11cfd8e84704194ff9c56780858e9bbb9e82ff1b958149d74c43969d06ea10bd[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

11cfd8e84704194ff9c56780858e9bbb9e82ff1b958149d74c43969d06ea10bd.exe
Size

142KB
MD5

092d39b97288886203fa681bb354cca3
SHA1

baa44b68d92836d9005c6829d6d4891d39e1471d
SHA256

11cfd8e84704194ff9c56780858e9bbb9e82ff1b958149d74c43969d06ea10bd
SHA512

7b77a63b635477bf88934983fabf4103d94aefc95986f4c66df3a74ede2349a6d8c9442f38417dcd5518231ed42104c33273229b3d99c92250cacfd6623c5b47
SSDEEP

3072:uA5ohBykv/QGvx4TOPu5XH4KoUu2JsaO0xiQhzNHaGV:DojR/QY4CP434KrtOiJHFV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
11cfd8e84704194ff9c56780858e9bbb9e82ff1b958149d74c43969d06ea10bd.exe

Files

11cfd8e84704194ff9c56780858e9bbb9e82ff1b958149d74c43969d06ea10bd.exe
.exe windows:5 windows x86 arch:x86

3032f4a921564516246680bc5824ef80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDriveTypeW
ReadFile
GetFileSizeEx
InterlockedDecrement
TerminateProcess
WaitForMultipleObjects
GetQueuedCompletionStatus
GetFileAttributesW
OpenProcess
PostQueuedCompletionStatus
SetFileAttributesW
GetSystemInfo
SetFilePointerEx
MoveFileExW
GetCurrentProcessId
InterlockedIncrement
CreateIoCompletionPort
lstrcmpiW
GetTempPathW
LoadLibraryW
GetProcAddress
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
GetCommandLineW
WriteConsoleW
HeapReAlloc
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
FindNextVolumeW
lstrcpyW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
SetVolumeMountPointW
CreateThread
CloseHandle
InterlockedExchangeAdd
lstrcatW
GetLastError
Sleep
HeapFree
CreateFileW
GetStringTypeW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindClose
lstrlenA
DeviceIoControl
FindFirstFileW
WriteFile
lstrlenW
FindNextFileA
FindFirstFileExA
FindNextFileW
FindFirstVolumeW
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
SetLastError
RtlUnwind
RaiseException
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetACP
HeapAlloc
CompareStringW
LCMapStringW
DecodePointer

user32

SystemParametersInfoW
wsprintfA
GetSystemMetrics
GetDC
ReleaseDC
DrawTextA

gdi32

CreateCompatibleBitmap
SelectObject
CreateDIBSection
GetTextExtentPoint32A
CreateCompatibleDC
CreateFontW
DeleteDC
SetTextColor
SetBkMode
SetBkColor
DeleteObject
BitBlt

winspool.drv

WritePrinter
EnumPrintersW
EndPagePrinter
StartDocPrinterW
OpenPrinterW
StartPagePrinter
EndDocPrinter
ClosePrinter

advapi32

CryptGenRandom
RegOpenKeyW
RegCloseKey
RegSetValueExW
CryptAcquireContextW

shell32

CommandLineToArgvW
SHEmptyRecycleBinA

crypt32

CryptStringToBinaryA

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3032f4a921564516246680bc5824ef80

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

crypt32

mpr

Sections

.text Size: 98KB - Virtual size: 97KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 2KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 176B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 98KB - Virtual size: 97KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 2KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 176B

.reloc
Size: 5KB - Virtual size: 4KB