fe3979ba64d2dc1ce4797d93304e9857570eb46675a9bb497cf54dc822545823N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

fe3979ba64d2dc1ce4797d93304e9857570eb46675a9bb497cf54dc822545823N.exe
Size

260KB
MD5

374c7cd1f5239ab5097665b46573efe0
SHA1

3dbd7e0df6d542d41784facc3b526cd67713c7fe
SHA256

fe3979ba64d2dc1ce4797d93304e9857570eb46675a9bb497cf54dc822545823
SHA512

8b2a3b40719d10ac28363b9a573a3a02f8911c79b49ef224ad9bea8dbc6d681b986be89f58e684bcc1bb7f346ac4706dbb7361ec57806d4360036bb5a97d31b0
SSDEEP

6144:Wig0jtJWzoFoAdRa3xF8/8BAN1S+kpmMLE1HP8Me:WOJQkosA37ZB2vMLE1HP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe3979ba64d2dc1ce4797d93304e9857570eb46675a9bb497cf54dc822545823N.exe

Files

fe3979ba64d2dc1ce4797d93304e9857570eb46675a9bb497cf54dc822545823N.exe
.exe .ps1 windows:5 windows x86 arch:x86 polyglot

0620399d6daf7be3c922bf8c5cdc8f67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VarUI4FromStr
LoadTypeLi
RegisterTypeLi
SysStringByteLen
SysAllocString
SysStringLen
SysAllocStringLen
SysAllocStringByteLen
VariantInit
VariantClear
UnRegisterTypeLi
SysFreeString
VarBstrCmp

ole32

CoRegisterClassObject
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoRevokeClassObject
StringFromGUID2

advapi32

InitializeSecurityDescriptor
RegOpenKeyExA
StartServiceCtrlDispatcherA
CryptReleaseContext
CreateServiceA
CryptDestroyKey
CloseServiceHandle
CryptGetProvParam
RegQueryValueExA
CryptGetHashParam
CryptCreateHash
CryptHashData
RegCloseKey
OpenSCManagerA
CryptDecrypt
RegEnumKeyExA
RegQueryInfoKeyA
OpenServiceA
RegisterServiceCtrlHandlerA
CryptDeriveKey
RegDeleteValueA
RegCreateKeyExA
ControlService
DeleteService
CryptAcquireContextA
RegDeleteKeyA
CryptDestroyHash
RegSetValueExA
SetServiceStatus
SetSecurityDescriptorDacl

shlwapi

PathFindExtensionA

user32

PostQuitMessage
DispatchMessageA
MsgWaitForMultipleObjects
DefWindowProcA
MessageBoxA
TranslateMessage
CreateWindowExA
PeekMessageA
CharUpperBuffA
LoadStringA
PostThreadMessageA
GetMessageA
CharNextA
RegisterClassExA
CharUpperA

kernel32

ResetEvent
SetEndOfFile
CreateEventA
MapViewOfFile
WideCharToMultiByte
lstrcpyA
OpenFileMappingA
IsDBCSLeadByte
ReadFile
lstrcpynA
GetLocalTime
OutputDebugStringA
WaitForMultipleObjects
SetFilePointer
TerminateThread
LoadResource
lstrcatA
DeleteCriticalSection
EnterCriticalSection
FindResourceA
CreateThread
CreateSemaphoreA
GetExitCodeThread
ReleaseSemaphore
SetThreadPriority
CreateFileA
LeaveCriticalSection
OpenEventA
LoadLibraryExA
WaitForSingleObject
GetModuleHandleA
OpenSemaphoreA
lstrcmpiA
CloseHandle
GetCommandLineA
UnmapViewOfFile
GetSystemTimeAsFileTime
CreateFileMappingA
lstrlenW
lstrlenA
GetFileSize
GetThreadLocale
SizeofResource
WriteFile
FreeLibrary
ReleaseMutex
GetACP
CreateMutexA
RaiseException
GetCurrentThreadId
LoadLibraryA
VirtualAllocEx

winspool.drv

OpenPrinterA
AddJobA
AddPrintProvidorW
EnumPrinterDriversA
EnumPrinterKeyA
EnumPrintProcessorsA
DeleteFormW
AddPrinterW
CreatePrinterIC
PrinterProperties
DeviceCapabilities
DeviceCapabilitiesA
EnumFormsA
ExtDeviceMode
EXTDEVICEMODE
EnumPrintProcessorDatatypesA
SetFormA
EndPagePrinter
DeviceCapabilitiesW
ConfigurePortA
EnumPrintProcessorsW
AddFormA
DeletePrinterDataW
DeletePrinterDataA
WritePrinter

rnr20

NSPStartup

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ZNkIU
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cpWPvNL
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.EbhUZa
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.TLaJep
Size: 1024B - Virtual size: 517B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SZTYN
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sqPQY
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ImHXZ
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UkkxOy
Size: 106KB - Virtual size: 627KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 110KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dImqo
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.QXWjAtK
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.LBqdWq
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0620399d6daf7be3c922bf8c5cdc8f67

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

ole32

advapi32

shlwapi

user32

kernel32

winspool.drv

rnr20

Sections

.text Size: 17KB - Virtual size: 17KB

.ZNkIU Size: 3KB - Virtual size: 2KB

.cpWPvNL Size: 3KB - Virtual size: 2KB

.EbhUZa Size: 1024B - Virtual size: 728B

.TLaJep Size: 1024B - Virtual size: 517B

.rdata Size: 4KB - Virtual size: 3KB

.SZTYN Size: 1KB - Virtual size: 1KB

.sqPQY Size: 3KB - Virtual size: 2KB

.ImHXZ Size: 1024B - Virtual size: 756B

.UkkxOy Size: 106KB - Virtual size: 627KB

.data Size: 110KB - Virtual size: 1.4MB

.rsrc Size: 3KB - Virtual size: 2KB

.dImqo Size: 2KB - Virtual size: 1KB

.QXWjAtK Size: 1KB - Virtual size: 1KB

.LBqdWq Size: 1KB - Virtual size: 1KB

.text
Size: 17KB - Virtual size: 17KB

.ZNkIU
Size: 3KB - Virtual size: 2KB

.cpWPvNL
Size: 3KB - Virtual size: 2KB

.EbhUZa
Size: 1024B - Virtual size: 728B

.TLaJep
Size: 1024B - Virtual size: 517B

.rdata
Size: 4KB - Virtual size: 3KB

.SZTYN
Size: 1KB - Virtual size: 1KB

.sqPQY
Size: 3KB - Virtual size: 2KB

.ImHXZ
Size: 1024B - Virtual size: 756B

.UkkxOy
Size: 106KB - Virtual size: 627KB

.data
Size: 110KB - Virtual size: 1.4MB

.rsrc
Size: 3KB - Virtual size: 2KB

.dImqo
Size: 2KB - Virtual size: 1KB

.QXWjAtK
Size: 1KB - Virtual size: 1KB

.LBqdWq
Size: 1KB - Virtual size: 1KB