115ccba12be567a99342e1dd686eb3a828d6d33cf4ac3c0e7d3c21565c29b08eN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

115ccba12be567a99342e1dd686eb3a828d6d33cf4ac3c0e7d3c21565c29b08eN.exe
Size

51KB
MD5

e8d8bfbdb836314377b5b7fbd3c4f740
SHA1

bf6fbbcd9e59adb620a185c18712323579f2a938
SHA256

115ccba12be567a99342e1dd686eb3a828d6d33cf4ac3c0e7d3c21565c29b08e
SHA512

da83dc2bea46a95fc5713540ef7d4a76046a8c11bb95cc695612e1053dd2417fb00d344705aa40756e57a1f134c42f7fb165322d6ef56f91b2f1218c90d1e6a8
SSDEEP

768:JfrWSEzgqRrBoHxOrwal5RxKwKZOyN/4BxG+C2GqymmcqGncVyR9Jg:JfDEBBoHq7RxgV/twyzEcM9Jg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
115ccba12be567a99342e1dd686eb3a828d6d33cf4ac3c0e7d3c21565c29b08eN.exe

Files

115ccba12be567a99342e1dd686eb3a828d6d33cf4ac3c0e7d3c21565c29b08eN.exe
.exe windows:4 windows x86 arch:x86

0ee3a9e4ba17e1d6164b11f4d6b9a40c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

FreeConsole
GetCalendarInfoW
CompareStringA
CopyFileW
GetCalendarInfoW

user32

EnumDisplaySettingsExW
CheckDlgButton
DestroyMenu
GetAncestor
SetParent
GetCursorInfo
GetPropA
SetUserObjectInformationW
GetDC
AppendMenuW
SetWindowLongW
AppendMenuA
ChangeDisplaySettingsA
UnionRect
DrawTextExA
GetUpdateRect
CreateDialogIndirectParamW
GetWindowLongW
ExcludeUpdateRgn
CallMsgFilterA
GetDlgItem
CascadeWindows
GetSubMenu
GetClassWord
GetUserObjectSecurity
GetParent
DlgDirListW
PeekMessageA
CreateMDIWindowA
RemoveMenu
LoadKeyboardLayoutW
AttachThreadInput
SetWindowTextW
LoadKeyboardLayoutA
CharLowerBuffA
GetLastActivePopup

ws2_32

accept
WSAWaitForMultipleEvents
inet_ntoa
WSASetServiceW
WSAInstallServiceClassA
setsockopt
WSAEnumProtocolsW
WSAHtons
WSASendTo
WSAEnumProtocolsA
WSAEnumNameSpaceProvidersW
WSAEnumNameSpaceProvidersA
WSARecvDisconnect
getprotobyname
getprotobynumber
getservbyname
WSAGetServiceClassNameByClassIdA
gethostbyaddr
gethostbyname
WSAGetQOSByName
gethostname
WSAGetServiceClassInfoA
WSASocketW
WSAUnhookBlockingHook
getpeername
WSAHtonl
WSAEventSelect
WSAGetLastError
WSACancelBlockingCall

rtm

RtmUpdateAndUnlockRoute
RtmRegisterForChangeNotification
RtmCreateDestEnum
RtmGetNextHopInfo
RtmLockRoute
RtmCreateRouteList
RtmReleaseChangedDests
RtmGetChangedDests
RtmGetExactMatchDestination
RtmReleaseEntities
RtmGetEntityInfo
RtmReleaseNextHopInfo
RtmReleaseRoutes
RtmGetRouteInfo
RtmIgnoreChangedDests
RtmReleaseRouteInfo
RtmGetRoutePointer
RtmCreateNextHopEnum
RtmLockDestination
RtmGetEnumRoutes
RtmGetEntityMethods
RtmFindNextHop
RtmInvokeMethod
RtmDeleteEnumHandle
RtmIsBestRoute

secur32

EnumerateSecurityPackagesW
AcquireCredentialsHandleW
FreeCredentialsHandle
EnumerateSecurityPackagesA
RevertSecurityContext
ApplyControlToken
ImpersonateSecurityContext

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.8NzKTbM
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tXh
Size: 512B - Virtual size: 158B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.d
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ee3a9e4ba17e1d6164b11f4d6b9a40c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

rtm

secur32

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 3KB

.8NzKTbM Size: 8KB - Virtual size: 7KB

.tXh Size: 512B - Virtual size: 158B

.d Size: 512B - Virtual size: 48B

.rsrc Size: 9KB - Virtual size: 12KB

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 3KB

.8NzKTbM
Size: 8KB - Virtual size: 7KB

.tXh
Size: 512B - Virtual size: 158B

.d
Size: 512B - Virtual size: 48B

.rsrc
Size: 9KB - Virtual size: 12KB