9d79544b3f99a62fa1d1cf853a4a3dfaf31444273cb963ad0364b757681770caN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

9d79544b3f99a62fa1d1cf853a4a3dfaf31444273cb963ad0364b757681770caN.exe
Size

1.5MB
MD5

daaa34aa7621215daff4bfd9469393f0
SHA1

95ce11718cc2ae82917b3175ed601804e56d52cd
SHA256

9d79544b3f99a62fa1d1cf853a4a3dfaf31444273cb963ad0364b757681770ca
SHA512

8451ddc90d70619db134b46c1d95814be3d0f2573018c3faa4691c4f20b419bad9f8387d3ef173e8f81b085e4c0eb742f672056ae13e1cdb8c39d2b60ee50b3e
SSDEEP

24576:wDpO8P02DQpC/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:H8P0BYLNiXicJFFRGNzj3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9d79544b3f99a62fa1d1cf853a4a3dfaf31444273cb963ad0364b757681770caN.exe

Files

9d79544b3f99a62fa1d1cf853a4a3dfaf31444273cb963ad0364b757681770caN.exe
.exe windows:5 windows x86 arch:x86

d293e2575041ee43baa162202c75b0a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\BuildEngineSpace\Temp\04607ae1-c80e-4ff0-9045-cd3585b1654c\build\Win32\Release\mccleanup.pdb

Imports

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsA

advapi32

CryptAcquireContextW
CryptHashData
CryptGetHashParam
RegCloseKey
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegEnumKeyExA
RegSetValueExA
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegDeleteValueA
RegDeleteValueW
RegQueryInfoKeyA
GetTokenInformation
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
RegDeleteKeyA
RegGetKeySecurity
RegSetKeySecurity
CloseServiceHandle
ControlService
OpenSCManagerA
OpenServiceA
QueryServiceStatus
QueryServiceStatusEx
StartServiceA
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
CryptDestroyHash
CryptReleaseContext
RegQueryValueExW
RegOpenKeyExW
CryptCreateHash

userenv

GetProfilesDirectoryA
GetAllUsersProfileDirectoryA

kernel32

HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
VerSetConditionMask
FreeLibrary
GetProcAddress
lstrcpyA
lstrlenA
GetLogicalDriveStringsA
LoadLibraryA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GetDriveTypeA
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
VerifyVersionInfoA
WideCharToMultiByte
GetPrivateProfileSectionA
GetCurrentProcess
GetModuleHandleA
WriteFile
SetFilePointer
CloseHandle
CreateFileA
LockResource
LocalAlloc
LocalFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
LoadResource
SizeofResource
FindResourceW
FindResourceExW
GetVersionExA
FreeConsole
GetShortPathNameW
WaitForSingleObject
GetFileSize
ReadFile
HeapDestroy
GetModuleFileNameA
CreateProcessA
GetTempFileNameW
GetCurrentDirectoryW
CreateDirectoryW
RemoveDirectoryA
RemoveDirectoryW
SetFileAttributesA
SetFileAttributesW
GetFileAttributesA
GetFileAttributesW
DeleteFileA
DeleteFileW
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
CopyFileW
MoveFileA
MoveFileExA
MoveFileExW
GetVersionExW
MultiByteToWideChar
InterlockedDecrement
GetTickCount
GetModuleFileNameW
SetNamedPipeHandleState
SetEndOfFile
WaitNamedPipeA
CreateDirectoryA
LoadLibraryW
LoadLibraryExW
GetModuleHandleW
CreateFileW
DeviceIoControl
GetCurrentProcessId
GetCurrentThreadId
SetFilePointerEx
GetConsoleMode
GetConsoleCP
OutputDebugStringW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeW
GetFileType
GetTimeZoneInformation
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetStdHandle
SetLastError
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetCommandLineA
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
SetStdHandle
FlushFileBuffers
ReadConsoleW
WriteConsoleW
SetEnvironmentVariableA
FindClose
CreateEventA
EncodePointer
RtlUnwind
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
GetSystemTimeAsFileTime

user32

CharNextA
WaitForInputIdle
MessageBoxA

shell32

SHGetFolderPathW
SHGetSpecialFolderPathA
ShellExecuteExA

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree

oleaut32

SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
VarUdateFromDate
SysFreeString
VariantInit
VariantClear
VariantChangeType

shlwapi

PathCombineA
PathAddBackslashA
PathAppendA
PathRemoveFileSpecA
StrTrimA
PathStripPathA
SHGetValueA
SHSetValueA
wnsprintfW
PathStripToRootA
PathFileExistsA
SHDeleteKeyA
PathRemoveBackslashA

rpcrt4

UuidCreate

Sections

.text
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d293e2575041ee43baa162202c75b0a9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wtsapi32

advapi32

userenv

kernel32

user32

shell32

ole32

oleaut32

shlwapi

rpcrt4

Sections

.text Size: 193KB - Virtual size: 192KB

.rdata Size: 66KB - Virtual size: 65KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1.2MB - Virtual size: 1.9MB

.text
Size: 193KB - Virtual size: 192KB

.rdata
Size: 66KB - Virtual size: 65KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1.2MB - Virtual size: 1.9MB