055b86babbad97d1748ff47d1aca7cffb6f388f000d683762a656bd235575bcdN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

055b86babbad97d1748ff47d1aca7cffb6f388f000d683762a656bd235575bcdN.exe
Size

629KB
MD5

2d7908d0a16749d3ee2b5cd5cf5cf0b0
SHA1

40d0161531df12c9a6e03c7b4ac828c9117f7b65
SHA256

055b86babbad97d1748ff47d1aca7cffb6f388f000d683762a656bd235575bcd
SHA512

beff7732e68a0044b92c6b93ce87bf0aa48548f96d08ed278cea47084fb880c27019b72f028a6e85482af5d5b8cfe93734de46e605dceb3ea4666c0e0446b51b
SSDEEP

6144:w7Y5jhOQVGpSFgwaqILYv7ervb9PvFThuKXEPCNQXEMLbtv0207H+OvWU:wEpMQVmFwaX6e9XDX1NMDftHDOuU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
055b86babbad97d1748ff47d1aca7cffb6f388f000d683762a656bd235575bcdN.exe

Files

055b86babbad97d1748ff47d1aca7cffb6f388f000d683762a656bd235575bcdN.exe
.exe windows:5 windows x86 arch:x86

e8e0d439338c6268b1c3fbe48081b4ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\7.Works\RAONK\RAONK.SVC\bin\raonk.svc.pdb

Imports

kernel32

CreateFileW
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
CopyFileW
FindResourceExW
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
DeleteCriticalSection
WriteConsoleW
SetStdHandle
FlushFileBuffers
CreateProcessA
GetExitCodeProcess
TerminateProcess
OpenProcess
CreateProcessW
GetShortPathNameW
GetCurrentProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleFileNameW
DeleteFileW
SetFileAttributesW
GetFileAttributesW
Sleep
WideCharToMultiByte
MultiByteToWideChar
SetEvent
TerminateThread
GetExitCodeThread
CloseHandle
WaitForSingleObject
CreateThread
CreateEventW
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleHandleW
VerifyVersionInfoW
FindResourceW
VerSetConditionMask
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LCMapStringW
CompareStringW
GetStringTypeW
LoadLibraryExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
WriteFile
GetFileType
GetStdHandle
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetFileAttributesExW
GetCommandLineW
RtlUnwind
ExitProcess
GetModuleHandleExW
AreFileApisANSI
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
SetEnvironmentVariableA

user32

wsprintfW
FindWindowW
GetWindowThreadProcessId

advapi32

RegCloseKey
RegSetValueExW
RegCreateKeyExW
ControlService
StartServiceW
QueryServiceStatus
CreateProcessAsUserW
DuplicateTokenEx
RevertToSelf
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
DeregisterEventSource
ReportEventW
RegisterEventSourceW
DeleteService
OpenServiceW
CloseServiceHandle
UnlockServiceDatabase
ChangeServiceConfig2W
LockServiceDatabase
CreateServiceW
OpenSCManagerW
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
GetTokenInformation

ole32

OleUninitialize
OleInitialize

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW

wininet

InternetSetOptionW
HttpOpenRequestW
HttpSendRequestW
InternetOpenW
InternetConnectW
InternetCloseHandle
HttpQueryInfoW
HttpAddRequestHeadersA

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 404KB - Virtual size: 996KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8e0d439338c6268b1c3fbe48081b4ca

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

userenv

version

wtsapi32

wininet

Sections

.text Size: 99KB - Virtual size: 98KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 85KB - Virtual size: 84KB

.reloc Size: 404KB - Virtual size: 996KB

.text
Size: 99KB - Virtual size: 98KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 85KB - Virtual size: 84KB

.reloc
Size: 404KB - Virtual size: 996KB