0acd2bc16e85c03505f6e33236bf02be5773214ae2ebc201e4ade6f6b80fa895N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

0acd2bc16e85c03505f6e33236bf02be5773214ae2ebc201e4ade6f6b80fa895N.exe
Size

133KB
MD5

91fceb0c23c4b6be39dde58df54c1bb0
SHA1

e39d4c5253b0077a968737cc278a470b96118c5b
SHA256

0acd2bc16e85c03505f6e33236bf02be5773214ae2ebc201e4ade6f6b80fa895
SHA512

b488f4f44ecc410e7178b21bae3a256f54e233e8a5e7a8fb51d73720cd279794527886c7d099030c9b5d376e4c831a1a53aceb4e3d7bea99eefee28e7ee21f12
SSDEEP

3072:n5LWQKRH3sdOyM8WLAIPsMJAcTFq0gW18znpH3PM:5LWQKRXsdOyM8WLAQdJAcS3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0acd2bc16e85c03505f6e33236bf02be5773214ae2ebc201e4ade6f6b80fa895N.exe

Files

0acd2bc16e85c03505f6e33236bf02be5773214ae2ebc201e4ade6f6b80fa895N.exe
.exe windows:4 windows x86 arch:x86

f5cef65c1fb76352722b1eecbea31104

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
GetModuleHandleA
GetStartupInfoA

shlwapi

SHDeleteValueA
SHRegQueryUSValueW
SHQueryValueExW
SHRegGetBoolUSValueA
PathRelativePathToA
PathIsFileSpecW
StrToIntExW
PathFindNextComponentA
SHSetValueW
PathUnquoteSpacesA
PathSetDlgItemPathA
StrFromTimeIntervalW
SHDeleteValueW
PathAddBackslashA
StrToIntW
ChrCmpIA
SHRegEnumUSKeyW
StrNCatW
PathRemoveExtensionA
StrCSpnA
PathRemoveBlanksA
PathGetCharTypeW
PathBuildRootA
PathIsUNCW
PathRenameExtensionW
SHRegQueryInfoUSKeyW
PathRemoveBackslashW
PathGetDriveNumberW
PathIsPrefixW
StrCatW
PathIsSystemFolderW
SHRegGetBoolUSValueW
PathIsRootW
SHRegWriteUSValueA
SHRegWriteUSValueW
PathIsUNCServerW
ChrCmpIW
PathIsContentTypeW
StrCmpIW
PathStripToRootA
PathCommonPrefixW
PathMatchSpecA
SHRegEnumUSKeyA
PathIsRelativeA
SHDeleteEmptyKeyA
PathUnquoteSpacesW
PathAddExtensionA
SHRegDeleteUSValueA

oleaut32

OleLoadPicturePath
SafeArrayGetUBound
VarAdd
LPSAFEARRAY_UserSize
VarDateFromBool
SafeArrayAllocData
VarR8FromR4
SysStringLen
VarUI4FromUI1
VarBoolFromDec
VarUI1FromDec
VarI4FromR4
VarI4FromUI1

rpcrt4

RpcSmEnableAllocate

imm32

ImmGetIMEFileNameW
ImmGetStatusWindowPos
ImmCreateContext
ImmDestroyContext
ImmGetIMEFileNameA

ole32

OleNoteObjectVisible

pdh

PdhParseInstanceNameA
PdhLookupPerfIndexByNameA
PdhEnumObjectItemsW

winspool.drv

GetPrinterDriverDirectoryW
AddPrinterConnectionW
DeletePrinterDataExA
StartDocPrinterA
AddPrinterDriverExW
OpenPrinterA
AddFormW
XcvDataW
AddPrinterDriverA
AddJobA
DeletePrintProcessorW
SetJobW
EnumPrinterDriversW
AddPrintProcessorW
DeletePrintProvidorA
GetPrinterDataW
GetPrinterDataExA
DeletePrinterConnectionA
AddPrinterDriverW
DeletePrinterDriverW
SetPortA
SetFormA
DeletePrinterDataW
SetPortW
EnumPrinterDataExA
DeletePrintProvidorW
EnumPrinterDataA
DeletePrinterConnectionW
FindClosePrinterChangeNotification
GetFormA
EndPagePrinter
EnumPortsW
EnumMonitorsA
AdvancedDocumentPropertiesA
SetPrinterW
SetPrinterDataExA
PrinterProperties

gdi32

CreatePatternBrush
FrameRgn
GetLogColorSpaceA

setupapi

SetupDiGetClassImageIndex

comctl32

ImageList_Copy
ImageList_Write
ImageList_SetIconSize
ImageList_Read
ImageList_GetImageInfo
ImageList_ReplaceIcon
ord6
ImageList_SetOverlayImage
CreatePropertySheetPageW

wininet

InternetOpenW
CommitUrlCacheEntryA
InternetCreateUrlA
FtpRenameFileW
FtpGetFileA
InternetGetCookieA
SetUrlCacheEntryInfoA
DeleteUrlCacheGroup
GopherOpenFileA
FtpOpenFileA
InternetTimeFromSystemTime
InternetQueryDataAvailable
SetUrlCacheEntryInfoW
HttpSendRequestW
GetUrlCacheEntryInfoExW

advapi32

RegisterServiceCtrlHandlerW
IsTextUnicode
GetSidLengthRequired
GetSecurityDescriptorControl
MakeSelfRelativeSD
DuplicateToken
GetServiceKeyNameA
LookupPrivilegeValueA
SetFileSecurityA
LsaQueryTrustedDomainInfoByName
AddAccessDeniedAce
GetExplicitEntriesFromAclW
LsaLookupNames
ImpersonateLoggedOnUser
QueryServiceConfigW
GetTrusteeNameW
DeregisterEventSource
CopySid
LsaStorePrivateData
BuildExplicitAccessWithNameA
OpenServiceA
SetAclInformation
CreateRestrictedToken
LogonUserW
RegEnumKeyExA
MakeAbsoluteSD
LsaQueryDomainInformationPolicy
RegUnLoadKeyA
RegDeleteValueW
RegisterEventSourceW
ClearEventLogA
SetSecurityDescriptorDacl
AdjustTokenPrivileges
GetTrusteeTypeA
RegCreateKeyW
RegConnectRegistryA
LookupPrivilegeValueW
ObjectPrivilegeAuditAlarmW
ImpersonateNamedPipeClient
SetKernelObjectSecurity
OpenEventLogA
GetSecurityInfo
LsaSetDomainInformationPolicy
SetTokenInformation
GetFileSecurityA
ObjectPrivilegeAuditAlarmA
GetSecurityDescriptorGroup

msvcrt

__p__commode
_controlfp
__set_app_type
__p__fmode
_except_handler3
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit

mpr

WNetConnectionDialog1A

shell32

DragAcceptFiles

imagehlp

GetImageConfigInformation
RemovePrivateCvSymbolicEx
RemoveRelocations
SymGetOptions
SymGetSymPrev
SymFunctionTableAccess
FindExecutableImage
StackWalk

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f5cef65c1fb76352722b1eecbea31104

Headers

File Characteristics

Imports

kernel32

shlwapi

oleaut32

rpcrt4

imm32

ole32

pdh

winspool.drv

gdi32

setupapi

comctl32

wininet

advapi32

msvcrt

mpr

shell32

imagehlp

Sections

.text Size: 102KB - Virtual size: 102KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 1KB - Virtual size: 1.6MB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 102KB - Virtual size: 102KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 1KB - Virtual size: 1.6MB

.rsrc
Size: 1KB - Virtual size: 1KB