cd5fb931ce270ebec45d49a842a0427e5c6e837b9e35119880ff7caa95002a9fN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

cd5fb931ce270ebec45d49a842a0427e5c6e837b9e35119880ff7caa95002a9fN.exe
Size

248KB
MD5

83d98a6cd986e6b33ff55f52b79d3080
SHA1

ee8d6e58d27211c1c803e65f66307f85323bcdcc
SHA256

cd5fb931ce270ebec45d49a842a0427e5c6e837b9e35119880ff7caa95002a9f
SHA512

bf951003f45a2ddebf5a4d4295a85f4b13eeeef91d6d0e02bc579b6fc4da2140483c1183c65b447e31f180879a2e22d6ff64a6172650aaa54396dd7cb0b6afd3
SSDEEP

3072:rmsDm4U1esoRoNRkLUzQwF9qhnfNc5MOt8MaqHE8KXzOKSNzV9brTzTnxIH38MQj:rmgm4KoRIRkGQ4sxMMlMJ5tWHsLZOzov

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd5fb931ce270ebec45d49a842a0427e5c6e837b9e35119880ff7caa95002a9fN.exe

Files

cd5fb931ce270ebec45d49a842a0427e5c6e837b9e35119880ff7caa95002a9fN.exe
.exe windows:4 windows x86 arch:x86

a0461669f8f39e4d7bc9ab4f70913b8c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

Netbios

wsock32

ntohl
listen
accept
htons
bind
inet_addr
ntohs
send
recv
socket
WSAGetLastError
setsockopt
sendto
select
recvfrom
closesocket
WSAStartup
WSACleanup
htonl

comctl32

ord17
ord6

kernel32

SetFilePointer
CreateFileA
WaitForSingleObject
GetModuleFileNameA
GetLocalTime
MoveFileA
GetLastError
DeleteFileA
GetFileSize
GetPrivateProfileStringA
WinExec
GlobalAddAtomA
GlobalDeleteAtom
GlobalFindAtomA
GetVersion
FreeLibrary
GetProcAddress
LoadLibraryA
OutputDebugStringA
GetModuleHandleA
Beep
CreateEventA
GetTickCount
InterlockedIncrement
InterlockedDecrement
VirtualFree
WaitForMultipleObjects
VirtualAlloc
GetComputerNameA
GetPrivateProfileIntA
lstrcmpA
InterlockedExchange
ResetEvent
CreateThread
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrlenA
CreateFileMappingA
lstrcpynA
GetConsoleCP
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
ReadFile
MultiByteToWideChar
HeapReAlloc
HeapCreate
HeapDestroy
RaiseException
GetStdHandle
GetOEMCP
GetACP
GetCPInfo
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
WriteFile
GetStartupInfoA
GetProcessHeap
GetCommandLineA
RtlUnwind
GetFileAttributesA
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
ExitProcess
GetCurrentThreadId
ReleaseMutex
lstrcatA
CreateMutexA
MapViewOfFile
lstrcpyA
SetEvent
Sleep
UnmapViewOfFile
OpenEventA
OpenFileMappingA
CloseHandle
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetVersionExA

user32

LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
RegisterClassExA
PostQuitMessage
DrawTextA
DefWindowProcA
DestroyWindow
FindWindowA
DialogBoxParamA
PostMessageA
IsIconic
BeginPaint
GetSystemMetrics
GetClientRect
DrawIcon
EndPaint
SetTimer
KillTimer
EndDialog
UpdateWindow
LoadCursorA
SetCursor
GetCursorPos
SetForegroundWindow
LoadMenuA
GetSubMenu
EnableMenuItem
TrackPopupMenu
DestroyMenu
ShowWindow
EnableWindow
SetFocus
LoadIconA
wsprintfA
LoadImageA
LoadStringA
GetDlgItem
SetWindowTextA
SendMessageA
MessageBoxA
CreateWindowExA

gdi32

DeleteObject

advapi32

OpenSCManagerA
RegisterEventSourceA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyA
DeregisterEventSource
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
ChangeServiceConfigA
StartServiceA
ControlService
QueryServiceStatus
CreateServiceA
OpenServiceA
CloseServiceHandle
DeleteService
ReportEventA

shell32

Shell_NotifyIconA

hid

HidD_GetHidGuid
HidD_FreePreparsedData
HidP_GetCaps
HidD_GetPreparsedData
HidD_SetFeature
HidD_GetFeature
HidD_GetSerialNumberString
HidD_GetProductString
HidD_GetAttributes
HidD_FlushQueue

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList

Exports

Exports

_Rockey@36

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a0461669f8f39e4d7bc9ab4f70913b8c

Headers

File Characteristics

Imports

netapi32

wsock32

comctl32

kernel32

user32

gdi32

advapi32

shell32

hid

setupapi

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 101KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 12KB - Virtual size: 58KB

.rsrc Size: 108KB - Virtual size: 108KB

.text
Size: 104KB - Virtual size: 101KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 12KB - Virtual size: 58KB

.rsrc
Size: 108KB - Virtual size: 108KB