0349c0244f43c7e93faa94252aa021bdafaa23f107195ede3cd97053e51f48f4N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

0349c0244f43c7e93faa94252aa021bdafaa23f107195ede3cd97053e51f48f4N.exe
Size

180KB
MD5

7dac3b76d7bc1099661ca50b6d07f900
SHA1

47b4e9d5cd2c1e6e7fb65a1383eb837a1fe4247d
SHA256

0349c0244f43c7e93faa94252aa021bdafaa23f107195ede3cd97053e51f48f4
SHA512

05fbc02e0c22f9d3bba2f82b2347850307a3e1887048df3eef68f7a4ca8c9dd16aa38c37a73e11b872e09190baffe4d11f72a961ea6ff3e5bdde979aeebc1c2b
SSDEEP

3072:9zrv9Kut6gd22OJ9xbNHdMPBjaysxzv9TWUbgv3oh:ZL9ht6g42MSJS1636

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0349c0244f43c7e93faa94252aa021bdafaa23f107195ede3cd97053e51f48f4N.exe

Files

0349c0244f43c7e93faa94252aa021bdafaa23f107195ede3cd97053e51f48f4N.exe
.exe windows:4 windows x86 arch:x86

c4089aa16f26204a0b6802d35ccb0bc9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RevertToSelf
LsaQueryTrustedDomainInfoByName

imm32

ImmConfigureIMEW
ImmGetCandidateListA
ImmSetCompositionStringW
ImmGetRegisterWordStyleW
ImmRegisterWordW
ImmSetCompositionStringA
ImmInstallIMEA
ImmGetOpenStatus
ImmSetCompositionFontA
ImmGetIMEFileNameW
ImmSetCandidateWindow
ImmIsUIMessageW
ImmEnumRegisterWordW
ImmUnregisterWordA
ImmInstallIMEW
ImmEscapeA
ImmGetGuideLineW
ImmEscapeW
ImmSetCompositionWindow
ImmGetDefaultIMEWnd
ImmGetVirtualKey
ImmGetCompositionWindow
ImmAssociateContext
ImmCreateContext
ImmGetCandidateWindow
ImmGetCompositionFontA
ImmSetConversionStatus
ImmGetRegisterWordStyleA
ImmSetStatusWindowPos
ImmGetConversionListW
ImmGetDescriptionA
ImmReleaseContext
ImmIsUIMessageA
ImmGetConversionStatus
ImmGetStatusWindowPos
ImmUnregisterWordW
ImmGetDescriptionW
ImmGetIMEFileNameA
ImmSetCompositionFontW
ImmGetConversionListA
ImmGetGuideLineA
ImmConfigureIMEA
ImmGetCandidateListW
ImmSimulateHotKey
ImmEnumRegisterWordA
ImmGetCandidateListCountA
ImmNotifyIME
ImmGetContext
ImmGetCompositionFontW

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
_acmdln
exit
_XcptFilter
memcmp
_except_handler3
__getmainargs
_exit

wininet

FindNextUrlCacheEntryExA

user32

IsDialogMessageA
GetSystemMenu
ChangeMenuA
LoadMenuW
GetDlgItemTextW
GetMenuStringA
CheckDlgButton
GetKBCodePage
CharNextA
IsCharLowerW
GetProcessWindowStation
SendMessageCallbackA
SetMessageQueue
ChangeDisplaySettingsExW
ChangeMenuW

rpcrt4

I_RpcAsyncSetHandle

nddeapi

ord607
ord611
ord610
ord503
ord606
ord511
ord510
ord512
ord506
ord500
ord602
ord612
ord613
ord603
ord609

gdi32

SetTextJustification
PtInRegion
ColorMatchToTarget
CombineRgn
GetTextExtentPoint32W
CloseEnhMetaFile
DrawEscape
GetPath
GetDCOrgEx
GetNearestPaletteIndex
FillRgn
DPtoLP
EnumFontFamiliesA
CreateRectRgn
SetBrushOrgEx
GetObjectA
ExtCreateRegion
CopyMetaFileA
GetFontLanguageInfo

ole32

OleIsCurrentClipboard
OleDuplicateData
CoGetStandardMarshal
OleGetIconOfClass
CreateItemMoniker
CoTaskMemFree
CoGetInterfaceAndReleaseStream
RegisterDragDrop
CoDosDateTimeToFileTime
StgGetIFillLockBytesOnFile
CoReleaseServerProcess
FmtIdToPropStgName
CoRegisterMallocSpy
CoMarshalInterface
OleSetMenuDescriptor
CoGetMalloc
CoCreateFreeThreadedMarshaler
HMENU_UserSize
HGLOBAL_UserUnmarshal
FreePropVariantArray
CoFreeAllLibraries
BindMoniker
CoReleaseMarshalData
CoFileTimeToDosDateTime
HGLOBAL_UserFree
HGLOBAL_UserMarshal
CoRevokeMallocSpy
ReleaseStgMedium
CreateAntiMoniker
CoGetMarshalSizeMax

shell32

SHGetPathFromIDListA
ShellExecuteW
SHInvokePrinterCommandA
SHGetDesktopFolder
ShellExecuteExW
SHGetFileInfoA
SHBrowseForFolderA
FindExecutableA
ShellAboutA
SHGetMalloc

oleaut32

SafeArrayGetVartype
VarI2FromBool
VarRound
SysStringLen
BstrFromVector
VarDecFromUI1
LoadTypeLibEx
VarR4FromStr
VarXor
VarUI1FromR8
VarR4FromR8
VarR4FromI2

comctl32

ImageList_GetImageCount

kernel32

GetStartupInfoA
GetModuleHandleA

oleacc

ObjectFromLresult
AccessibleObjectFromPoint
WindowFromAccessibleObject
GetRoleTextW
AccessibleObjectFromWindow
GetStateTextA
GetRoleTextA

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 645KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4089aa16f26204a0b6802d35ccb0bc9

Headers

File Characteristics

Imports

advapi32

imm32

msvcrt

wininet

user32

rpcrt4

nddeapi

gdi32

ole32

shell32

oleaut32

comctl32

kernel32

oleacc

Sections

.text Size: 108KB - Virtual size: 106KB

.rdata Size: 40KB - Virtual size: 38KB

.data Size: 8KB - Virtual size: 645KB

.rsrc Size: 20KB - Virtual size: 16KB

.text
Size: 108KB - Virtual size: 106KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 8KB - Virtual size: 645KB

.rsrc
Size: 20KB - Virtual size: 16KB