c85d31aa34ce7dc2071d63f21ccf1235a945a28a9657f91692c950b3b20662f4N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

c85d31aa34ce7dc2071d63f21ccf1235a945a28a9657f91692c950b3b20662f4N.exe
Size

6.5MB
MD5

d2e9239b464b78e9810f9ed2a5635d50
SHA1

578c55058c64b7358fb6e18de3daa3f34c1ab55b
SHA256

c85d31aa34ce7dc2071d63f21ccf1235a945a28a9657f91692c950b3b20662f4
SHA512

e8fa5a14f34c3482bccd10febd146e59d45eae27d3ac7f7b9bcabc3b00f3be7d57d75f5754637f33289a92eb23ef11f268d5c7cc3bbee0004b91c590cbfe10e8
SSDEEP

98304:xA/49G+5QTApMxlbn5IKbVflIdtKPLMLbzPSsUyrOpsDrGMp54:J9GscXxlNZ9e8PLM27NpIrxpa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c85d31aa34ce7dc2071d63f21ccf1235a945a28a9657f91692c950b3b20662f4N.exe

Files

c85d31aa34ce7dc2071d63f21ccf1235a945a28a9657f91692c950b3b20662f4N.exe
.dll windows:6 windows x86 arch:x86

fa416a713109ba9fdc7caa7189d56883

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
CloseHandle
FlushFileBuffers
GetACP
IsValidCodePage
LoadLibraryExW
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointerEx
OutputDebugStringW
SetStdHandle
WriteConsoleW
ReadConsoleW
CreateFileW
SetEndOfFile
FindFirstFileW
LockResource
GetThreadPriority
GetTempPathW
GetTempFileNameW
HeapCreate
GetPrivateProfileStringW
GetOEMCP
CreateDirectoryW
WriteFile
GetFileType
GetStdHandle
HeapSize
GetProcessHeap
WideCharToMultiByte
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetStringTypeW
GetLastError
HeapFree
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
HeapReAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
GetCPInfo
RaiseException
RtlUnwind
HeapAlloc
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsDebuggerPresent

user32

MessageBoxA
GetSystemMetrics
IsIconic
KillTimer
GetParent
CreateMenu
SetScrollRange
WaitMessage
PostMessageW
CheckDlgButton
IsDlgButtonChecked
AppendMenuA
CheckRadioButton
RegisterClassW
SetWindowTextW
SetMenuItemInfoW
SetScrollInfo
GetMessageTime
ShowOwnedPopups
MsgWaitForMultipleObjects
GetDC
GetDesktopWindow
GetDlgItemTextW
GetClassNameW

gdi32

LineTo
GetCharacterPlacementW
CreateFontIndirectA
DeleteObject
CreateCompatibleBitmap
CreateBrushIndirect
SaveDC
RealizePalette
GetTextExtentExPointA
CreateRectRgn
ExtTextOutA
CreateRectRgnIndirect
UpdateColors
PatBlt

comdlg32

GetSaveFileNameW
FindTextW

advapi32

RegQueryInfoKeyW
GetUserNameA

shell32

SHGetFileInfoW
Shell_NotifyIconW

oleaut32

VariantChangeType
SafeArrayGetLBound

Exports

Exports

?__bzwsve@@YAGXZ
?__ggklyhylfmmz@@YAHXZ
?__gumgf@@YAHXZ
?__jpkasswfr@@YAHXZ
?__mtfjzyfowtlo@@YAFXZ
?__pycbq@@YAFXZ
?__wzgcsvxc@@YA_KXZ
?__xdbhev@@YAIXZ
?__xqvlph@@YA_WXZ

Sections

.text
Size: 468KB - Virtual size: 467KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.roxdp
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ctwbqu
Size: 512B - Virtual size: 43B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5.9MB - Virtual size: 95.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.roxdp
Size: 512B - Virtual size: 278B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ctwbqu
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fa416a713109ba9fdc7caa7189d56883

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

oleaut32

Exports

Exports

Sections

.text Size: 468KB - Virtual size: 467KB

.roxdp Size: 512B - Virtual size: 32B

.ctwbqu Size: 512B - Virtual size: 43B

.data Size: 5.9MB - Virtual size: 95.6MB

.idata Size: 3KB - Virtual size: 3KB

.roxdp Size: 512B - Virtual size: 278B

.ctwbqu Size: 2KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 468KB - Virtual size: 467KB

.roxdp
Size: 512B - Virtual size: 32B

.ctwbqu
Size: 512B - Virtual size: 43B

.data
Size: 5.9MB - Virtual size: 95.6MB

.idata
Size: 3KB - Virtual size: 3KB

.roxdp
Size: 512B - Virtual size: 278B

.ctwbqu
Size: 2KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 12KB