1946b17684f64b798e304016f5b932c9c1fb87e9936891270da0cff37c23fe14N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

1946b17684f64b798e304016f5b932c9c1fb87e9936891270da0cff37c23fe14N.exe
Size

894KB
MD5

5607cc3b26c24be9e3d86606766eee30
SHA1

851990f70494d5bae5269c1fb2697e2e3b126705
SHA256

1946b17684f64b798e304016f5b932c9c1fb87e9936891270da0cff37c23fe14
SHA512

c219833e8f4e94113c7854d988207d0649c683d208c12b115d3ee5aa9fe544ef0d1f9ec8966d8ed461a1a88eef2a0a6bc5a9aa459562fafaea9a628fe8a417cc
SSDEEP

12288:J9zo1yfwJLWb+nw7UodVcr49VG9aU7SY5bA9SfUq0rOp0Y4H2xk:PXb+nyUE9VG9au89Sf50rUL4H2S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1946b17684f64b798e304016f5b932c9c1fb87e9936891270da0cff37c23fe14N.exe

Files

1946b17684f64b798e304016f5b932c9c1fb87e9936891270da0cff37c23fe14N.exe
.exe windows:5 windows x86 arch:x86

46c8e463b6b83d2baee1a5acb0f292ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\SHANKAR DATA\S H A N K A R P R O J E C T\Projects from SVN 124\NPAV4\npav4\Release\NPAV4.pdb

Imports

comctl32

ord17

shlwapi

PathRemoveFileSpecA
StrStrIA
SHGetValueA
PathFindFileNameA
StrStrIW
PathFileExistsA

psapi

GetProcessImageFileNameA
GetModuleFileNameExA

kernel32

CopyFileA
MoveFileExA
WinExec
CreateProcessW
OpenProcess
Thread32Next
SuspendThread
TerminateThread
OpenThread
Thread32First
CreateToolhelp32Snapshot
ResumeThread
Process32Next
Process32First
ExitThread
CreateThread
WaitForSingleObject
ReadProcessMemory
VirtualQueryEx
QueryDosDeviceA
GetLogicalDriveStringsA
DeleteFileW
MoveFileExW
FindClose
FindNextFileW
FindFirstFileW
MultiByteToWideChar
HeapFree
HeapAlloc
GetProcessHeap
CreateProcessA
CreateMutexA
GetVolumeInformationW
GetSystemDirectoryW
GetComputerNameA
CreateFileA
GetVolumeInformationA
GetSystemDirectoryA
ProcessIdToSessionId
TerminateProcess
GetVersion
OpenMutexA
WideCharToMultiByte
IsWow64Process
GetNativeSystemInfo
Module32First
GetFileAttributesA
GetLongPathNameA
FormatMessageA
GetExitCodeThread
CreateDirectoryA
MoveFileA
GetModuleFileNameA
WriteFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WritePrivateProfileStringA
GetPrivateProfileStringA
DeleteFileA
LocalFree
GetVersionExA
GetLastError
DuplicateHandle
SetLastError
CloseHandle
LoadLibraryA
GetPrivateProfileIntA
GetLocalTime
GetModuleHandleA
GetProcAddress
GetCurrentProcess
GetTickCount
EnterCriticalSection
LeaveCriticalSection
Sleep
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentProcessId
InterlockedDecrement
InterlockedIncrement
WriteConsoleA
GetExitCodeProcess
GetLocaleInfoW
SetStdHandle
SetFilePointer
ReadFile
FlushFileBuffers
HeapDestroy
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
HeapCreate
HeapReAlloc
VirtualAlloc
VirtualFree
FatalAppExitA
IsValidCodePage
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
FreeLibrary
InterlockedCompareExchange
InterlockedExchange
InitializeCriticalSection
lstrlenA
lstrlenW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
GetModuleHandleW
ExitProcess
GetCommandLineA
GetStartupInfoA
GetCPInfo
LCMapStringA
LCMapStringW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetCurrentThread
GetTimeZoneInformation
SetHandleCount
GetStdHandle
GetFileType
GetACP
GetOEMCP
SetConsoleCtrlHandler

user32

LoadBitmapA
EndDialog
SetWindowTextA
SendMessageA
SetTimer
GetDlgItem
DialogBoxParamA

gdi32

CreatePen
SetBkColor
SetTextColor
CreateFontA

advapi32

QueryServiceStatusEx
RegQueryValueExA
RegOpenKeyExA
OpenSCManagerA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoA
AllocateAndInitializeSid
SetEntriesInAclA
FreeSid
EnumDependentServicesA
OpenServiceA
ControlService
RegOpenKeyA
CloseServiceHandle
GetTokenInformation
LookupAccountSidA
GetUserNameA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCloseKey

shell32

SHGetSpecialFolderPathA
ShellExecuteExA

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoUninitialize

oleaut32

VariantClear
VariantChangeType
VariantInit
SysFreeString
SysAllocString
CreateErrorInfo
GetErrorInfo
SetErrorInfo

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

ws2_32

ntohs
ntohl

Sections

.text
Size: 346KB - Virtual size: 345KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 494KB - Virtual size: 498KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

46c8e463b6b83d2baee1a5acb0f292ae

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

shlwapi

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wtsapi32

ws2_32

Sections

.text Size: 346KB - Virtual size: 345KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 9KB - Virtual size: 44KB

.rsrc Size: 494KB - Virtual size: 498KB

.text
Size: 346KB - Virtual size: 345KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 9KB - Virtual size: 44KB

.rsrc
Size: 494KB - Virtual size: 498KB