NPE[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NPE.exe
Size

2.8MB
MD5

63e19148f7d299583fb9be71d6af3dce
SHA1

7d44333bfeb3f2a7298a171c52322ef2bdf52ae5
SHA256

953b3511be0894e704a8550f746819d33ed755b45e156f7e6d35b0f5db54d9d3
SHA512

fa614083e92db241be728367889d344a4a023a9b7133406d4a375c1e32bcb78b4083a38be0df1a60af57f4f492c8f364d2209957369c63b89250cb8e312fa129
SSDEEP

49152:K1QBZKroWK4OA9NPUcxw7fonKFkYUpJpxc1nbTmFe3evcskR2DKxiX6jr:K1QBZWK4b9uBLMKTUpHWKIeEsy2Ddk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NPE.exe

Files

NPE.exe
.exe windows:5 windows x86 arch:x86

5eb64eebc920b71df7c7108341602879

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\bld_area\NMR_r3.1.1_10\bin\bin.iru\Danish\NPE.pdb

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

winhttp

WinHttpReceiveResponse

netapi32

NetShareGetInfo

setupapi

SetupDiGetDeviceInterfaceDetailW

psapi

GetPerformanceInfo

rpcrt4

UuidToStringW

ws2_32

WSASetLastError

wintrust

CryptCATAdminAcquireContext

crypt32

CertAddCertificateContextToStore

dnsapi

DnsQuery_W

sfc

SfcIsFileProtected

mpr

WNetGetResourceInformationW

user32

SetWindowLongW

comdlg32

GetOpenFileNameW

advapi32

GetServiceDisplayNameW

shell32

ord727

ole32

IIDFromString

oleaut32

SysStringLen

shlwapi

PathIsRelativeW

urlmon

FindMimeFromData

wininet

InternetGetLastResponseInfoA

oleacc

LresultFromObject

imm32

ImmReleaseContext

winmm

PlaySoundA

userenv

UnloadUserProfile

wtsapi32

WTSEnumerateSessionsW

version

GetFileVersionInfoW

iphlpapi

GetAdaptersInfo

gdi32

GetWindowOrgEx

comctl32

ImageList_GetIconSize

Sections

.text
Size: 2.7MB - Virtual size: 9.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5eb64eebc920b71df7c7108341602879

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

winhttp

netapi32

setupapi

psapi

rpcrt4

ws2_32

wintrust

crypt32

dnsapi

sfc

mpr

user32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

wininet

oleacc

imm32

winmm

userenv

wtsapi32

version

iphlpapi

gdi32

comctl32

Sections

.text Size: 2.7MB - Virtual size: 9.1MB

.rsrc Size: 152KB - Virtual size: 156KB

.reloc Size: 512B - Virtual size: 512B

.text
Size: 2.7MB - Virtual size: 9.1MB

.rsrc
Size: 152KB - Virtual size: 156KB

.reloc
Size: 512B - Virtual size: 512B