49e5f42166c761a549e7633dd5353954548c5c44a71457e2d8652264237c3cfdN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

49e5f42166c761a549e7633dd5353954548c5c44a71457e2d8652264237c3cfdN.exe
Size

1.4MB
MD5

3352bcb6f70129b0ff8afe5f8d0826e0
SHA1

59f06944ad50b2f9beba999a3c96f20f72c38aed
SHA256

49e5f42166c761a549e7633dd5353954548c5c44a71457e2d8652264237c3cfd
SHA512

7fe93e77be848b0332ee57c661911b45789d6b09087226e1d70f18aa360c870e2227e170d5c94ec5ae7250ca319ec31f1d509cc283388bba5ad84a58320e8a4f
SSDEEP

24576:CH3jH7beweUO2FUK6q09eefQMdsFC85Xga7Fu2b2GCQIS8YVMsi37:CXjH7beweJCUKIfBdsFCqga7Pb2FQIS7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
49e5f42166c761a549e7633dd5353954548c5c44a71457e2d8652264237c3cfdN.exe

Files

49e5f42166c761a549e7633dd5353954548c5c44a71457e2d8652264237c3cfdN.exe
.exe windows:4 windows x64 arch:x64

6b8aacf742ed39ac7720a56e586fc3d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwindEx
VirtualQuery
__C_specific_handler
AddVectoredExceptionHandler
CancelIo
CloseHandle
CompareStringOrdinal
CopyFileExW
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileMappingA
CreateFileW
CreateHardLinkW
CreateMutexA
CreateNamedPipeW
CreateProcessW
CreateSymbolicLinkW
CreateThread
CreateTimerQueue
CreateToolhelp32Snapshot
CreateWaitableTimerExW
DeleteFileW
DeleteProcThreadAttributeList
DeleteTimerQueue
DeviceIoControl
DuplicateHandle
ExitProcess
FindClose
FindFirstFileW
FindFirstVolumeW
FindNextFileW
FindNextVolumeW
FindVolumeClose
FlushFileBuffers
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetCommandLineW
GetComputerNameExW
GetConsoleMode
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetDiskFreeSpaceExW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetLogicalProcessorInformationEx
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetProcessId
GetProcessIoCounters
GetProcessTimes
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTimePreciseAsFileTime
GetSystemTimes
GetTempPathW
GetTickCount64
GetVolumeInformationW
GetVolumePathNamesForVolumeNameW
GetWindowsDirectoryW
GlobalFree
GlobalMemoryStatusEx
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
InitOnceBeginInitialize
InitOnceComplete
InitializeProcThreadAttributeList
K32GetPerformanceInfo
LoadLibraryA
LoadLibraryExA
LocalFree
MapViewOfFile
Module32FirstW
Module32NextW
MoveFileExW
MultiByteToWideChar
OpenProcess
ProcessIdToSessionId
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleW
ReadFile
ReadFileEx
ReadProcessMemory
RegisterWaitForSingleObject
RemoveDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetCurrentDirectoryW
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SleepEx
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
UpdateProcThreadAttribute
VirtualAlloc
VirtualProtect
VirtualQueryEx
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFileEx

msvcrt

__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_commode
_fmode
_fpreset
_initterm
_onexit
abort
calloc
exit
fprintf
free
fwrite
malloc
memcmp
memcpy
memmove
memset
realloc
signal
strlen
strncmp
vfprintf
wcslen

ntdll

NtGetContextThread
NtOpenThread
NtSetContextThread
NtClose
NtCreateFile
NtQueryInformationProcess
NtQuerySystemInformation
NtReadFile
NtWriteFile
RtlGetVersion
RtlNtStatusToDosError

advapi32

ConvertSidToStringSidW
ConvertStringSidToSidW
CopySid
GetLengthSid
GetTokenInformation
IsValidSid
LookupAccountSidW
LsaClose
OpenProcessToken
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SystemFunction036

bcrypt

BCryptGenRandom

iphlpapi

FreeMibTable
GetAdaptersAddresses
GetIfEntry2
GetIfTable2

netapi32

NetApiBufferFree
NetGroupEnum
NetGroupGetInfo
NetUserEnum
NetUserGetInfo
NetUserGetLocalGroups

ole32

CoCreateGuid
CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
PropVariantClear
PropVariantCopy

oleaut32

GetErrorInfo
SetErrorInfo
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VariantClear
VariantCopy

pdh

PdhAddEnglishCounterA
PdhAddEnglishCounterW
PdhCloseQuery
PdhCollectQueryData
PdhCollectQueryDataEx
PdhGetFormattedCounterValue
PdhOpenQueryA
PdhRemoveCounter

powrprof

CallNtPowerInformation

propsys

PropVariantCompareEx
PropVariantToBSTR
PropVariantToBoolean
PropVariantToDouble
PropVariantToInt16
PropVariantToInt32
PropVariantToInt64
PropVariantToUInt16
PropVariantToUInt32
PropVariantToUInt64
PropVariantToVariant
VariantToBoolean
VariantToDouble
VariantToInt16
VariantToInt32
VariantToInt64
VariantToPropVariant
VariantToUInt16
VariantToUInt32
VariantToUInt64

psapi

GetModuleFileNameExW

secur32

LsaEnumerateLogonSessions
LsaFreeReturnBuffer
LsaGetLogonSessionData

shell32

CommandLineToArgvW

user32

UnregisterPowerSettingNotification

userenv

GetUserProfileDirectoryW

ws2_32

WSACleanup
WSADuplicateSocketW
WSAGetLastError
WSARecv
WSASend
WSASocketW
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockname
getsockopt
ioctlsocket
listen
recv
recvfrom
select
send
sendto
setsockopt
shutdown

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

bcryptprimitives

ProcessPrng

Sections

.text
Size: 984KB - Virtual size: 984KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 800B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b8aacf742ed39ac7720a56e586fc3d9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ntdll

advapi32

bcrypt

iphlpapi

netapi32

ole32

oleaut32

pdh

powrprof

propsys

psapi

secur32

shell32

user32

userenv

ws2_32

api-ms-win-core-synch-l1-2-0

bcryptprimitives

Sections

.text Size: 984KB - Virtual size: 984KB

.data Size: 1024B - Virtual size: 960B

.rdata Size: 284KB - Virtual size: 284KB

.pdata Size: 44KB - Virtual size: 43KB

.xdata Size: 61KB - Virtual size: 60KB

.bss Size: - Virtual size: 800B

.idata Size: 12KB - Virtual size: 11KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 984KB - Virtual size: 984KB

.data
Size: 1024B - Virtual size: 960B

.rdata
Size: 284KB - Virtual size: 284KB

.pdata
Size: 44KB - Virtual size: 43KB

.xdata
Size: 61KB - Virtual size: 60KB

.bss
Size: - Virtual size: 800B

.idata
Size: 12KB - Virtual size: 11KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 5KB - Virtual size: 4KB