1d48858f6df406ecbf9d22a62c476e396467a0ef667584db0043632c74b38d7
SSDEEP

1536:w3fH7NX3rli/ga4ip/ri/RZ/deOLnDBPzCVRTQ/4nQYN:wvV3rZWpMjnDxCvTQ/yn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f48ee1e1330cb00fd6ce318d6ce49bc0N.exe

Files

f48ee1e1330cb00fd6ce318d6ce49bc0N.exe
.dll regsvr32 windows:4 windows x86 arch:x86

11ea06292003238e659cbc760a5f0a52

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
lstrlenA
GetShortPathNameA
GetModuleHandleA
GetModuleFileNameA
MultiByteToWideChar
lstrlenW
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
OutputDebugStringA
GetLocalTime
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
CloseHandle
WaitForSingleObject
Sleep
GetLastError
LocalFree

user32

GetWindowLongA
DefWindowProcA
RegisterClassA
CreateWindowExA
SetWindowLongA
PostMessageA
DestroyWindow
CharNextA

ole32

CoCreateInstance

oleaut32

SystemTimeToVariantTime
VariantCopy
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantChangeType
VariantInit
VariantTimeToSystemTime
SysStringLen
LoadRegTypeLi
RegisterTypeLi
SysAllocString
LoadTypeLi
SysFreeString
SetErrorInfo
GetErrorInfo
CreateErrorInfo

metadatasocketlib

?SendMetaDataMessage@CMetaDataSocketClient@@QAE_NPAUMETADATAMESSAGE@@@Z
?IsConnected@CMetaDataSocketClient@@QAE_NXZ
?Connect@CMetaDataSocketClient@@QAE_NPBDI@Z
?GetEvent@CMetaDataSocketClient@@QAEPAUMETADATAMESSAGE@@H@Z
?CloseClient@CMetaDataSocketClient@@QAEXXZ
??1CMetaDataSocketClient@@UAE@XZ
??0CMetaDataSocketClient@@QAE@XZ
?OnDataArrive@CMetaDataSocketClient@@EAEXPADH@Z
?OnClose@CMetaDataSocketClient@@EAEXXZ

metadatadll

??1CMetaData@@UAE@XZ
??0CMetaData@@QAE@PBD0@Z
??0CMetaDataStorage@@QAE@XZ
??1CMetaDataStorage@@UAE@XZ
??0CMetaData@@QAE@PBDABVDataStorageRoot@@@Z
??0CMetaData@@QAE@PBDABU_SYSTEMTIME@@@Z
??0CMetaData@@QAE@PBDN@Z
?getstring@CMetaData@@QBEPADXZ
?getlong@CMetaData@@QBEJXZ
?getdatatype@CMetaData@@QAE?AW4DATATYPE@@XZ
?Dump@CMetaDataStorage@@QAEXPBDPADH@Z
?endenum@CMetaDataStorage@@QAEXXZ
?gettime@CMetaData@@QBEPAU_SYSTEMTIME@@XZ
?getdouble@CMetaData@@QBENXZ
?getname@CMetaData@@QBEPBDXZ
?getnext@CMetaDataStorage@@QAEPAVCMetaData@@XZ
?beginenum@CMetaDataStorage@@QAEXXZ
??0CMetaData@@QAE@PBDJ@Z
?exist@CMetaDataStorage@@UAE_NPBD@Z
?store@CMetaDataStorage@@UAE_NABVCMetaData@@@Z
?get@CMetaDataStorage@@UAEPAVCMetaData@@PBD@Z
?Marshal@CMetaDataStorage@@UAE_NPAEPAH@Z
?Unmarshal@CMetaDataStorage@@UAE_NPAEH@Z
?allocnew@CMetaDataStorage@@UAEPAVDataStorageRoot@@XZ

msvcp60d

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z

msvcrtd

?terminate@@YAXXZ
_except_handler3
_CxxThrowException
wcslen
free
_beginthreadex
fprintf
fflush
_mbscmp
strlen
__dllonexit
fclose
fopen
strrchr
_snprintf
malloc
memset
realloc
_purecall
_vsnprintf
??2@YAPAXI@Z
__CxxFrameHandler
memcmp
_CrtDbgReport
memcpy
_chkesp
_onexit
??1type_info@@UAE@XZ
_mbsnbcpy
_adjust_fdiv
_malloc_dbg
_initterm
_free_dbg

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11ea06292003238e659cbc760a5f0a52

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

metadatasocketlib

metadatadll

msvcp60d

msvcrtd

Exports

Exports

Sections

.text Size: 160KB - Virtual size: 157KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 4KB

.idata Size: 8KB - Virtual size: 5KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 160KB - Virtual size: 157KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 4KB

.idata
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 8KB - Virtual size: 4KB