fc659c6b8541f2c652c365b40ea05089d8ac30ece2251b69cd83089f80d09e07N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

fc659c6b8541f2c652c365b40ea05089d8ac30ece2251b69cd83089f80d09e07N.exe
Size

259KB
MD5

f5e497a53bde455bbf5e5adab5384c60
SHA1

3bb862b88d43072328d16f362fe0abbdfe6af99c
SHA256

fc659c6b8541f2c652c365b40ea05089d8ac30ece2251b69cd83089f80d09e07
SHA512

b77610914bf66afa5e9caf9e51c33309c7160f23a97f2ae6d632edba1beca24b0b6a48f434d3ec4cbc4eb8520dd5deed9f61308ab9b69b302d2d41bb35c16f96
SSDEEP

6144:WyK4+vW9EnkxPWu9oYUkZYeLoerbZP4sdA9hmEPpW5rpH:5K99kPWqBU0LDrNgsdA9hFPW9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc659c6b8541f2c652c365b40ea05089d8ac30ece2251b69cd83089f80d09e07N.exe

Files

fc659c6b8541f2c652c365b40ea05089d8ac30ece2251b69cd83089f80d09e07N.exe
.exe windows:4 windows x86 arch:x86

29fd9996b10182982c429e7b0516724d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

GetErrorInfo
SafeArrayCreate
SafeArrayGetLBound
SafeArrayDestroy
RegisterTypeLi
SysStringByteLen
SafeArrayGetUBound
SysAllocStringLen
SetErrorInfo
UnRegisterTypeLi
SafeArrayCopy
VariantCopyInd
SafeArrayGetVartype
SysStringLen
SysFreeString
SafeArrayLock
SafeArrayUnlock
VariantClear
LoadRegTypeLi
CreateErrorInfo
VariantInit
SafeArrayRedim
LoadTypeLi
SysAllocString
VariantChangeType
SysAllocStringByteLen
VariantCopy
VarUI4FromStr

userenv

UnloadUserProfile

kernel32

CancelIo
SetStdHandle
WriteConsoleW
GetOEMCP
TlsAlloc
FindResourceW
EnterCriticalSection
GetExitCodeThread
OpenProcess
GetCommandLineW
VerifyVersionInfoW
VirtualQuery
HeapAlloc
GetCommandLineA
LeaveCriticalSection
GetConsoleMode
GetModuleHandleW
IsValidCodePage
HeapFree
WideCharToMultiByte
TlsGetValue
SetConsoleCtrlHandler
CloseHandle
LCMapStringA
DeleteCriticalSection
GetConsoleOutputCP
FreeLibrary
GetProcessHeap
lstrlenW
GetModuleHandleA
SetUnhandledExceptionFilter
LocalFree
CreateFileA
SetProcessWorkingSetSize
VirtualProtect
VirtualFree
lstrcmpiW
WaitForSingleObject
VerSetConditionMask
HeapReAlloc
GetDriveTypeW
LCMapStringW
DeviceIoControl
GetCurrentThreadId
SetLastError
ResumeThread
HeapDestroy
CreateEventW
GetThreadLocale
LoadLibraryExW
GetStdHandle
GetACP
SetProcessShutdownParameters
GetSystemTimeAsFileTime
GetFileType
CreateThread
TerminateThread
RtlUnwind
DuplicateHandle
RaiseException
UnhandledExceptionFilter
EnumSystemLocalesA
GetSystemInfo
GetVolumeNameForVolumeMountPointW
lstrlenA
IsDebuggerPresent
WriteFile
IsValidLocale
WriteConsoleA
GetConsoleCP
CreateProcessW
FreeEnvironmentStringsA
CreateWaitableTimerW
HeapSize
SetFilePointer
FindResourceExW
SetWaitableTimer
FlushFileBuffers
FreeEnvironmentStringsW
SizeofResource
LoadResource
CreateFileW
GetUserDefaultLCID
WaitForMultipleObjects
SetHandleCount
LockResource
VirtualAlloc
TlsSetValue
TlsFree
GetStartupInfoW

shlwapi

PathRemoveFileSpecW
PathQuoteSpacesW

user32

DispatchMessageW
GetSysColorBrush
RegisterClassW
DestroyWindow
PostThreadMessageW
MsgWaitForMultipleObjects
LoadCursorW
CharNextW
UnregisterClassA
PeekMessageW
TranslateMessage
wsprintfW
CreateWindowExW
LoadStringW
GetMessageW
DefWindowProcW
UnregisterClassW
CharUpperBuffW

advapi32

QueryServiceConfigW
RegisterEventSourceW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSidSubAuthority
GetSecurityDescriptorOwner
RegDeleteValueW
QueryServiceStatusEx
RegEnumKeyExW
ConvertSecurityDescriptorToStringSecurityDescriptorW
SetSecurityDescriptorGroup
GetSecurityDescriptorDacl
SetSecurityDescriptorOwner
RegEnumValueW
SetThreadToken
GetAclInformation
RegQueryValueExW
RegOpenKeyExW
AddAce
StartServiceCtrlDispatcherW
DeregisterEventSource
OpenSCManagerW
CopySid
RegQueryInfoKeyW
GetSidLengthRequired
ControlService
RegCloseKey
SetServiceStatus
InitializeAcl
RegCreateKeyExW
RegisterServiceCtrlHandlerW
OpenServiceW
GetSecurityDescriptorLength
GetSecurityDescriptorGroup
GetSecurityDescriptorSacl
RegDeleteKeyW
CreateServiceW
MakeAbsoluteSD
LookupAccountNameW
InitializeSid
ChangeServiceConfig2W
GetTokenInformation
CreateProcessAsUserW
ReportEventW
DeleteService
IsValidSid
EqualSid
MakeSelfRelativeSD
CloseServiceHandle
SetNamedSecurityInfoW
CheckTokenMembership
DuplicateToken
RegSetValueExW
InitializeSecurityDescriptor
GetLengthSid
SetSecurityDescriptorDacl
DuplicateTokenEx
GetSecurityDescriptorControl
ChangeServiceConfigW
OpenThreadToken

setupapi

SetupDiCreateDeviceInfoListExW
SetupDiSetDeviceRegistryPropertyW
CM_Get_DevNode_Status_Ex
SetupDiGetDeviceInstanceIdW
CM_Get_Sibling
CM_Get_Child
SetupDiGetDeviceInfoListDetailW
SetupDiGetClassDevsW
CM_Get_Device_IDW
CM_Get_Parent
SetupDiOpenDeviceInfoW
SetupDiGetDeviceInterfaceDetailW
CM_Locate_DevNodeW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
CM_Get_Device_ID_Size
SetupDiCreateDeviceInfoList
SetupDiGetClassDevsExW

iphlpapi

NotifyAddrChange

ole32

OleRun
CoTaskMemAlloc
CoImpersonateClient
CoUninitialize
ProgIDFromCLSID
CoTaskMemFree
CoInitializeSecurity
StringFromGUID2
CoCreateInstance
CoInitializeEx
StringFromCLSID
CLSIDFromString
CoTaskMemRealloc
CoRevertToSelf
CoRegisterClassObject
CoResumeClassObjects
CoRevokeClassObject
CoSuspendClassObjects

mscms

CreateColorTransformA
SetColorProfileElement
UnregisterCMMW
OpenColorProfileW
CreateDeviceLinkProfile
SpoolerCopyFileEvent
InternalGetPS2ColorRenderingDictionary

kbdlt1

KbdLayerDescriptor

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bbihz
Size: 512B - Virtual size: 613B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Tumzbi
Size: 1KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Vbhc
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dR
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 212KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QwcF
Size: 512B - Virtual size: 251B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29fd9996b10182982c429e7b0516724d

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

userenv

kernel32

shlwapi

user32

advapi32

setupapi

iphlpapi

ole32

mscms

kbdlt1

Sections

.text Size: 16KB - Virtual size: 15KB

.bbihz Size: 512B - Virtual size: 613B

.rdata Size: 7KB - Virtual size: 6KB

.Tumzbi Size: 1KB - Virtual size: 12KB

.Vbhc Size: 1024B - Virtual size: 2KB

.dR Size: 1KB - Virtual size: 4KB

.data Size: 212KB - Virtual size: 272KB

.QwcF Size: 512B - Virtual size: 251B

.rsrc Size: 18KB - Virtual size: 17KB

.text
Size: 16KB - Virtual size: 15KB

.bbihz
Size: 512B - Virtual size: 613B

.rdata
Size: 7KB - Virtual size: 6KB

.Tumzbi
Size: 1KB - Virtual size: 12KB

.Vbhc
Size: 1024B - Virtual size: 2KB

.dR
Size: 1KB - Virtual size: 4KB

.data
Size: 212KB - Virtual size: 272KB

.QwcF
Size: 512B - Virtual size: 251B

.rsrc
Size: 18KB - Virtual size: 17KB