3aa3ee4e65a05b7fbc0141f0d509328090bc8080449183b4ee48d79ee3e6fa3fN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

3aa3ee4e65a05b7fbc0141f0d509328090bc8080449183b4ee48d79ee3e6fa3fN.exe
Size

371KB
MD5

76b0182e3dc2f368facd1446a78d2ae0
SHA1

6e6f6df8ef1a845e335995fbfa48dab3526cea29
SHA256

3aa3ee4e65a05b7fbc0141f0d509328090bc8080449183b4ee48d79ee3e6fa3f
SHA512

e301da3a0a9d211c239675c78f727ccc73e633fcd223b3cd26ba486f1fd3ffb8e2acb021b6596460a4660c2eac647f213212b989d33687cb45fcdfef2648d03a
SSDEEP

6144:QtttRvGxiRcePUSrcTQ+Yd6v6AlYhZ+ddp5GuZEE86Yrp0eWIxQO6kUUecBlzJbu:EttRveivPrcqd26A+hcdp5GYEE8D3WIe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3aa3ee4e65a05b7fbc0141f0d509328090bc8080449183b4ee48d79ee3e6fa3fN.exe

Files

3aa3ee4e65a05b7fbc0141f0d509328090bc8080449183b4ee48d79ee3e6fa3fN.exe
.exe windows:4 windows x86 arch:x86

c1ad235b906224cafddb81e25f93084c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW
InitiateSystemShutdownA
SetServiceObjectSecurity
RegisterEventSourceA
RegCreateKeyW
RegRestoreKeyW
RegisterServiceCtrlHandlerW
CreateProcessAsUserW
EnumServicesStatusA
CreateServiceW
ReportEventW
RegCreateKeyA
RegSetValueA
ControlService
RegQueryValueA
RegCreateKeyExW
GetServiceDisplayNameW
QueryServiceLockStatusW
RegSetValueExA
LsaOpenPolicy
RegQueryValueW
GetUserNameA
RegCloseKey
OpenServiceA
DeleteService
QueryServiceStatus
RegOverridePredefKey
StartServiceCtrlDispatcherW
RegEnumKeyExA
ChangeServiceConfigA
LogonUserA
RegSetValueExW
RegUnLoadKeyW
RegConnectRegistryA
RegDeleteKeyA
ChangeServiceConfig2A
LsaFreeMemory
RegQueryInfoKeyA
QueryServiceConfigW
CloseServiceHandle
LsaQueryInformationPolicy
StartServiceCtrlDispatcherA
OpenSCManagerA
RegQueryInfoKeyW
DecryptFileW
GetUserNameW
OpenSCManagerW
ChangeServiceConfig2W
CreateProcessAsUserA
GetTrusteeTypeA
BuildExplicitAccessWithNameA
BuildImpersonateTrusteeA
NotifyBootConfigStatus

user32

SendMessageA
DdeConnectList
CreateIconFromResourceEx
CreateIconFromResource

msvcrt

_mbscpy
_except_handler3
__set_app_type
__p__fmode
_mbctype
__dllonexit
_onexit
fseek
_wgetenv
ldiv
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_controlfp

gdi32

GetPixel
EnumFontFamiliesA
CreateCompatibleDC
OffsetViewportOrgEx
CopyEnhMetaFileA
GetTextExtentPointA
FillRgn
GetMapMode
DeleteEnhMetaFile
GdiFlush
SetColorAdjustment
CombineRgn
DeleteObject
CreatePen
ExtEscape
SetROP2
SetBkMode
StrokePath
GetBrushOrgEx
CopyEnhMetaFileW
EnumFontFamiliesExW
SetBitmapBits
ExtSelectClipRgn
ExtTextOutA
AbortDoc
GetWindowOrgEx
SetViewportExtEx
GetFontData
CreateCompatibleBitmap
PatBlt
StretchBlt
GetGlyphOutlineA
ExtCreatePen
GetBitmapBits
GetWinMetaFileBits
StartDocA
EndDoc
DeleteDC
SetBkColor
GetStockObject
CancelDC
ExtCreateRegion
PlayEnhMetaFileRecord
GetDIBColorTable
Pie
SetPixelV

mpr

WNetDisconnectDialog
WNetCancelConnection2A
MultinetGetConnectionPerformanceA
WNetCancelConnectionA
WNetGetProviderNameA

mfc42

ord3738
ord4424
ord1013
ord4080
ord3079
ord3825
ord561
ord3830
ord1031
ord2976
ord3081
ord2985
ord3262
ord1044
ord4465
ord3259
ord1576
ord3831
ord3922
ord1045
ord2982
ord1072
ord5714
ord1016
ord5307
ord815
ord6375
ord4486
ord1058
ord1071
ord5731
ord1168
ord1089
ord1088
ord2396
ord1057
ord1076
ord5302
ord2725
ord1009
ord1086

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1ad235b906224cafddb81e25f93084c

Headers

File Characteristics

Imports

advapi32

user32

msvcrt

gdi32

mpr

mfc42

Sections

.text Size: 88KB - Virtual size: 84KB

.rdata Size: 40KB - Virtual size: 36KB

.rdata Size: 48KB - Virtual size: 1.2MB

.reloc Size: 72KB - Virtual size: 71KB

.text
Size: 88KB - Virtual size: 84KB

.rdata
Size: 40KB - Virtual size: 36KB

.rdata
Size: 48KB - Virtual size: 1.2MB

.reloc
Size: 72KB - Virtual size: 71KB