872d7a72f41cf5c16f29fad7820b0770b1b5bedf4c115380b2917b1b6ff00739N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

872d7a72f41cf5c16f29fad7820b0770b1b5bedf4c115380b2917b1b6ff00739N.exe
Size

275KB
MD5

b33e643156f5e71468fe341eec569480
SHA1

d998a4178a64757e5e7256164546d800a552d1d3
SHA256

872d7a72f41cf5c16f29fad7820b0770b1b5bedf4c115380b2917b1b6ff00739
SHA512

16af59af74a644973377bc811e1985e162011cf257158157c543179d38b4e528ea890fd3b03f6050162fdb4c580aeaf48d2b6a1e33b952758ae464819770f586
SSDEEP

6144:l2J9n/ekxcnYvkGc9plVQYsvkk2EOqpJjSsTS:l2JUcX8LvVQY8kk2EO+d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
872d7a72f41cf5c16f29fad7820b0770b1b5bedf4c115380b2917b1b6ff00739N.exe

Files

872d7a72f41cf5c16f29fad7820b0770b1b5bedf4c115380b2917b1b6ff00739N.exe
.exe windows:4 windows x86 arch:x86

2c59df6083165220959cf80ab831c667

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA
CharPrevExA
CharUpperBuffW
CharNextExA

advapi32

AddAccessDeniedAce
SetThreadToken
AddAccessAllowedAce
DeregisterEventSource
ReportEventW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegisterTraceGuidsA
RegCreateKeyExW
FreeSid
RegQueryValueExW
InitializeSecurityDescriptor
GetLengthSid
OpenSCManagerW
OpenServiceW
SetSecurityDescriptorDacl
RegisterServiceCtrlHandlerExW
GetTraceEnableFlags
DuplicateToken
LookupAccountSidA
GetTraceEnableLevel
InitializeAcl
RegSetValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorA
UnregisterTraceGuids
GetTokenInformation
DuplicateTokenEx
RegisterEventSourceW
StartServiceCtrlDispatcherW
GetTraceLoggerHandle
TraceMessage
RegOpenKeyExW
RegCloseKey
CloseServiceHandle
AllocateAndInitializeSid
SetServiceStatus

rpcrt4

RpcServerUseProtseqEpA
NdrServerCall2
RpcMgmtStopServerListening
RpcServerListen
RpcServerUnregisterIf
RpcServerRegisterAuthInfoA
RpcServerRegisterIf

kernel32

CreateMutexW
UnregisterWaitEx
VirtualAlloc
HeapFree
GetVolumeInformationW
QueryPerformanceFrequency
LCMapStringA
CreateSemaphoreW
HeapDestroy
RaiseException
GetConsoleOutputCP
GlobalFree
ReleaseSemaphore
SetHandleCount
FreeEnvironmentStringsA
CreateEventW
ResetEvent
SystemTimeToFileTime
HeapAlloc
QueueUserWorkItem
GetVolumePathNamesForVolumeNameW
DeleteTimerQueueTimer
CreateFileMappingA
GetProcessHeap
UnlockFile
GetCurrentThreadId
CreateMutexA
RegisterWaitForSingleObject
CreateFileMappingW
UnhandledExceptionFilter
TlsFree
IsValidLocale
GetOEMCP
WideCharToMultiByte
MapViewOfFile
GetUserDefaultLCID
DeleteCriticalSection
GetTempFileNameW
CreateEventA
HeapReAlloc
OpenMutexA
IsValidCodePage
GetCommandLineA
GetPriorityClass
SetEndOfFile
CreateFileW
OpenProcess
CreateTimerQueueTimer
TlsAlloc
GetSystemTime
FreeEnvironmentStringsW
UnregisterWait
TlsGetValue
GetConsoleCP
EnumSystemLocalesA
CreateIoCompletionPort
MoveFileW
UnmapViewOfFile
DeleteTimerQueueEx
GetFileType
GetThreadPriority
GetShortPathNameA
ExpandEnvironmentStringsW
GetDriveTypeW
LoadLibraryExA
GetStdHandle
FlushFileBuffers
GetFileSizeEx
SetThreadPriority
GetSystemTimeAsFileTime
CreateProcessW
CreateFileA
FreeLibrary
GlobalMemoryStatusEx
DeleteFileW
LCMapStringW
GetComputerNameW
WriteConsoleA
GetConsoleMode
SetFilePointer
EnterCriticalSection
CloseHandle
ReleaseMutex
LeaveCriticalSection
IsDebuggerPresent
GetFileSize
HeapSize
VirtualFree
LocalFree
WaitForMultipleObjects
CompareStringW
CopyFileW
LockFileEx
GetModuleHandleA
CreateTimerQueue
GlobalAlloc
RtlUnwind
GetComputerNameA
SetFilePointerEx
CreateDirectoryW
WaitForSingleObject
GetACP
SetLastError
CreateThread
SetStdHandle
TlsSetValue
OpenEventA
GetLocalTime
WriteConsoleW
SetUnhandledExceptionFilter
GetQueuedCompletionStatus
GetSystemInfo
WriteFile
SetPriorityClass
PostQueuedCompletionStatus
SetErrorMode
ReadFile
CompareStringA
GetStartupInfoW
VirtualAllocEx

rtm

RtmCloseEnumerationHandle
RtmGetFirstRoute
RtmGetListEnumRoutes
RtmReleaseNextHopInfo
MgmGetMfe
RtmUpdateAndUnlockRoute
InsertIntoTable
RtmReleaseDests
RtmReadInstanceConfig
DumpTable
MgmReleaseInterfaceOwnership
MgmGetNextMfe
RtmReleaseRoutes

qedit

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 240KB - Virtual size: 558KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c59df6083165220959cf80ab831c667

Headers

File Characteristics

Imports

user32

advapi32

rpcrt4

kernel32

rtm

qedit

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 240KB - Virtual size: 558KB

.rsrc Size: 4KB - Virtual size: 16KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 240KB - Virtual size: 558KB

.rsrc
Size: 4KB - Virtual size: 16KB