cf70b9c4e47dff364e036e4571ffa790N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

cf70b9c4e47dff364e036e4571ffa790N.exe
Size

98KB
MD5

cf70b9c4e47dff364e036e4571ffa790
SHA1

739c53f7a0bef1411f8e45f8b32d9da0f5bda70d
SHA256

1bc297d581dfe74439a66600c8de8bc01f770bd20f4c5f3c918ab3c2f3ce48ca
SHA512

53d0b22c16a38054d08b27ec2eb44417ffbb7e2d550b0355d180b03d319de2eaef338fd81f4b469e99fc7fa5c7d15ec8c8bf5c3cd649b592c67fdb7e0ab05489
SSDEEP

3072:kXZ2oHWz61IqEehfi/uT4ZRVpvE0ub81stcm8gKuxDT3TbjTNWi0l:k2Q4dqE8fi/ucZXHRg33vvNWi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf70b9c4e47dff364e036e4571ffa790N.exe

Files

cf70b9c4e47dff364e036e4571ffa790N.exe
.exe windows:4 windows x86 arch:x86

9ac2fa130fd2a5ee2584ab329989cacf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDiskFreeSpaceExW
DeviceIoControl
GetDriveTypeW
Sleep
GetLogicalDrives
GetLastError
GetLogicalDriveStringsW
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleHandleW
SetLastError
VirtualQueryEx
ReadProcessMemory
GetThreadContext
CreateProcessA
TerminateProcess
WaitForSingleObject
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualProtectEx
VirtualAllocEx
VirtualAlloc
GlobalMemoryStatusEx
GetTickCount
GlobalFree
GlobalUnlock
GlobalLock
DefineDosDeviceW
CreateToolhelp32Snapshot
OpenProcess
GetCurrentProcessId
Process32NextW
Process32FirstW
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
SetEnvironmentVariableW
PulseEvent
ExpandEnvironmentStringsW
ResetEvent
CreateEventW
SetProcessWorkingSetSize
QueryDosDeviceW
RemoveDirectoryW
CopyFileW
SearchPathW
GetCurrentProcess
SetSystemPowerState
GetModuleFileNameA
SetCurrentDirectoryW
GetLocalTime
GetCommandLineW
GetStartupInfoW
GetModuleFileNameW
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
CreateProcessW
GetSystemDefaultLangID
CreateThread
GetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesExW
DeleteFileW
GetFileSize
SetFilePointer
ReadFile
CloseHandle
CreateFileW
lstrcmpiW
lstrcmpW
lstrcatW
lstrcpyW
lstrlenW
lstrcatA
lstrlenA
WideCharToMultiByte
GlobalAlloc
MultiByteToWideChar

user32

CreatePopupMenu
AppendMenuW
DestroyMenu
GetClientRect
GetWindowThreadProcessId
FindWindowExW
CreateMenu
DestroyIcon
UnregisterHotKey
SetFocus
wsprintfW
MessageBoxW
CharUpperW
GetKeyboardState
GetAsyncKeyState
EqualRect
GetSystemMetrics
SetRectEmpty
CopyRect
SetActiveWindow
GetParent
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
SendMessageTimeoutW
RegisterHotKey
SetWindowLongW
DestroyWindow
GetWindowLongW
DialogBoxParamW
SetCursor
GetMessageW
TranslateMessage
DispatchMessageW
GetDlgItem
SetDlgItemTextW
DefWindowProcW
LoadIconW
KillTimer
SetTimer
ShowWindow
GetWindowTextW
CallWindowProcW
DrawIconEx
GetWindowRect
PtInRect
LoadCursorW
RegisterClassExW
CreateWindowExW
GetCursorPos
SetForegroundWindow
TrackPopupMenu
PostMessageW
LoadStringW
FindWindowW
keybd_event
ChangeDisplaySettingsW
EnumDisplaySettingsW
DialogBoxIndirectParamW
InvalidateRect
GetDC
ReleaseDC
EndDialog
SetWindowPos
FillRect
BeginPaint
EndPaint
PostQuitMessage
SetLayeredWindowAttributes
DrawTextW
SetWindowTextW
SendMessageW
EnableWindow
EnableMenuItem
GetKeyState

gdi32

SetBkColor
AddFontResourceW
DeleteObject
CreateSolidBrush
SetBkMode
SetTextColor
SelectObject
GetStockObject
CreateFontW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

ControlService
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenSCManagerW
OpenServiceW
CloseServiceHandle
StartServiceW

shell32

SHGetSpecialFolderPathW
SHFileOperationW
SHGetFileInfoW
ExtractIconW
Shell_NotifyIconW
DragAcceptFiles
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
DragFinish
DragQueryFileW
SHChangeNotify

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CreateStreamOnHGlobal

shlwapi

StrCpyNW
StrCmpNW
StrCmpNIW
StrChrW
StrStrW
StrStrIW
StrToIntExW
SHDeleteValueW
SHDeleteKeyW
SHSetValueW
SHGetValueW
StrToIntW
StrRChrW

msvcrt

_wcmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_gcvt
atof
_purecall
??3@YAXPAX@Z
??2@YAPAXI@Z
memmove
memcpy
memset
free
realloc
malloc
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__wgetmainargs

setupapi

SetupDiGetINFClassW
SetupIterateCabinetW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW

Sections

WCMD
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ac2fa130fd2a5ee2584ab329989cacf

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

msvcrt

setupapi

Sections

WCMD Size: 67KB - Virtual size: 67KB

.data Size: 512B - Virtual size: 7KB

.rsrc Size: 29KB - Virtual size: 29KB

WCMD
Size: 67KB - Virtual size: 67KB

.data
Size: 512B - Virtual size: 7KB

.rsrc
Size: 29KB - Virtual size: 29KB