1fddab48d8388239e3c06941187bca5f5c9875c6c2869b385b418cad390f1e93N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1fddab48d8388239e3c06941187bca5f5c9875c6c2869b385b418cad390f1e93N.exe
Size

759KB
MD5

ed7097651050c680e105f21ad6ce2e10
SHA1

caed6a2ff6dd9d147643879653cbb341169f79c1
SHA256

1fddab48d8388239e3c06941187bca5f5c9875c6c2869b385b418cad390f1e93
SHA512

72f40910f5defad380fa9afe56d69113e5f5a1fca1acef85cd9742dde6829bb11f2e339c775b07798bb53555108fc40d429194eea11f54dfe9ddcaf201cc328c
SSDEEP

12288:cixrzWLIdSkCbg+LJNWPZ2fzARLmBU2qq2TEsl8oL9D83HY:Nxr4IdShdXWB2fzuyU2qVRl8883

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1fddab48d8388239e3c06941187bca5f5c9875c6c2869b385b418cad390f1e93N.exe

Files

1fddab48d8388239e3c06941187bca5f5c9875c6c2869b385b418cad390f1e93N.exe
.exe windows:4 windows x86 arch:x86

5cdf70d52c9c5dc47d5daa6a0d017e56

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\src\googleclient\total_recall_r5_batman\build\release\obj\trs\GoogleDesktopIndex.pdb

Imports

advapi32

RegDeleteKeyW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW
CheckTokenMembership
AllocateAndInitializeSid
FileEncryptionStatusW
LogonUserW
IsTextUnicode
CryptReleaseContext
CryptAcquireContextW
CryptGenRandom
LookupAccountSidW
CryptGetHashParam
CryptSetHashParam
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptDestroyHash
RegEnumValueW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
SetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorA
ConvertSidToStringSidW
GetSecurityDescriptorSacl
CreateProcessAsUserW
SetTokenInformation
ConvertStringSidToSidW
DuplicateTokenEx
AdjustTokenPrivileges
PrivilegeCheck
LookupPrivilegeValueW
SetFileSecurityW
EncryptFileW
GetNamedSecurityInfoW
CryptDestroyKey
GetLengthSid
GetTokenInformation
OpenProcessToken
RegQueryValueExW
FreeSid

googledesktopapi2

ord18
ord19
ord14
ord16
ord22
ord17

comctl32

_TrackMouseEvent
InitCommonControlsEx

ws2_32

closesocket
shutdown
WSACleanup
WSAStartup
recv
listen
accept
WSAGetLastError
socket
htons
gethostbyname
inet_ntoa
getsockname
ntohs
bind
send

ole32

CLSIDFromProgID
CLSIDFromString
CoUninitialize
StringFromGUID2
CoCreateInstance
CoResumeClassObjects
CoInitializeEx
CoRegisterClassObject
CoRevokeClassObject
CoSuspendClassObjects
CoCreateGuid
CoTaskMemAlloc
CoTaskMemFree
OleRegGetUserType
CoLockObjectExternal
CreateBindCtx
CoDisconnectObject

oleaut32

SysFreeString
SysAllocString
RegisterTypeLi
UnRegisterTypeLi
OleLoadPictureEx
VariantClear
VariantInit
VariantTimeToSystemTime
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCopy
SafeArrayUnaccessData
SafeArrayAccessData
SystemTimeToVariantTime
SysAllocStringByteLen
VariantCopy
SafeArrayCreate
SafeArrayDestroy
GetActiveObject
LoadRegTypeLi
RevokeActiveObject
RegisterActiveObject
SysAllocStringLen
SysStringLen
VariantChangeType
SafeArrayLock
SafeArrayRedim
SafeArrayUnlock
SysStringByteLen
LoadTypeLi

wininet

InternetGetCookieW
InternetOpenUrlW
InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
InternetErrorDlg
HttpQueryInfoW
InternetSetOptionW
InternetQueryOptionW
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetSetStatusCallbackW
InternetOpenW
InternetGoOnlineW
InternetGetConnectedState
HttpOpenRequestW
HttpSendRequestW
InternetOpenA
InternetConnectW
InternetConnectA

psapi

GetProcessMemoryInfo

googledesktophyper

NewHyperPane

kernel32

RtlUnwind
CreateFileMappingA
GetProcessTimes
GetStringTypeExA
ReadDirectoryChangesW
CancelIo
LoadLibraryA
LocalAlloc
OpenMutexW
QueueUserWorkItem
QueryPerformanceFrequency
LoadLibraryExW
ExitThread
CompareStringA
GetNumberFormatW
GetTimeFormatW
GetLocaleInfoW
GetDateFormatW
GetUserDefaultLCID
GetDriveTypeW
GetLogicalDriveStringsW
ExpandEnvironmentStringsW
GlobalFree
SetEndOfFile
GetFileTime
GetOverlappedResult
QueryPerformanceCounter
GetSystemPowerStatus
GetLastError
GetVersionExW
lstrcmpW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
FlushInstructionCache
HeapAlloc
lstrcpynW
FindResourceW
LoadResource
GetCurrentProcess
lstrcpyW
InitializeCriticalSection
lstrlenW
GetCurrentThreadId
DeleteCriticalSection
LockResource
GetProcessHeap
HeapFree
GetCurrentProcessId
RaiseException
EnterCriticalSection
LeaveCriticalSection
SizeofResource
FindResourceExW
lstrcatW
FreeLibrary
CloseHandle
LoadLibraryW
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
GetCommandLineW
ExitProcess
CreateEventW
SetEvent
UnmapViewOfFile
WaitForSingleObject
Sleep
MultiByteToWideChar
CreateFileW
CreateFileMappingW
MapViewOfFile
CreateThread
HeapReAlloc
GetStartupInfoA
GetModuleHandleA
GetVersionExA
HeapDestroy
HeapSize
FindClose
FindFirstFileW
FindNextFileW
lstrcmpiW
InterlockedCompareExchange
SetLastError
GetProcAddress
OpenProcess
ReadProcessMemory
OutputDebugStringW
CreateDirectoryW
FlushFileBuffers
GetFileSize
SetFilePointer
ReadFile
GetEnvironmentVariableW
SetUnhandledExceptionFilter
WideCharToMultiByte
WriteFile
GetSystemTime
CreateMutexW
ReleaseMutex
TryEnterCriticalSection
GetTickCount
ResetEvent
WaitForMultipleObjects
FreeResource
GetVolumeInformationW
GlobalAlloc
GlobalLock
GlobalUnlock
FreeConsole
SetThreadExecutionState
SleepEx
SetFileTime
lstrcpynA
SetProcessWorkingSetSize
lstrlenA
GetStringTypeW
GetStringTypeExW
GetShortPathNameW
SetWaitableTimer
CancelWaitableTimer
CreateWaitableTimerW
DeleteFileW
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
GetLocalTime
LocalFileTimeToFileTime
lstrcmpA
CreateRemoteThread
VirtualAllocEx
VirtualFreeEx
WriteProcessMemory
GetExitCodeThread
FormatMessageW
LocalFree
SetFileAttributesW
GetFileAttributesExW
MoveFileW
CopyFileW
RemoveDirectoryW
GetFileAttributesW
MoveFileExW
OpenThread
ResumeThread
CreateProcessW
GetTempPathW
OpenEventW
SetErrorMode
DeviceIoControl
GetDiskFreeSpaceExW
GetProcessWorkingSetSize
GetModuleHandleW
TerminateThread
QueueUserAPC
VirtualQuery
GetLongPathNameW
GetComputerNameW

user32

SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
SetWindowPos
GetWindowRect
GetClientRect
ScreenToClient
BeginPaint
EndPaint
GetDC
ReleaseDC
InvalidateRect
ShowWindow
IsWindowVisible
SetTimer
KillTimer
SetFocus
GetWindow
IsChild
GetParent
HideCaret
ShowCaret
GetWindowRgn
SetWindowRgn
GetWindowThreadProcessId
GetClassNameW
SystemParametersInfoW
UnregisterClassW
FillRect
DefWindowProcW
GetClassInfoExW
LoadCursorW
RegisterClassExW
wsprintfW
CopyRect
InflateRect
OffsetRect
FindWindowW
SetWinEventHook
UnhookWinEvent
GetForegroundWindow
GetCursorPos
MonitorFromPoint
GetMonitorInfoW
SetLayeredWindowAttributes
SetForegroundWindow
DrawTextW
TranslateAcceleratorW
CallWindowProcW
PostQuitMessage
PeekMessageW
TranslateMessage
DispatchMessageW
PostMessageW
PostThreadMessageW
CharUpperW
CharNextW
GetKeyState
IsCharAlphaNumericW
MessageBoxW
SendMessageTimeoutW
FindWindowExW
wvsprintfW
SetRectEmpty
DestroyAcceleratorTable
CreateAcceleratorTableW
GetCaretPos
ReleaseCapture
PtInRect
SetCapture
SetActiveWindow
AttachThreadInput
DestroyWindow
EnumWindows
RealGetWindowClassW
CharLowerW
IsCharUpperW
CharLowerA
IsCharAlphaW
wvsprintfA
GetDesktopWindow
CharNextA
GetLastInputInfo
MsgWaitForMultipleObjectsEx
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetMessageW
WaitForInputIdle
GetQueueStatus
GetSystemMetrics
GetGUIThreadInfo
MsgWaitForMultipleObjects
SendMessageW
GetDlgItem
IsDialogMessageW
CreateDialogParamW
IsWindow
SetWindowLongW
GetWindowLongW
CreateWindowExW
EnumChildWindows

Sections

.text
Size: 613KB - Virtual size: 613KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5cdf70d52c9c5dc47d5daa6a0d017e56

Headers

File Characteristics

PDB Paths

Imports

advapi32

googledesktopapi2

comctl32

ws2_32

ole32

oleaut32

wininet

psapi

googledesktophyper

kernel32

user32

Sections

.text Size: 613KB - Virtual size: 613KB

.rdata Size: 118KB - Virtual size: 117KB

.data Size: 12KB - Virtual size: 50KB

.rsrc Size: 15KB - Virtual size: 14KB

.text
Size: 613KB - Virtual size: 613KB

.rdata
Size: 118KB - Virtual size: 117KB

.data
Size: 12KB - Virtual size: 50KB

.rsrc
Size: 15KB - Virtual size: 14KB