d515f35ccbb023e295b867f09f99429740ad8f25143f6147b9734e35bd63e21dN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

d515f35ccbb023e295b867f09f99429740ad8f25143f6147b9734e35bd63e21dN.exe
Size

121KB
MD5

b1a61eebc4c589e1e1e6c8f072db3b60
SHA1

68f60fd2dacd9385e69edb2aeb501064cee43d47
SHA256

d515f35ccbb023e295b867f09f99429740ad8f25143f6147b9734e35bd63e21d
SHA512

f93d6d83ef9573d50c95f506e60b1f949535fcb89f09ed2059fe5bca0dc7bba227f73ea6058f671bd848579151a7a495fd5af58ce0a84e115fd6de8bfddfe759
SSDEEP

3072:DxGX7p33ODAAvGa39o3kYQe/bqaoHVrhp/eT4iT9oB1:I9+Aa3yhTCnp/lips

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d515f35ccbb023e295b867f09f99429740ad8f25143f6147b9734e35bd63e21dN.exe

Files

d515f35ccbb023e295b867f09f99429740ad8f25143f6147b9734e35bd63e21dN.exe
.exe windows:5 windows x86 arch:x86

aef979d3ba0964d90557328fbda54a9f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

OSQL.pdb

Imports

kernel32

lstrlenW
GetEnvironmentVariableW
GetVersionExA
GetStdHandle
MultiByteToWideChar
GlobalLock
GlobalAlloc
GetModuleFileNameW
SetLastError
CloseHandle
GetFileType
CreateFileW
GlobalFree
LocalFree
FormatMessageW
GetLastError
ExitProcess
WideCharToMultiByte
SetConsoleMode
GetConsoleMode
Sleep
GetConsoleScreenBufferInfo
GetComputerNameW
GlobalUnlock
GetCommandLineW
GetModuleHandleW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetConsoleCtrlHandler
GetUserDefaultUILanguage
GetFullPathNameW
FindFirstFileW
FindClose
FreeLibrary
LoadLibraryW
GetProcAddress
InterlockedCompareExchange
InterlockedExchange
WriteFile

msvcr80

wcstok
_wtoi
iswctype
_wcsnicmp
fwrite
fread
_wfopen
fopen
fclose
_setmode
_fileno
rewind
wprintf
_dup2
fwprintf
wcschr
wcsstr
fputwc
vfwprintf
memcpy
_errno
fputws
fgetws
_fputwchar
clock
_fdopen
_wgetenv
_wtol
_setmbcp
_wsetlocale
_dup
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
free
malloc
fflush
__iob_func
memmove
memset
wcsncpy
_wcsicmp
_time64
wcstol
realloc

user32

LoadStringA
LoadStringW

odbc32

ord135
ord9
ord155
ord139
ord31
ord111
ord72
ord16
ord61
ord138
ord20
ord64
ord176
ord141
ord150
ord75
ord24
ord132
ord110
ord13
ord43
ord5
ord127
ord108
ord136

advapi32

LsaNtStatusToWinError

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

aef979d3ba0964d90557328fbda54a9f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcr80

user32

odbc32

advapi32

Sections

.text Size: 34KB - Virtual size: 33KB

.data Size: 512B - Virtual size: 6KB

.rsrc Size: 80KB - Virtual size: 80KB

.text
Size: 34KB - Virtual size: 33KB

.data
Size: 512B - Virtual size: 6KB

.rsrc
Size: 80KB - Virtual size: 80KB