73a43d6486e0cf221353e0e7186a1a0c6b8ff4168d51540a2eb0ea4f7c6c4a23N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

73a43d6486e0cf221353e0e7186a1a0c6b8ff4168d51540a2eb0ea4f7c6c4a23N.exe
Size

244KB
MD5

e498d06a07de6b39a8c0a0615ee59ac0
SHA1

649712cde9d1971019b626b065ceba860b8cec8b
SHA256

73a43d6486e0cf221353e0e7186a1a0c6b8ff4168d51540a2eb0ea4f7c6c4a23
SHA512

afd393d447df47fc0761e1f5e6de2f278886e1775b91f79400c5979d71a6ebddd03b8ee9afa7de2031d0d833baa03b29a2805321beca6e420109f6050e11e37b
SSDEEP

6144:3xsBCdxkQkkdY86fiCOZj3qj+BV+UdvrEFp7hKmd:Hojx857K+BjvrEH7V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
73a43d6486e0cf221353e0e7186a1a0c6b8ff4168d51540a2eb0ea4f7c6c4a23N.exe

Files

73a43d6486e0cf221353e0e7186a1a0c6b8ff4168d51540a2eb0ea4f7c6c4a23N.exe
.dll windows:5 windows x86 arch:x86

e640203e5364b72b15c04e99335da11c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\GitProjectsEx\hdt_sue_windows\hdt_css_common\windows\code\css_core2\css_core\Release\css_core.pdb

Imports

kernel32

GetFileAttributesA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
SetEvent
GetCurrentThreadId
ResetEvent
WaitForSingleObject
TerminateThread
CloseHandle
DeviceIoControl
CreateFileA
CreateEventA
CancelIo
GetVersionExA
GetOverlappedResult
Sleep
GetTickCount
ReadFile
WriteFile
PurgeComm
ClearCommError
GetCommState
SetCommState
WideCharToMultiByte
LocalAlloc
LocalFree
SetLastError
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
SetCommTimeouts
GetModuleFileNameW

user32

SendMessageA
SetTimer
PostMessageA
RegisterDeviceNotificationA
EnableWindow
DispatchMessageA
TranslateMessage
GetMessageA
KillTimer
RegisterWindowMessageA

shell32

SHGetSpecialFolderPathA

cfgmgr32

CM_Get_DevNode_Registry_PropertyA
CM_Get_Device_IDA
CM_Get_Parent
CM_Locate_DevNodeA
CM_Get_Sibling

winmm

timeGetTime

iphlpapi

GetAdaptersInfo

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA

mfc100

ord7832
ord4143
ord11627
ord2617
ord4464
ord6836
ord3484
ord895
ord1292
ord2025
ord2944
ord6117
ord8304
ord9286
ord7357
ord4772
ord6888
ord6898
ord6897
ord4606
ord4774
ord4625
ord5123
ord4881
ord8439
ord2818
ord4903
ord4622
ord11103
ord2846
ord2945
ord11060
ord2338
ord5253
ord12482
ord10672
ord6128
ord13300
ord7074
ord13302
ord2661
ord3984
ord13980
ord3991
ord4401
ord4368
ord4364
ord4398
ord4419
ord4377
ord4406
ord4415
ord4385
ord4389
ord4393
ord4381
ord4410
ord4373
ord1514
ord1507
ord1509
ord1503
ord1496
ord11188
ord2063
ord12644
ord2847
ord7875
ord9994
ord6217
ord11154
ord8070
ord13294
ord10883
ord3395
ord11025
ord8235
ord13973
ord13972
ord14045
ord14062
ord14058
ord14060
ord14061
ord14059
ord2417
ord7349
ord2878
ord2881
ord12535
ord5534
ord421
ord4296
ord1483
ord13137
ord415
ord976
ord1854
ord11781
ord7837
ord314
ord1315
ord12720
ord12095
ord265
ord11274
ord2056
ord13310
ord259
ord11297
ord262
ord13329
ord2061
ord4317
ord266
ord310
ord1294
ord11744
ord7487
ord300
ord306
ord1313
ord901
ord316
ord1296
ord2067
ord1269
ord871
ord13167
ord3404
ord7876
ord2626
ord11461
ord305
ord5242
ord1267
ord869
ord4283
ord11439
ord1316
ord3839
ord4498
ord13518
ord322
ord2087
ord1288
ord888
ord5788
ord8351
ord851
ord4144
ord1479
ord2538
ord11318
ord10915
ord1266
ord868
ord4188
ord979
ord423
ord311
ord2611
ord11190
ord906
ord2090
ord2052
ord2050
ord2079
ord1979
ord2040
ord3406
ord408
ord1948
ord2089
ord1940
ord1867
ord1929
ord323
ord1297
ord6010
ord5095

msvcr100

memset
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__CxxFrameHandler3
strtol
_localtime64_s
strftime
_time64
rand
sscanf
memmove_s
memcpy_s
strncpy
ldiv
atoi
_purecall
memcpy

ws2_32

htons
bind
setsockopt
socket
ntohl
inet_ntoa
inet_addr
connect
send
recv
WSAGetLastError
select
WSACleanup
WSAStartup
htonl
closesocket
ntohs

Exports

Exports

??4Ccss_core@@QAEAAV0@ABV0@@Z
MOTCSS_OnCall

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e640203e5364b72b15c04e99335da11c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

cfgmgr32

winmm

iphlpapi

setupapi

mfc100

msvcr100

ws2_32

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 111KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 5KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 816B

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 112KB - Virtual size: 111KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 816B

.reloc
Size: 18KB - Virtual size: 17KB