a7e7b6db0dff732f84975f9a363db3b0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a7e7b6db0dff732f84975f9a363db3b0N.exe
Size

1.4MB
MD5

a7e7b6db0dff732f84975f9a363db3b0
SHA1

b2b6b7290708a641362de5598ef0377e19c094ff
SHA256

b9943eb22e6f63fbff5f57483dfd5c3d520022dc0bd42272d141ccda59036be1
SHA512

2ca2ac497e131f73557dd9cf2ecd73f042edfbcf09345c6527d59855168833af67b8ddff2d20a507bfb579dd93672c1055e9bd18c0ef62c14d0fff07233b3707
SSDEEP

24576:ZSz/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:CLNiXicJFFRGNzj3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7e7b6db0dff732f84975f9a363db3b0N.exe

Files

a7e7b6db0dff732f84975f9a363db3b0N.exe
.exe windows:6 windows x86 arch:x86

055989250b50f1ae3ede84e2a16ca854

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ADelRCP_Exec.pdb

Imports

msi

ord8
ord167
ord103
ord74
ord145
ord125
ord17
ord205
ord70

kernel32

OutputDebugStringW
VirtualQuery
LoadLibraryExW
GetLastError
Sleep
CreateProcessW
GetSystemTime
GetSystemDirectoryW
FreeLibrary
GetModuleFileNameW
GetProcAddress
LocalFree
FormatMessageW
lstrcmpW
lstrcmpiW
lstrcpyW
lstrcatW
lstrlenW
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
CloseHandle
RaiseException
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
IsProcessorFeaturePresent
OpenProcess
GetWindowsDirectoryW
GetModuleHandleW
SystemTimeToFileTime
GetFullPathNameW
GetCurrentProcessId
ProcessIdToSessionId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcess
IsDebuggerPresent
EncodePointer
DecodePointer

advapi32

AllocateAndInitializeSid
RegDeleteKeyExW
CreateProcessWithTokenW
EqualSid
DuplicateTokenEx
CreateProcessAsUserW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
ConvertSidToStringSidW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

shell32

SHGetKnownFolderPath
SHChangeNotify
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CLSIDFromString
CoTaskMemFree
CoInitializeEx

msvcr120

_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_except1
??1type_info@@UAE@XZ
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except_handler4_common
?terminate@@YAXXZ
wcstok
_wcslwr
wcschr
_wsplitpath_s
wcsncpy_s
wcscpy_s
_wcsicmp
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
wcscat_s
wcscmp
wcslen
wcsstr
_wassert
__CxxFrameHandler3
_purecall
fclose
fflush
fgetc
fgetpos
fputc
fsetpos
_fseeki64
fwrite
setvbuf
ungetc
_vsnwprintf
_lock_file
_unlock_file
calloc
free
malloc
_recalloc
_itow_s
memcmp
memcpy
memcpy_s
strlen
memmove
_wcslwr_s
??_V@YAXPAX@Z
??_U@YAPAXI@Z
longjmp
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
_CxxThrowException
_setjmp3

msvcp120

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0id@locale@std@@QAE@I@Z
?_Xout_of_range@std@@YAXPBD@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

055989250b50f1ae3ede84e2a16ca854

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

kernel32

advapi32

shell32

ole32

msvcr120

msvcp120

Sections

.text Size: 82KB - Virtual size: 82KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 1024B - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 52B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1.2MB - Virtual size: 1.9MB

.text
Size: 82KB - Virtual size: 82KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 1024B - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 52B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1.2MB - Virtual size: 1.9MB