433118df41a9d107fe7e07128186fcfb7b934ffcb7a1aadb3cc02fb6900cb4d1N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

433118df41a9d107fe7e07128186fcfb7b934ffcb7a1aadb3cc02fb6900cb4d1N.exe
Size

723KB
MD5

bae1382ebc9b5bfa167c1f27a2de9a50
SHA1

fffba10e15287bab45038f2698c260bef7574674
SHA256

433118df41a9d107fe7e07128186fcfb7b934ffcb7a1aadb3cc02fb6900cb4d1
SHA512

61eeb9459add2df90bb50ba91497bdf750abcab569b8502852d4b3211d187f15b9fc8aa18b1f40e44ec5bc62ab2ebb2ffd46febe8642a7e7ad7dbcbb20ac6cba
SSDEEP

12288:9Vt+vOLEZ1kxCNYyJElzxRs0uZz5LVI7Tua9dVo4t4qM20Gq7ADHfaZZkz:9+v7kKqXTua9dVjt0CHeQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
433118df41a9d107fe7e07128186fcfb7b934ffcb7a1aadb3cc02fb6900cb4d1N.exe

Files

433118df41a9d107fe7e07128186fcfb7b934ffcb7a1aadb3cc02fb6900cb4d1N.exe
.exe windows:5 windows x86 arch:x86

66a0a60d30f6e33b7471114de29e7d94

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
DuplicateToken
OpenProcessToken
GetTokenInformation
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
ChooseColorW

psapi

GetProcessImageFileNameW

shlwapi

PathFileExistsW
SHDeleteKeyW

kernel32

DeleteCriticalSection
Sleep
MulDiv
lstrcpyW
LoadLibraryW
GetModuleFileNameW
GetModuleHandleW
OutputDebugStringA
GetTempPathW
SetPriorityClass
VerifyVersionInfoW
InterlockedDecrement
lstrlenW
GlobalReAlloc
lstrcpyA
lstrlenA
WideCharToMultiByte
ReleaseMutex
CreateMutexW
DecodePointer
FreeLibrary
VirtualProtect
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
IsProcessorFeaturePresent
LocalFree
LocalAlloc
SetLastError
MultiByteToWideChar
LeaveCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
FindNextFileA
FindFirstFileExA
FindClose
SetStdHandle
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
MoveFileExW
ReadFile
GetACP
GetFileAttributesExW
RtlUnwind
OutputDebugStringW
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStringTypeW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
EnterCriticalSection
InitializeCriticalSection
GetLastError
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
OpenProcess
GetProcAddress
VerSetConditionMask
DeleteFileW
WritePrivateProfileSectionW
SetEndOfFile
WriteConsoleW
FlushFileBuffers
CreateFileW
SetEnvironmentVariableW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetPrivateProfileStringW
CreateEventW
GetTickCount
CloseHandle
WaitForSingleObject
SetEvent
CreateThread
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
LockResource
FindResourceW
SizeofResource
LoadResource

user32

GetFocus
BeginPaint
EndPaint
InvalidateRgn
GetWindowTextLengthW
FrameRect
InflateRect
IntersectRect
GetParent
EnumChildWindows
EnumThreadWindows
GetClassNameW
SystemParametersInfoW
TranslateMessage
GetMessageW
RegisterWindowMessageW
CallNextHookEx
SetForegroundWindow
BringWindowToTop
TrackPopupMenu
GetSubMenu
DestroyMenu
LoadMenuW
GetSystemMetrics
CallWindowProcW
GetWindowLongW
GetSysColor
DialogBoxParamW
CreateDialogParamW
DefWindowProcW
SetMenuDefaultItem
CheckMenuItem
IsClipboardFormatAvailable
GetClipboardOwner
LockWindowUpdate
GetWindowTextA
SetWindowTextA
SendMessageA
GetTabbedTextExtentW
RegisterRawInputDevices
GetRawInputData
IsDialogMessageW
LoadStringW
UnhookWindowsHookEx
SetWindowsHookExW
RegisterShellHookWindow
FindWindowW
GetMenuDefaultItem
RegisterClassExW
PostQuitMessage
ToAsciiEx
DispatchMessageW
SetFocus
DrawTextW
SetWindowPos
DestroyWindow
CreateWindowExW
DrawTextA
GetDC
ReleaseDC
DestroyIcon
LoadIconW
LoadCursorW
SetCursor
RedrawWindow
GetWindowDC
UpdateWindow
KillTimer
CreateIconIndirect
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
RegisterClipboardFormatW
SetWindowLongW
GetClipboardFormatNameW
EmptyClipboard
PostMessageW
GetKeyState
GetAsyncKeyState
GetKeyboardState
VkKeyScanW
SendInput
LoadKeyboardLayoutW
ActivateKeyboardLayout
GetKeyboardLayoutNameW
GetKeyboardLayout
VkKeyScanExW
MapVirtualKeyExW
OpenDesktopW
SetThreadDesktop
CloseDesktop
GetThreadDesktop
OpenWindowStationW
SetTimer
ReleaseCapture
SetCapture
ShowWindow
DrawIconEx
PtInRect
FillRect
InvalidateRect
EndDialog
GetWindowRect
EnableWindow
MoveWindow
SetWindowTextW
SendDlgItemMessageW
GetDlgItem
GetGUIThreadInfo
LoadImageW
GetWindowThreadProcessId
EnumWindows
FindWindowExW
WindowFromPoint
ScreenToClient
GetCursorPos
MessageBeep
MessageBoxW
GetClientRect
GetWindowTextW
GetForegroundWindow
IsWindowUnicode
IsWindow
SendMessageW
GetProcessWindowStation
SetProcessWindowStation
CloseWindowStation

gdi32

GetTextExtentPoint32W
SetBkColor
TextOutW
BitBlt
CreateCompatibleBitmap
LineTo
Rectangle
SetBkMode
GetTextExtentPoint32A
PatBlt
ExtTextOutW
GetStockObject
CreatePen
CreateSolidBrush
DeleteDC
CreateDIBSection
MoveToEx
SetTextColor
CreateFontW
SelectObject
AddFontMemResourceEx
DeleteObject
GetDeviceCaps
CreateCompatibleDC

shell32

SHGetFolderPathW
Shell_NotifyIconW
ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

gdiplus

GdipCreateFromHDC
GdipDeleteGraphics
GdipDeletePen
GdipCreatePen1
GdipAddPathArcI
GdipClosePathFigure
GdipResetPath
GdipDeletePath
GdipCreatePath
GdiplusStartup
GdipFree
GdipAlloc
GdipDrawRectangleI
GdipDrawPath
GdipSetPenDashStyle
GdipStartPathFigure

uxtheme

SetWindowTheme
GetThemeInt
GetThemeColor
GetThemeBackgroundContentRect
DrawThemeBackground
CloseThemeData
OpenThemeData

comctl32

ord413
ord412
ord410
ImageList_GetIconSize
ImageList_Draw

Sections

.text
Size: 383KB - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66a0a60d30f6e33b7471114de29e7d94

Headers

File Characteristics

Imports

advapi32

comdlg32

psapi

shlwapi

kernel32

user32

gdi32

shell32

ole32

oleaut32

version

gdiplus

uxtheme

comctl32

Sections

.text Size: 383KB - Virtual size: 383KB

.rdata Size: 135KB - Virtual size: 135KB

.data Size: 25KB - Virtual size: 67KB

.gfids Size: 512B - Virtual size: 460B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 149KB - Virtual size: 148KB

.reloc Size: 27KB - Virtual size: 27KB

.text
Size: 383KB - Virtual size: 383KB

.rdata
Size: 135KB - Virtual size: 135KB

.data
Size: 25KB - Virtual size: 67KB

.gfids
Size: 512B - Virtual size: 460B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 149KB - Virtual size: 148KB

.reloc
Size: 27KB - Virtual size: 27KB