380e081dbf5550146db4e9d874a796f6d5d80c49b5cbe50f9247a556192ea129N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

380e081dbf5550146db4e9d874a796f6d5d80c49b5cbe50f9247a556192ea129N.exe
Size

484KB
MD5

5d279e53008bcf128c79d18913073440
SHA1

710f5671c5326c9b722a69284a30039c2bd00628
SHA256

380e081dbf5550146db4e9d874a796f6d5d80c49b5cbe50f9247a556192ea129
SHA512

f093db7036d75ee03c0cf6b170b1d7206ee81d57d199df69930979c15ebd5fcc365333be514abea69b196faaa592cd47ff2f778875521060c3ebe4bf931c3627
SSDEEP

6144:40Kf3dwCiJOp5DzwQTSmKMuYREY4nLy95/YjVD+IyaFV/GCc7IfxB7f:255QySNaEY4nW9sl+ja3/GCT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
380e081dbf5550146db4e9d874a796f6d5d80c49b5cbe50f9247a556192ea129N.exe

Files

380e081dbf5550146db4e9d874a796f6d5d80c49b5cbe50f9247a556192ea129N.exe
.exe windows:6 windows x64 arch:x64

8f5035dbc2be7417d0a4c076f6d9c949

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

PostQueuedCompletionStatus
MultiByteToWideChar
Sleep
GetLastError
GetDiskFreeSpaceExW
GetCurrentThread
TerminateThread
LoadLibraryA
GetNativeSystemInfo
CreateThread
SetVolumeMountPointW
GetProcAddress
LocalFree
DeleteCriticalSection
ExitProcess
GetCurrentProcessId
GetModuleHandleW
CopyFileW
GetVolumePathNamesForVolumeNameW
lstrcpyW
SleepEx
GetDiskFreeSpaceExA
FindNextVolumeW
lstrcmpiW
CreateIoCompletionPort
GetTickCount
lstrcmpW
GetDriveTypeW
GetComputerNameA
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
DuplicateHandle
CreateEventW
SetEvent
GetWindowsDirectoryW
FindVolumeClose
GetFileType
lstrcatW
GetLocaleInfoA
ReadFile
GetFileSizeEx
SetEndOfFile
SetFileAttributesW
SetFilePointerEx
WideCharToMultiByte
CreateMutexA
SleepConditionVariableCS
WakeConditionVariable
InitializeConditionVariable
GetSystemInfo
GlobalMemoryStatusEx
WriteConsoleW
ReadConsoleW
HeapSize
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetModuleHandleA
GetCurrentThreadId
GetFileAttributesW
CreateFileW
WaitForSingleObject
FindClose
lstrlenA
GetQueuedCompletionStatus
SetErrorMode
InitializeCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
GetModuleFileNameW
GetUserDefaultLangID
WriteFile
FindNextFileW
GetCommandLineW
EnterCriticalSection
FindFirstVolumeW
FindFirstFileExW
GetLogicalDrives
MoveFileW
lstrlenW
OutputDebugStringW
MapViewOfFile
CreateFileMappingW
GetFileSize
CloseHandle
GetLogicalDriveStringsW
UnmapViewOfFile
GetCurrentProcess
QueryDosDeviceW
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FlsFree
FlsSetValue
QueryPerformanceCounter
GetSystemTimeAsFileTime
FlsGetValue
FlsAlloc
HeapAlloc
HeapFree
HeapReAlloc
GetStdHandle
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetStringTypeW
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
RaiseException

user32

CreateWindowExW
GetCursorPos
RegisterClassW
MessageBoxW
DefWindowProcW

advapi32

OpenServiceW
CryptReleaseContext
OpenThreadToken
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
ControlService
EnumDependentServicesW
QueryServiceConfigW
ChangeServiceConfigW
EnumServicesStatusW
QueryServiceStatusEx
LookupPrivilegeValueW
AdjustTokenPrivileges
CreateServiceW
RegCloseKey
CryptAcquireContextW
CloseServiceHandle
RegQueryValueExA
CryptGenRandom
OpenSCManagerW
RegSetValueExW
OpenProcessToken
StartServiceW
RegOpenKeyExA
RegOpenKeyExW
GetTokenInformation

shell32

ShellExecuteW
CommandLineToArgvW

bcrypt

BCryptGenRandom

netapi32

NetApiBufferFree
NetShareEnum

shlwapi

wnsprintfA
PathFileExistsW
StrCmpNIW
StrCmpNW
StrStrIW
SHDeleteKeyW
UrlUnescapeA
UrlEscapeA
wnsprintfW

iphlpapi

GetIpNetTable

ws2_32

inet_ntoa

wininet

InternetReadFile
InternetConnectW
HttpOpenRequestW
InternetQueryOptionW
InternetQueryDataAvailable
InternetOpenW
InternetCrackUrlW
InternetSetOptionW
InternetCloseHandle
HttpSendRequestW

psapi

GetMappedFileNameW
GetModuleFileNameExW

Sections

.text
Size: 329KB - Virtual size: 329KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f5035dbc2be7417d0a4c076f6d9c949

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

bcrypt

netapi32

shlwapi

iphlpapi

ws2_32

wininet

psapi

Sections

.text Size: 329KB - Virtual size: 329KB

.rdata Size: 126KB - Virtual size: 125KB

.data Size: 7KB - Virtual size: 34KB

.pdata Size: 15KB - Virtual size: 14KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 329KB - Virtual size: 329KB

.rdata
Size: 126KB - Virtual size: 125KB

.data
Size: 7KB - Virtual size: 34KB

.pdata
Size: 15KB - Virtual size: 14KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 4KB - Virtual size: 4KB