a04cb41942f109a6c6fdaa3a328bda0b6bb839c89dad953892f37d71a15bc52eN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

a04cb41942f109a6c6fdaa3a328bda0b6bb839c89dad953892f37d71a15bc52eN.exe
Size

4.0MB
MD5

30d52612851207691a98c511b1738180
SHA1

f55d7f432efc599520589819f5a4e7a8e82817f8
SHA256

a04cb41942f109a6c6fdaa3a328bda0b6bb839c89dad953892f37d71a15bc52e
SHA512

56a4c090ee1a8b84210725e096eba9f69d3a320b88faa13fc4fcaeb6aeef192e8e7b1c0a8c5a7d084b8930f311f3a50d2de2e80f6b46539fef6ed705626fd1de
SSDEEP

49152:s1GtQfUZ53MQD7typ+VeQWwbM7FDC/exKyzKC8aJBVE2+ofHTr8u3lpiyKg/w/1a:EtCtD7tN4KyuC53+2+ofh/w9m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a04cb41942f109a6c6fdaa3a328bda0b6bb839c89dad953892f37d71a15bc52eN.exe

Files

a04cb41942f109a6c6fdaa3a328bda0b6bb839c89dad953892f37d71a15bc52eN.exe
.exe windows:5 windows x86 arch:x86

52d6367a47f23e19cf705f3c443a048b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\UGit\crash_report\bin\rail_crash_sender.pdb

Imports

ws2_32

htons
setsockopt
send
recv
WSAGetLastError
connect
WSACleanup
WSAStartup
ntohs
getsockname
getpeername
WSASetLastError
closesocket
shutdown
bind
__WSAFDIsSet
ioctlsocket
freeaddrinfo
inet_ntoa
getservbyname
gethostbyname
getaddrinfo
sendto
recvfrom
listen
accept
getsockopt
ntohl
socket
gethostname
WSAIoctl
select
htonl
inet_addr

shell32

SHFileOperationW
SHGetFileInfoW
CommandLineToArgvW
ExtractIconW
SHGetSpecialFolderPathW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetProcessMemoryInfo

user32

GetDC
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
UnregisterClassW
GetGuiResources
ReleaseDC

advapi32

ReportEventA
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
RegCloseKey
DeregisterEventSource
RegOpenKeyExW
RegisterEventSourceA
RegQueryValueExW

wldap32

ord26
ord27
ord41
ord79
ord211
ord46
ord301
ord22
ord200
ord60
ord143
ord50
ord30
ord35
ord33
ord32

normaliz

IdnToAscii
IdnToUnicode

gdi32

DeleteObject
GetDeviceCaps
GetDIBits
CreateCompatibleBitmap
GetObjectA

kernel32

FreeEnvironmentStringsW
RtlCaptureStackBackTrace
GenerateConsoleCtrlEvent
SetFilePointer
GetEnvironmentStringsW
GetLocalTime
GetVersionExA
GetCommandLineA
GetOEMCP
Process32First
IsValidCodePage
Process32Next
FindFirstFileExA
GetProcessHeap
HeapSize
CreatePipe
GetExitCodeProcess
FlushFileBuffers
GetTimeZoneInformation
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
ReadConsoleW
GetACP
HeapReAlloc
MoveFileExW
GetCurrentDirectoryW
GetCurrentDirectoryA
Module32First
SetCurrentDirectoryW
SetCurrentDirectoryA
SetEnvironmentVariableW
SetEnvironmentVariableA
GetFullPathNameA
GetFullPathNameW
HeapFree
HeapAlloc
SetConsoleMode
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ResumeThread
ExitThread
ExitProcess
SetConsoleCtrlHandler
WriteConsoleW
GetModuleFileNameA
GetConsoleMode
GetConsoleCP
CreateProcessA
GetDriveTypeW
RtlUnwind
WaitForMultipleObjectsEx
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
CreateDirectoryA
CreateFileA
DeleteFileA
GetFileAttributesA
SetProcessAffinityMask
GetFileSize
LockFile
WideCharToMultiByte
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateEventW
CloseHandle
LockFileEx
ResetEvent
LeaveCriticalSection
SetEvent
WaitForSingleObject
MultiByteToWideChar
CreateFileW
GetFileSizeEx
FindFirstFileW
GetFileTime
FindNextFileW
FindClose
OpenProcess
ReadProcessMemory
LoadLibraryW
GetProcAddress
FreeLibrary
GetProcessTimes
FileTimeToSystemTime
GetSystemTime
GetFileAttributesW
GetCurrentThreadId
GetCommandLineW
CreateThread
GetCurrentProcess
CopyFileW
ReadFile
WriteFile
SystemTimeToFileTime
CreateProcessW
GetFileInformationByHandle
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
TerminateProcess
DeleteFileW
RemoveDirectoryW
TerminateThread
Sleep
GetTickCount
RaiseException
DecodePointer
OutputDebugStringA
CreateDirectoryW
WritePrivateProfileStringW
GetModuleHandleExW
GetModuleFileNameW
GetTempPathW
GetPrivateProfileStringW
FormatMessageW
GetFileAttributesExW
GlobalAlloc
GlobalFree
GetModuleHandleW
SystemTimeToTzSpecificLocalTime
GetTempFileNameW
TryEnterCriticalSection
CreateMutexA
ReleaseMutex
OpenFileMappingW
UnmapViewOfFile
GetSystemInfo
CreateFileMappingW
MapViewOfFile
GetConsoleScreenBufferInfo
VirtualProtect
GetStdHandle
InitializeCriticalSection
GetTempPathA
GetWindowsDirectoryA
GetComputerNameA
GetSystemTimeAsFileTime
GetModuleHandleA
GetFileType
SetLastError
FormatMessageA
SleepEx
VerifyVersionInfoA
GetSystemDirectoryA
LoadLibraryA
VerSetConditionMask
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
FindFirstFileA
FindNextFileA
GlobalMemoryStatus
QueryPerformanceCounter
FlushConsoleInputBuffer
TzSpecificLocalTimeToSystemTime
SetFileTime
CopyFileA
UnlockFileEx
VirtualFree
VirtualAlloc
EnterCriticalSection
SetConsoleTextAttribute
GetVersionExW
IsDebuggerPresent
OutputDebugStringW
QueryPerformanceFrequency
FindFirstFileExW
GetDiskFreeSpaceExW
SetEndOfFile
SetFileAttributesW
SetFilePointerEx
CreateHardLinkW
AreFileApisANSI
GetStringTypeW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
UnlockFile

ole32

CoUninitialize
CoCreateGuid
CoInitialize
CoCreateInstance

shlwapi

PathFileExistsW

iphlpapi

GetAdaptersInfo

winmm

timeBeginPeriod
timeKillEvent
timeGetDevCaps
timeSetEvent

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 661KB - Virtual size: 661KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 293KB - Virtual size: 382KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

52d6367a47f23e19cf705f3c443a048b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

shell32

version

psapi

user32

advapi32

wldap32

normaliz

gdi32

kernel32

ole32

shlwapi

iphlpapi

winmm

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 661KB - Virtual size: 661KB

.data Size: 293KB - Virtual size: 382KB

.gfids Size: 6KB - Virtual size: 5KB

.rsrc Size: 183KB - Virtual size: 183KB

.reloc Size: 208KB - Virtual size: 208KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 661KB - Virtual size: 661KB

.data
Size: 293KB - Virtual size: 382KB

.gfids
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 183KB - Virtual size: 183KB

.reloc
Size: 208KB - Virtual size: 208KB