b148e1f297b197270a2b86e0d59816e8034c1d2de6f70e323ca69206dc98053eN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

b148e1f297b197270a2b86e0d59816e8034c1d2de6f70e323ca69206dc98053eN.exe
Size

100KB
MD5

3e0a89a9a0d3672c8b83f8b92e505600
SHA1

3d86c4522fa405ce0515ed0f6614a0ee731db225
SHA256

b148e1f297b197270a2b86e0d59816e8034c1d2de6f70e323ca69206dc98053e
SHA512

19e391593c5618196219f0b7da82cb579e74a6b15f43eceeb0cd248ad6cd66847f3167779b135bb3b01db38fdac8450a438353ee6493f3cb1b813f2e5ba45d53
SSDEEP

3072:bgris+yd148kDuWQezI2Vn21gWNSU1901e/UbQdue:bgre3DuWQeMO9Ww1e/Uze

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b148e1f297b197270a2b86e0d59816e8034c1d2de6f70e323ca69206dc98053eN.exe

Files

b148e1f297b197270a2b86e0d59816e8034c1d2de6f70e323ca69206dc98053eN.exe
.dll windows:4 windows x86 arch:x86

2b8d11e2f3f287ad4e8ba95e30e63442

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

sqlwoa

_GetVersionEx@4
_FormatMessage@28
_LoadString@16

kernel32

GetSystemDefaultLangID
Sleep
DisableThreadLibraryCalls
CloseHandle
WaitForSingleObject
WaitForMultipleObjects
GetLastError
SetEvent
FreeLibrary
GetProcAddress
FormatMessageA
LoadLibraryExA
lstrcatA
GetModuleFileNameA
LoadLibraryA
GlobalFree
GlobalAlloc
lstrlenA
GetVersionExA
LocalFree

msvcrt

wcsncpy
wcsstr
wcscpy
malloc
free
wcscmp
wcslen
_CxxThrowException
_wcsicmp
iswspace
memset
_ltow
__CxxFrameHandler
??3@YAXPAX@Z
memcmp
_purecall
strstr
strcpy
_mbsrchr
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
wcscat
_wcsnicmp

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegOpenKeyA

user32

MessageBoxA
wsprintfA

ole32

CoInitializeSecurity
CoUninitialize
CoInitializeEx
CoCreateInstance
CoCreateInstanceEx

oleaut32

GetErrorInfo

Exports

Exports

ReplEvent
ReplStart
ReplStop

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2b8d11e2f3f287ad4e8ba95e30e63442

Headers

File Characteristics

Imports

sqlwoa

kernel32

msvcrt

advapi32

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 1KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB

.rmnet
Size: 60KB - Virtual size: 60KB