de86720847aabd14fc4e0cf7b1c0cb9704e476a1f368d5972c61f0947a6f9b8cN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

de86720847aabd14fc4e0cf7b1c0cb9704e476a1f368d5972c61f0947a6f9b8cN.exe
Size

246KB
MD5

9f24a7749d3db6b192593fe7a90cd2d0
SHA1

675bc21ff28e35ce1b05beabc5da09d581d34896
SHA256

de86720847aabd14fc4e0cf7b1c0cb9704e476a1f368d5972c61f0947a6f9b8c
SHA512

4f590004b4edf9163e12f1ccfe23e17c318003e7b18bb08981d500b076ada3297e4ebe168db07d0d38fc085d855af320aff109139c28f8583cba026613734512
SSDEEP

6144:7d/ubozZ25TFhA1MpiGBV+UdvrEFp7hKt+:7dWAWT+SBjvrEH7w+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de86720847aabd14fc4e0cf7b1c0cb9704e476a1f368d5972c61f0947a6f9b8cN.exe

Files

de86720847aabd14fc4e0cf7b1c0cb9704e476a1f368d5972c61f0947a6f9b8cN.exe
.exe windows:4 windows x86 arch:x86

735c1e1fdea7fe0322b8fa22179c488b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\working\installer\coinstaller\modified\updcoinst\release\coinst.pdb

Imports

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInterfaceRegKey
SetupDiEnumDeviceInterfaces

winspool.drv

GetPrinterDataExW
ord204
ClosePrinter
GetPrinterW
SetPrinterW
DeletePrinter
EnumPrintersW
OpenPrinterW

kernel32

WriteConsoleA
SetStdHandle
GetLocaleInfoA
CloseHandle
GetModuleFileNameW
GetTempPathW
CreateFileW
FormatMessageW
LocalFree
SetEndOfFile
WideCharToMultiByte
GetTimeFormatW
GetSystemTime
GetConsoleOutputCP
ReleaseMutex
GetLastError
GlobalAlloc
GlobalFree
GetCurrentProcess
LoadLibraryW
GetProcAddress
FreeLibrary
CreateMutexW
DeviceIoControl
GetOverlappedResult
Sleep
MultiByteToWideChar
GetVersionExW
WriteConsoleW
CreateFileA
FlushFileBuffers
WriteFile
FreeEnvironmentStringsW
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
HeapSize
RaiseException
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

advapi32

RegQueryValueExW
IsTextUnicode
ImpersonateLoggedOnUser
GetTokenInformation
OpenProcessToken
RevertToSelf
RegCloseKey

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

735c1e1fdea7fe0322b8fa22179c488b

Headers

File Characteristics

PDB Paths

Imports

setupapi

winspool.drv

kernel32

advapi32

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 52KB - Virtual size: 48KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 52KB - Virtual size: 48KB