31410c3221706e51b8eb609bc03c8610N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

31410c3221706e51b8eb609bc03c8610N.exe
Size

5.1MB
MD5

31410c3221706e51b8eb609bc03c8610
SHA1

0598ec252d6a74d16d366ed869deb5fcd22fd997
SHA256

195f221b2240072dcaefdb65a449eb7f5c3e3a5b392d49530ea1cb83d9766ae1
SHA512

c72ba62a1b8546e45d5d9d0209b6c091b6217e54b406e0c776b18e0cc75928bccec6326a7f92a794221b86a1203fe5298dc7a3b199f6e3eefeb6f4ef1aed00a9
SSDEEP

98304:bXUm8EsvxA+wjgJf6PD3Nmn7AJEgLYXMKUCCCNYzQEr0WO0Yk847QwJc+ZXr:QmH2JiPD3Nm7AJEgLYX8CNYzQEr0WO0F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31410c3221706e51b8eb609bc03c8610N.exe

Files

31410c3221706e51b8eb609bc03c8610N.exe
.exe windows:4 windows x86 arch:x86

3c2815c82be1e401e611741af831ecb9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingA
GetFileSize
ReadFile
SetFilePointer
DuplicateHandle
GetModuleHandleA
MultiByteToWideChar
TerminateThread
Sleep
OpenProcess
IsBadReadPtr
SetLastError
GetVersionExA
FreeLibrary
WaitForSingleObject
ResumeThread
SetThreadContext
GetThreadContext
CreateEventA
SuspendThread
CopyFileA
GetSystemTime
TerminateProcess
FindNextFileA
EndUpdateResourceA
UpdateResourceA
BeginUpdateResourceA
GetSystemDefaultLangID
lstrcpyW
lstrlenW
CreateProcessA
CreateDirectoryA
RemoveDirectoryA
MoveFileA
ExpandEnvironmentStringsA
GetWindowsDirectoryW
InitializeCriticalSection
GetLastError
SetEnvironmentVariableA
CompareStringW
CompareStringA
lstrlenA
FlushFileBuffers
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
InterlockedIncrement
InterlockedDecrement
SetUnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
IsBadWritePtr
HeapCreate
HeapDestroy
GetEnvironmentVariableA
HeapSize
HeapReAlloc
UnhandledExceptionFilter
HeapAlloc
TlsAlloc
GetCurrentThreadId
VirtualFree
lstrcatA
LoadLibraryA
GetProcAddress
CreateFileA
WriteFile
GetCurrentDirectoryA
FindFirstFileA
FindClose
LocalFree
MapViewOfFile
UnmapViewOfFile
GetCurrentProcessId
GetSystemDirectoryA
SetFileAttributesA
DeleteFileA
GetModuleFileNameA
VirtualProtect
VirtualAlloc
WinExec
CreateToolhelp32Snapshot
Process32First
Process32Next
Module32First
RaiseException
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
HeapFree
RtlUnwind
GetLocalTime
GetTimeZoneInformation
ExitThread
TlsGetValue
TlsSetValue
CreateThread
Module32Next
lstrcpyA
CloseHandle
GetCurrentProcess

user32

GetClassNameA
IsWindow
GetWindow
GetWindowThreadProcessId
IsWindowVisible
FindWindowA
GetWindowTextA
wsprintfA
SendMessageA
MessageBoxA
LoadIconA
SystemParametersInfoA
EnableWindow
SetDlgItemTextA
GetDlgItemTextA
GetClassNameW
GetTopWindow
GetKeyboardLayoutNameA
GetKeyboardLayoutList
UnloadKeyboardLayout
ReleaseCapture
ClientToScreen
SetCursor
SetCapture
LoadBitmapA
LoadCursorA
WindowFromPoint
GetParent
PtInRect
GetWindowDC
GetWindowRect
OffsetRect
IsRectEmpty
ReleaseDC
DialogBoxParamA
GetClassInfoExA
RegisterClassExA
WaitForInputIdle
PeekMessageA
TranslateMessage
DispatchMessageA
PostMessageA
GetDlgItem

gdi32

PatBlt
CreateFontA

advapi32

RegEnumValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCreateKeyA
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
SetEntriesInAclA
BuildExplicitAccessWithNameA
SetNamedSecurityInfoA
RegDeleteKeyA
RegOpenKeyA
RegCloseKey

shell32

ShellExecuteA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteExA

ole32

CoCreateGuid

ws2_32

connect
socket
closesocket
send
inet_addr
htons
select
inet_ntoa
gethostbyname
WSAStartup
recv
__WSAFDIsSet

imm32

ImmGetDescriptionA
ImmIsIME

shlwapi

PathFileExistsA
PathFindExtensionA
PathFindFileNameA
StrCatW
PathRenameExtensionA
PathRemoveFileSpecA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Sections

.text
Size: 200KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 976KB - Virtual size: 973KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c2815c82be1e401e611741af831ecb9

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

ws2_32

imm32

shlwapi

version

Sections

.text Size: 200KB - Virtual size: 196KB

.rdata Size: 3.8MB - Virtual size: 3.8MB

.data Size: 16KB - Virtual size: 63KB

.text0 Size: 68KB - Virtual size: 64KB

.text1 Size: 976KB - Virtual size: 973KB

.rsrc Size: 68KB - Virtual size: 64KB

.text
Size: 200KB - Virtual size: 196KB

.rdata
Size: 3.8MB - Virtual size: 3.8MB

.data
Size: 16KB - Virtual size: 63KB

.text0
Size: 68KB - Virtual size: 64KB

.text1
Size: 976KB - Virtual size: 973KB

.rsrc
Size: 68KB - Virtual size: 64KB