188cb12cec34f38fa549630338e59ab229b740c4e57cf6d09c1a1e15b77c84caN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

188cb12cec34f38fa549630338e59ab229b740c4e57cf6d09c1a1e15b77c84caN.exe
Size

6.7MB
MD5

2532c213b6769eb6b61fc4601f944280
SHA1

5879ffcfac45b7fc55d530401a1c041a695a92c5
SHA256

188cb12cec34f38fa549630338e59ab229b740c4e57cf6d09c1a1e15b77c84ca
SHA512

4fd9f3891cb843ed5d87aae496168c46c22eed72aa0f5a0d8dbb500ce0fc6a7c6a743cb37b6355e74733e438a78cc630f62f068326ae2c1c922265413d988be5
SSDEEP

49152:B3QVGCKKVwbbZzOIniBJy0BK7JHCRrdfOzsOaR0IxEgkUA1/gRE3RhgJIC9weS6d:B3QwCKusN1qBkJajAZj64/gZ85XH9js

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
188cb12cec34f38fa549630338e59ab229b740c4e57cf6d09c1a1e15b77c84caN.exe

Files

188cb12cec34f38fa549630338e59ab229b740c4e57cf6d09c1a1e15b77c84caN.exe
.exe windows:4 windows x86 arch:x86

e39d31926c2a9a61bce453bce5997787

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryA
GetFullPathNameA
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
FileTimeToLocalFileTime
FileTimeToSystemTime
IsBadCodePtr
IsBadReadPtr
SetConsoleCtrlHandler
RaiseException
FlushConsoleInputBuffer
lstrlenA
GetLocaleInfoA
VirtualProtect
SetStdHandle
SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringW
GetCPInfo
CompareStringA
VirtualQuery
InterlockedExchange
GetStringTypeW
LCMapStringW
LCMapStringA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
HeapSize
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
RtlUnwind
HeapReAlloc
ExitProcess
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
SetLastError
GetModuleHandleA
MoveFileExA
LocalAlloc
LocalLock
LocalUnlock
LocalFree
GetSystemInfo
GlobalMemoryStatus
GetWindowsDirectoryA
GetDriveTypeA
GetVolumeInformationA
GetTimeZoneInformation
GetSystemDefaultLangID
GetSystemDefaultLCID
GetComputerNameA
GetCurrentThreadId
GetTickCount
GetVersion
GetSystemDirectoryA
SetEndOfFile
FlushFileBuffers
WriteFile
UnlockFile
LockFile
ReadFile
SetFilePointer
FindResourceA
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetVersionExA
FreeLibrary
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
SetErrorMode
LoadLibraryA
GetProcAddress
GetProfileStringA
InterlockedDecrement
CreateProcessA
RemoveDirectoryA
GetExitCodeProcess
OpenProcess
TerminateProcess
CreateEventA
ResetEvent
CreateFileMappingA
MapViewOfFile
WaitForSingleObject
GetCurrentProcess
DuplicateHandle
Beep
CreateFileA
GetFileSize
CloseHandle
GetDiskFreeSpaceA
FindFirstFileA
FindNextFileA
FindClose
GetLastError
SetFileAttributesA
MultiByteToWideChar
WideCharToMultiByte
SetUnhandledExceptionFilter
DeleteFileA
Sleep
CreateDirectoryA
GetStringTypeA

user32

PeekMessageA
GetQueueStatus
GetMessageA
DestroyWindow
GetClientRect
SetFocus
ShowWindow
CreateWindowExA
GetSystemMetrics
SystemParametersInfoA
RegisterClassA
LoadCursorA
LoadIconA
wsprintfA
ReleaseDC
DrawIcon
GetWindowDC
TranslateMessage
GetWindowLongA
SetWindowLongA
EndPaint
BeginPaint
DefWindowProcA
FillRect
SetRect
MessageBoxA
GetKeyboardState
GetDC
EnumDisplaySettingsA
ShowCaret
SetCaretPos
CreateCaret
HideCaret
EnumWindows
SendMessageA
InvalidateRect
DispatchMessageA
SetWindowPos
PtInRect
GetWindowThreadProcessId
PostMessageA
WaitForInputIdle
KillTimer
LoadImageA
SetTimer
FrameRect
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
GetKeyState
SetScrollPos
GetFocus
GetUpdateRect
PostQuitMessage
GetCursorPos
RegisterClassExA
SetScrollInfo
ShowScrollBar
UpdateWindow
GetDesktopWindow

winspool.drv

ClosePrinter
EndDocPrinter
StartDocPrinterA
WritePrinter
StartPagePrinter
EndPagePrinter
OpenPrinterA
DocumentPropertiesA
DeviceCapabilitiesA

gdi32

LineTo
PaintRgn
GetObjectA
CreateHalftonePalette
GetDIBColorTable
CreatePalette
SelectPalette
RealizePalette
PtInRegion
EndDoc
AbortDoc
StartDocA
GetEnhMetaFileBits
DeleteEnhMetaFile
EndPage
StartPage
Escape
SetTextCharacterExtra
PatBlt
MoveToEx
GetTextMetricsA
StretchBlt
SetStretchBltMode
GetTextExtentPointA
SetTextAlign
CreateBitmap
SetBkMode
GetRgnBox
SelectClipRgn
FrameRgn
BitBlt
CreateFontIndirectA
SetTextColor
CreatePen
SetBkColor
CreateSolidBrush
SelectObject
DeleteObject
GetStockObject
CreateCompatibleDC
GetDeviceCaps
DeleteDC
CreateRectRgn
SetRectRgn
CombineRgn
CreateEnhMetaFileA
CreateCompatibleBitmap
CreateDCA
PlayEnhMetaFile
SetEnhMetaFileBits
GetEnhMetaFileHeader
GetDIBits
SetTextJustification
TextOutA
CloseEnhMetaFile

wininet

HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetQueryDataAvailable
HttpQueryInfoA
HttpEndRequestA
InternetAttemptConnect
InternetWriteFile
HttpSendRequestExA
InternetQueryOptionA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetCreateUrlA
InternetSetOptionA
InternetCloseHandle
FtpOpenFileA
InternetSetFilePointer
InternetReadFile

wsock32

gethostbyname
ioctlsocket
ntohs
htonl
closesocket
connect
recv
send
WSAGetLastError
htons
shutdown
WSASetLastError
accept
WSAAsyncSelect
WSACleanup
WSAStartup
socket
inet_addr
gethostbyaddr
getsockname
ntohl

odbc32

ord75
ord41
ord11
ord36
ord18
ord16
ord14
ord15
ord13
ord4
ord27
ord24

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CryptReleaseContext
CryptGenRandom
RegEnumValueA
RegEnumKeyExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
CryptAcquireContextA

rpcrt4

UuidFromStringA

rasapi32

RasHangUpA

ole32

CoInitialize
CoCreateGuid
CoCreateInstance
CLSIDFromProgID
CoUninitialize

oleaut32

SysAllocString
VariantClear
GetErrorInfo
VariantInit
SysFreeString

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 192KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 88KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e39d31926c2a9a61bce453bce5997787

Headers

File Characteristics

Imports

kernel32

user32

winspool.drv

gdi32

wininet

wsock32

odbc32

advapi32

rpcrt4

rasapi32

ole32

oleaut32

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 192KB - Virtual size: 190KB

.data Size: 88KB - Virtual size: 1.0MB

.data1 Size: 8KB - Virtual size: 6KB

.rsrc Size: 3.5MB - Virtual size: 3.5MB

.reloc Size: 144KB - Virtual size: 141KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 192KB - Virtual size: 190KB

.data
Size: 88KB - Virtual size: 1.0MB

.data1
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 3.5MB - Virtual size: 3.5MB

.reloc
Size: 144KB - Virtual size: 141KB