af43ca62c4a9987d2e34614f5c918ca9aeb2c0a25c61b1b587e1a3d17c19b593N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

af43ca62c4a9987d2e34614f5c918ca9aeb2c0a25c61b1b587e1a3d17c19b593N.exe
Size

2.5MB
MD5

10668cd532f0e6e95e95e59b1f3461a0
SHA1

6bd12b35926c6aac1343b1573cbbab9b951f14e6
SHA256

af43ca62c4a9987d2e34614f5c918ca9aeb2c0a25c61b1b587e1a3d17c19b593
SHA512

fbdf59d18dd7a9a8b25d07727f258544b894cc8353346848d9486719792e839ec4d1b1820560a69742b3474f74aa5532fbe833c117f445bf04e2181bee9fe4a2
SSDEEP

49152:ZWGT8J8nXBXb7D1WkEFNPWRp0JeeI8ENn+4B5U:XT8J4/158WRr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af43ca62c4a9987d2e34614f5c918ca9aeb2c0a25c61b1b587e1a3d17c19b593N.exe

Files

af43ca62c4a9987d2e34614f5c918ca9aeb2c0a25c61b1b587e1a3d17c19b593N.exe
.dll regsvr32 windows:6 windows x86 arch:x86

a370c8ddf433ba028df9f5dd2c9ef46c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Y:\src\V2_STEP20\MSF\MSF_Profile\PDS\Release\PDS.pdb

Imports

mfc140u

ord9209
ord10250
ord8219
ord8470
ord8386
ord12247
ord10433
ord12928
ord12865
ord8324
ord5357
ord2486
ord12542
ord5409
ord7712
ord1513
ord265
ord266
ord2399
ord2300
ord2184
ord2374
ord12541
ord14589
ord7922
ord14595
ord9398
ord4152
ord4090
ord12947
ord7941
ord2034
ord11983
ord11982
ord7723
ord14466
ord12531
ord8000
ord14667
ord6348
ord14669
ord6350
ord14668
ord6349
ord7722
ord3852
ord5918
ord12239
ord8217
ord12251
ord12219
ord258
ord261
ord4856
ord1511
ord13258
ord13964
ord8719
ord5921
ord285
ord3009
ord1533
ord1530
ord1046
ord310
ord300
ord316
ord2389
ord1450
ord13257
ord974
ord14657
ord12405
ord14604
ord12348
ord2439
ord4815
ord12921
ord8757
ord4664
ord12763
ord3846
ord2990
ord1525
ord1523
ord1045
ord286
ord280
ord296
ord5074
ord2458
ord6751
ord2378
ord2383
ord2385
ord5228
ord5411
ord5252
ord5763
ord5525
ord9350
ord5760
ord5549
ord5249
ord3849
ord324
ord1052
ord995
ord7997
ord4589
ord1472
ord7653
ord2198
ord1653
ord278
ord290
ord287
ord1522
ord1689
ord1692
ord12584
ord14364
ord8360
ord4828
ord5581
ord5588
ord5585
ord12586
ord13669
ord5114
ord6837
ord973
ord14678
ord12430
ord12429
ord1449
ord6332
ord5893
ord11972
ord11971
ord12367
ord14623
ord13053
ord1711
ord4806
ord2899
ord4312
ord8499
ord14461
ord503
ord1144
ord5583
ord5586
ord8177
ord2886
ord4715
ord4735
ord2246
ord2294
ord7860
ord4323
ord12884
ord8756
ord1663
ord2473
ord2457
ord277
ord1687
ord2996
ord4663
ord8712
ord14405
ord6956
ord13979
ord971
ord555
ord1659
ord1186
ord928
ord13963
ord13256
ord1412
ord293
ord6860
ord3236
ord1514
ord325
ord1053
ord2365
ord2408
ord2411
ord2376
ord2410
ord485
ord2268

kernel32

InitializeCriticalSectionEx
DeleteCriticalSection
Sleep
MultiByteToWideChar
WideCharToMultiByte
EncodePointer
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadResource
SizeofResource
FindResourceW
lstrcmpiW
GetThreadLocale
SetThreadLocale
CreateDirectoryW
CreateFileA
DeleteFileW
GetFileSizeEx
RemoveDirectoryW
SetFileAttributesW
OutputDebugStringW
CloseHandle
CreateMutexW
OpenMutexW
GetLocalTime
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetTempPathW
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcessId
FlushFileBuffers
GetTickCount
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetFileSize
LockFileEx
LocalFree
CreateFileMappingA
UnlockFile
HeapCompact
LoadLibraryW
GetSystemInfo
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapValidate
GetFileAttributesW
CreateFileW
WaitForSingleObject
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
GetProcessHeap
DecodePointer
RaiseException
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
CopyFileW
FlushViewOfFile
LockFile
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
ResetEvent
SetEvent
LocalAlloc
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
TryEnterCriticalSection
InitializeCriticalSection
AreFileApisANSI
ReadFile
HeapCreate
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
HeapSize

user32

CharNextW

advapi32

RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW

shlwapi

PathFileExistsW

ole32

OleRun
CoTaskMemFree
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc

oleaut32

VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
GetErrorInfo
SysAllocString

msvcp140

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Xlength_error@std@@YAXPBD@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xruntime_error@std@@YAXPBD@Z
??0_Locinfo@std@@QAE@HPBD@Z
??1_Locinfo@std@@QAE@XZ
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??Bid@locale@std@@QAEIXZ
?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ

vcruntime140

__current_exception_context
_except_handler4_common
__std_type_info_destroy_list
__current_exception
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
memset
wcsstr
_purecall

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
terminate
_endthreadex
_beginthreadex
_execute_onexit_table
_crt_atexit
_cexit
_resetstkoflw
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_errno
_initialize_onexit_table
_initterm_e
_initterm

api-ms-win-crt-heap-l1-1-0

_msize
realloc
malloc
_recalloc
calloc
free

api-ms-win-crt-string-l1-1-0

strncmp
wcscat_s
wcstok_s
wcsncpy_s
_wcsdup
wcscpy_s

api-ms-win-crt-stdio-l1-1-0

setvbuf
fwrite
_fseeki64
__stdio_common_vswprintf_s
fgetwc
fclose
__stdio_common_vswscanf
fputwc
ungetwc
__stdio_common_vsnwprintf_s
fsetpos
fread
fputc
fgetpos
fgetc
_get_stream_buffer_pointers
ungetc
fflush

api-ms-win-crt-convert-l1-1-0

_wtol
wcstoul
wcstombs_s
_wtoi
wcstol
wcstod
_wcstoi64

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file
_wsplitpath_s

api-ms-win-crt-locale-l1-1-0

_wsetlocale

api-ms-win-crt-time-l1-1-0

_mktime64
_localtime64_s

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 578KB - Virtual size: 577KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a370c8ddf433ba028df9f5dd2c9ef46c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc140u

kernel32

user32

advapi32

shlwapi

ole32

oleaut32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 578KB - Virtual size: 577KB

.data Size: 25KB - Virtual size: 52KB

.rsrc Size: 28KB - Virtual size: 28KB

.reloc Size: 187KB - Virtual size: 187KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 578KB - Virtual size: 577KB

.data
Size: 25KB - Virtual size: 52KB

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: 187KB - Virtual size: 187KB

.rmnet
Size: 56KB - Virtual size: 60KB