1ce8fa257f64a9c37c7d3b157825fefa1aa728d3e85b1b96b33ae70934beb5baN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

1ce8fa257f64a9c37c7d3b157825fefa1aa728d3e85b1b96b33ae70934beb5baN.exe
Size

256KB
MD5

5d5d57c5343538de139616f0bdcb8800
SHA1

3bdef32136fa6edb225e1cabc63330a4609068c7
SHA256

1ce8fa257f64a9c37c7d3b157825fefa1aa728d3e85b1b96b33ae70934beb5ba
SHA512

6323dfa086be8df3b354911b4f99d079c8e1f2dec6a067c4bd8f399539d2c015ea5c318bd831eb03ccf09de6326f9b92f079a63ace5acb651cf5ab7fad28f5d0
SSDEEP

6144:+pSkwLJrufeODAS72qOisSZRmICxHK6kNdvllcC:HkWJrufop6lCHkN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ce8fa257f64a9c37c7d3b157825fefa1aa728d3e85b1b96b33ae70934beb5baN.exe

Files

1ce8fa257f64a9c37c7d3b157825fefa1aa728d3e85b1b96b33ae70934beb5baN.exe
.exe windows:4 windows x86 arch:x86

020ad0bc1d8aa3e902a81fa07ae43381

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CLSIDFromString

crypt32

CryptMsgOpenToDecode
CertAddCertificateContextToStore
CryptMsgClose
CertNameToStrA
CertCreateCertificateContext
CryptMemRealloc
CertCloseStore
CertVerifyValidityNesting
CertFreeCertificateContext
CertCompareCertificate
CryptMemFree
CryptMsgGetParam
CertDuplicateCertificateContext
CryptMemAlloc
CryptDecodeObjectEx
CryptMsgControl
CertGetIssuerCertificateFromStore
CertOpenStore
CertFindExtension
CertCompareIntegerBlob
CryptMsgUpdate
CertGetIntendedKeyUsage
CertFreeCertificateChain

kernel32

lstrlenW
GetWindowsDirectoryA
RemoveDirectoryA
HeapSize
MoveFileW
LoadResource
FreeLibrary
GetFileSize
LocalFree
GetSystemTimeAsFileTime
FileTimeToSystemTime
ReadFile
DisableThreadLibraryCalls
SetUnhandledExceptionFilter
FindResourceA
CompareFileTime
LeaveCriticalSection
DeleteCriticalSection
CreateFileW
OpenEventA
LocalAlloc
DeleteFileA
CloseHandle
PulseEvent
HeapDestroy
GetFileAttributesExA
lstrlenA
MoveFileExA
HeapFree
LoadLibraryExA
RaiseException
FindFirstFileA
CreateHardLinkA
WriteFile
DeviceIoControl
SetFilePointer
FindResourceExA
HeapReAlloc
EnterCriticalSection
WideCharToMultiByte
SetEndOfFile
SetFileAttributesW
GetCurrentThreadId
CreateEventA
CopyFileW
FindNextFileA
DeleteFileW
IsDebuggerPresent
CreateDirectoryA
CreateFileA
UnhandledExceptionFilter
DuplicateHandle
FindClose
HeapAlloc
LockResource
CopyFileExA
SetFileAttributesA
SizeofResource
WaitForSingleObject
OpenProcess
GetProcessHeap
GetModuleHandleA
VirtualAllocEx

shell32

SHGetSpecialFolderPathA

user32

CharNextA
wsprintfA
CharPrevA

shlwapi

PathFileExistsW
PathAppendA

advapi32

RegQueryValueExA
RegDeleteValueA
CryptAcquireContextA
TraceEvent
GetTraceLoggerHandle
RegCreateKeyExA
RegEnumValueA
CryptCreateHash
RegSetValueExA
GetTraceEnableFlags
CryptReleaseContext
CryptDestroyHash
RegOpenKeyExA
GetTraceEnableLevel
RegisterTraceGuidsA
CryptHashData
RegDeleteKeyA
CryptGetHashParam
RegCloseKey
UnregisterTraceGuids

certcli

CAOIDCreateNew
CAGetCAFlags
CAFindByName
CAGetCertTypeFlags
CAUpdateCA
CADeleteCA
CACreateNewCA
DllGetClassObject
CAEnumCertTypesForCA
CAAccessCheck

kbdhu

KbdLayerDescriptor

Sections

.text
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.zVPJ
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.iNOYI
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.QNimp
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BBZWp
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.LcOnp
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.aelHe
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.WlnYWfY
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ssqsSfY
Size: 512B - Virtual size: 303B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

020ad0bc1d8aa3e902a81fa07ae43381

Headers

DLL Characteristics

File Characteristics

Imports

ole32

crypt32

kernel32

shell32

user32

shlwapi

advapi32

certcli

kbdhu

Sections

.text Size: 222KB - Virtual size: 221KB

.zVPJ Size: 2KB - Virtual size: 1KB

.iNOYI Size: 3KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 22KB

.QNimp Size: 3KB - Virtual size: 2KB

.BBZWp Size: 3KB - Virtual size: 3KB

.LcOnp Size: 3KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 145KB

.rsrc Size: 2KB - Virtual size: 2KB

.aelHe Size: 512B - Virtual size: 283B

.WlnYWfY Size: 2KB - Virtual size: 1KB

.ssqsSfY Size: 512B - Virtual size: 303B

.text
Size: 222KB - Virtual size: 221KB

.zVPJ
Size: 2KB - Virtual size: 1KB

.iNOYI
Size: 3KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 22KB

.QNimp
Size: 3KB - Virtual size: 2KB

.BBZWp
Size: 3KB - Virtual size: 3KB

.LcOnp
Size: 3KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 145KB

.rsrc
Size: 2KB - Virtual size: 2KB

.aelHe
Size: 512B - Virtual size: 283B

.WlnYWfY
Size: 2KB - Virtual size: 1KB

.ssqsSfY
Size: 512B - Virtual size: 303B