8af00449fe6e1672d6d01418150e55021e36e01458ee5bd3ac4b867cf014cdedN[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

8af00449fe6e1672d6d01418150e55021e36e01458ee5bd3ac4b867cf014cdedN.exe
Size

168KB
MD5

be2c7de34231d1353e36bb6f4399f490
SHA1

3bcd8b1317df5cf61cf38f624a5bfe6b09e69b17
SHA256

8af00449fe6e1672d6d01418150e55021e36e01458ee5bd3ac4b867cf014cded
SHA512

fb90098ac0854b557cd12143ec731b4881efc51f149fbf01d8dc92a3bc658430350f3953de7e0075b71f639829ef29aeca3d8692ba6cdb867f095b617da46336
SSDEEP

3072:R+//K1KJAR6KtqDSB8NojBOryOIy4IwiyO+//K1KJR3l:GKkmVtqWB8NojgrvIy4RiypKkfl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8af00449fe6e1672d6d01418150e55021e36e01458ee5bd3ac4b867cf014cdedN.exe

Files

8af00449fe6e1672d6d01418150e55021e36e01458ee5bd3ac4b867cf014cdedN.exe
.exe windows:4 windows x86 arch:x86

4e8b54190cc0243720a8a33003af8cf5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

QueryServiceConfigA
GetExplicitEntriesFromAclW
OpenProcessToken
GetAuditedPermissionsFromAclA
ObjectDeleteAuditAlarmW
IsValidSid
GetKernelObjectSecurity
RegDeleteKeyA
GetTokenInformation
RegSetValueExW
CloseEventLog
ChangeServiceConfig2W
SetEntriesInAclW
OpenEventLogA
LogonUserA
GetUserNameA
LsaSetInformationPolicy
SetServiceStatus
BackupEventLogA
BuildExplicitAccessWithNameW
RegQueryMultipleValuesA
LsaAddAccountRights
MakeAbsoluteSD
MakeSelfRelativeSD
AllocateAndInitializeSid
LookupAccountNameW
ReportEventW
GetSecurityDescriptorSacl
AccessCheckAndAuditAlarmA
SetServiceObjectSecurity
GetTrusteeNameW
ImpersonateSelf
OpenServiceA
RegFlushKey
GetServiceKeyNameA
LsaDeleteTrustedDomain
ChangeServiceConfig2A

clusapi

SetClusterName
CloseCluster
ClusterGroupControl
OpenCluster
ClusterNetworkEnum
GetClusterNodeKey
ClusterNodeControl
CloseClusterNode

gdi32

CreatePatternBrush
GetFontLanguageInfo

user32

GetDC
CreateDialogParamA
GetClipboardViewer
CountClipboardFormats
GetWindowTextA
UnregisterHotKey
DrawCaption
DrawAnimatedRects
GetDialogBaseUnits

oleaut32

SafeArrayUnlock
SafeArrayUnaccessData
VarDateFromI2
QueryPathOfRegTypeLi
VarR4FromStr
VarCyFromUI2
LoadTypeLibEx
BstrFromVector

resutils

ResUtilGetProperty
ResUtilEnumPrivateProperties
ResUtilGetPrivateProperties
ResUtilFreeParameterBlock
ResUtilVerifyService
ResUtilSetSzValue
ResUtilVerifyPropertyTable
ResUtilResourcesEqual
ResUtilGetMultiSzProperty
ResUtilSetPropertyTable
ResUtilGetBinaryValue
ResUtilEnumResources
ResUtilPropertyListFromParameterBlock
ResUtilGetSzProperty
ResUtilStopService
ResUtilVerifyResourceService

setupapi

SetupDiDeleteDevRegKey
SetupInstallFromInfSectionW
SetupQueueCopySectionW
SetupDiCancelDriverInfoSearch
SetupPromptForDiskA
SetupRemoveInstallSectionFromDiskSpaceListW
SetupInstallServicesFromInfSectionW
SetupDiGetHwProfileFriendlyNameExA
SetupRemoveFileLogEntryW
SetupGetLineByIndexA
SetupDiGetDriverInstallParamsA
SetupDiClassGuidsFromNameA
SetupTermDefaultQueueCallback
SetupDiGetClassDevPropertySheetsW
SetupLogErrorA
SetupAddToSourceListW
SetupDiGetHwProfileListExA
SetupLogErrorW
SetupDiInstallDriverFiles
SetupDiSetClassInstallParamsW
SetupDiGetDeviceInterfaceDetailA
SetupQueueDeleteW
SetupDiSetDeviceRegistryPropertyW
SetupDiSetSelectedDriverA
SetupAdjustDiskSpaceListA
SetupDiLoadClassIcon
SetupCommitFileQueueA
SetupGetMultiSzFieldA
SetupCopyErrorA
SetupDiOpenDeviceInfoA
SetupDiGetActualSectionToInstallW
SetupDiEnumDeviceInfo
SetupGetInfInformationW
SetupDiChangeState
SetupOpenFileQueue
SetupDiCallClassInstaller
SetupInstallFromInfSectionA
SetupQueueRenameA
SetupScanFileQueueA
SetupDiGetClassInstallParamsA
SetupOpenAppendInfFileW
SetupGetFileCompressionInfoW
SetupDiGetClassImageListExW
SetupQueueDeleteSectionA
SetupLogFileW
SetupDiSetDeviceInstallParamsA
SetupDiGetDeviceInstallParamsW
SetupGetInfFileListA
SetupSetSourceListA
SetupCreateDiskSpaceListA
SetupGetLineCountA
SetupDiOpenDeviceInterfaceW
SetupPromptReboot
SetupQueryDrivesInDiskSpaceListW
SetupQueueDeleteA
SetupDiGetDeviceInterfaceAlias
SetupSetDirectoryIdW
SetupDiSelectBestCompatDrv
SetupDiRemoveDevice
SetupDiUnremoveDevice
SetupInstallFileExW
SetupDiSelectOEMDrv
SetupDefaultQueueCallbackA
SetupDiGetClassImageListExA
SetupDecompressOrCopyFileA
SetupDiCreateDevRegKeyA
SetupDiGetSelectedDevice
SetupGetSourceFileLocationA

comctl32

DrawStatusTextW
ImageList_GetDragImage
ord16
FlatSB_GetScrollProp
ImageList_DragEnter
ImageList_BeginDrag
ImageList_DragLeave
ImageList_Destroy
FlatSB_GetScrollRange
ImageList_SetOverlayImage
ImageList_Create

imm32

ImmGetIMEFileNameA

wininet

GopherFindFirstFileW
GopherGetAttributeA
HttpAddRequestHeadersW
InternetTimeToSystemTime
InternetGetConnectedState
InternetGetCookieA
InternetGetLastResponseInfoW
FtpRenameFileW
FtpRenameFileA
SetUrlCacheEntryInfoW
HttpEndRequestA
GopherOpenFileA
InternetCloseHandle
RetrieveUrlCacheEntryStreamA
InternetCheckConnectionA
FindFirstUrlCacheEntryA
GetUrlCacheEntryInfoExA
CommitUrlCacheEntryW
InternetQueryOptionA
InternetLockRequestFile
CommitUrlCacheEntryA
FtpFindFirstFileA
HttpOpenRequestA
CreateUrlCacheEntryW
InternetFindNextFileA
InternetWriteFile
RetrieveUrlCacheEntryFileA
InternetCrackUrlA
FindFirstUrlCacheEntryExW

shell32

SHBrowseForFolderA

urlmon

CoInternetCompareUrl
HlinkGoForward
CoInternetGetProtocolFlags
SetSoftwareUpdateAdvertisementState
CreateURLMoniker
URLOpenPullStreamW
FindMediaType
URLDownloadToCacheFileW

ole32

CoDisconnectObject
CoRevokeMallocSpy
CoCreateGuid
CoLockObjectExternal
OleQueryCreateFromData
OleMetafilePictFromIconAndLabel
StgOpenStorage
CoMarshalInterface
CoFreeAllLibraries

msvcrt

_controlfp
__set_app_type
__p__fmode
exit
_XcptFilter
_exit
__getmainargs
_adjust_fdiv
__setusermatherr
_acmdln
_initterm
__p__commode
_except_handler3

winmm

mciGetErrorStringA
timeBeginPeriod
waveInGetDevCapsA
mixerMessage

rasapi32

RasGetConnectStatusA
RasGetEntryDialParamsW

kernel32

GetConsoleOutputCP
GetStartupInfoA
GetCPInfo
GetModuleHandleA

comdlg32

FindTextA
PrintDlgA
ChooseFontA

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdataw�
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e8b54190cc0243720a8a33003af8cf5

Headers

File Characteristics

Imports

advapi32

clusapi

gdi32

user32

oleaut32

resutils

setupapi

comctl32

imm32

wininet

shell32

urlmon

ole32

msvcrt

winmm

rasapi32

kernel32

comdlg32

Sections

.text Size: 96KB - Virtual size: 92KB

.rdataw� Size: 8KB - Virtual size: 7KB

.data Size: 20KB - Virtual size: 113KB

.rsrc Size: 4KB - Virtual size: 968B

.text
Size: 96KB - Virtual size: 92KB

.rdataw�
Size: 8KB - Virtual size: 7KB

.data
Size: 20KB - Virtual size: 113KB

.rsrc
Size: 4KB - Virtual size: 968B