d62278358c2a9cd35231cf891443c33783bb88eb76e07e3cb3388e060995b67c[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

d62278358c2a9cd35231cf891443c33783bb88eb76e07e3cb3388e060995b67c.exe
Size

881KB
MD5

008832d6fcd520efecf243210f44b8eb
SHA1

6afcb1976ea5138d303680bcc8d852102fcdd44c
SHA256

d62278358c2a9cd35231cf891443c33783bb88eb76e07e3cb3388e060995b67c
SHA512

064578dbc7dda5bb63f9545a2312547559767e4908fc96065a0fbea0d4937b8aece48e043bf78bf8a164e3fa9b85fca25ca43d924d82abdab8967f105ca84895
SSDEEP

24576:XyTRcTmOZv+I6XE4xOowYLHgZWJ8ncGNb:XyTCJgFNwYLHzJ8Db

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d62278358c2a9cd35231cf891443c33783bb88eb76e07e3cb3388e060995b67c.exe

Files

d62278358c2a9cd35231cf891443c33783bb88eb76e07e3cb3388e060995b67c.exe
.exe windows:6 windows x86 arch:x86

9e8e174ddb0b0f71105d942bfb9cdcfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

P:\Target\x86\ship\setupexe\x-none\mmodesetup.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wintrust

WinVerifyTrust

advapi32

ConvertSidToStringSidA
SetSecurityDescriptorDacl
RegCloseKey
RegCreateKeyExW
OpenProcessToken
AllocateAndInitializeSid
CreateWellKnownSid
EqualSid
FreeSid
GetTokenInformation
IsValidSid
OpenThreadToken
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
EventRegister
EventUnregister
EventWrite
RegQueryInfoKeyW
RegGetValueW
RegEnumKeyW
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorDacl
GetLengthSid
CopySid
CheckTokenMembership
AddAccessDeniedAce
AddAccessAllowedAce
ConvertStringSecurityDescriptorToSecurityDescriptorW

kernel32

SetLastError
CopyFileW
WaitForSingleObjectEx
GetCommandLineW
SetCurrentDirectoryW
GlobalFree
GetCurrentThreadId
GetFullPathNameW
GetSystemDirectoryW
MultiByteToWideChar
VerSetConditionMask
WriteFile
VerifyVersionInfoW
GetUserDefaultLCID
GetDiskFreeSpaceExW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalAlloc
LocalAlloc
LocalFree
CreateFileW
SetFilePointerEx
GetTempPathW
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetTickCount
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
ReleaseMutex
GetSystemTimeAsFileTime
GetLocalTime
GetTickCount64
RaiseFailFastException
GetFileSize
GlobalMemoryStatusEx
GetNativeSystemInfo
GetProductInfo
GetUserGeoID
GetUserDefaultUILanguage
GetSystemDefaultLCID
TerminateProcess
LCIDToLocaleName
CreateMutexA
OpenMutexA
ReadFile
GetACP
IsValidLocale
RaiseException
RtlCaptureStackBackTrace
HeapAlloc
HeapFree
GetProcessHeap
GetCommandLineA
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
Sleep
IsProcessorFeaturePresent
GetCPInfo
GetOEMCP
IsValidCodePage
GetStringTypeW
LCMapStringW
InterlockedExchange
LoadLibraryW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleW
InitializeCriticalSection
lstrcmpW
SetFileAttributesW
RemoveDirectoryW
GetFileAttributesExW
FindNextFileW
FindFirstFileW
DeleteFileW
CreateDirectoryW
GetCurrentThread
GetCurrentProcessId
CloseHandle
ExpandEnvironmentStringsW
WideCharToMultiByte
FormatMessageW
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetVersionExW
SetErrorMode
FindFirstFileExW
FindClose
CompareStringEx
IsWow64Process
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
GetFileType
LoadLibraryA
LoadResource
SizeofResource
FindResourceW
GetShortPathNameA
LocaleNameToLCID
GetUserDefaultLocaleName
GetSystemDefaultLocaleName
CompareStringW

ole32

CoCreateInstance
CoCreateGuid
CoUninitialize
CoInitializeEx

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

gdi32

CreateDCA
CreateSolidBrush
DeleteObject
DeleteDC
GetDeviceCaps

Sections

.text
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 212KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 85KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9e8e174ddb0b0f71105d942bfb9cdcfe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

wintrust

advapi32

kernel32

ole32

oleaut32

gdi32

Sections

.text Size: 412KB - Virtual size: 411KB

.data Size: 212KB - Virtual size: 242KB

.rsrc Size: 164KB - Virtual size: 163KB

.reloc Size: 85KB - Virtual size: 88KB

.text
Size: 412KB - Virtual size: 411KB

.data
Size: 212KB - Virtual size: 242KB

.rsrc
Size: 164KB - Virtual size: 163KB

.reloc
Size: 85KB - Virtual size: 88KB