850729319c047d894e79809ffef2272e25557b90960f7e61d889d1a6038808d4N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

850729319c047d894e79809ffef2272e25557b90960f7e61d889d1a6038808d4N.exe
Size

319KB
MD5

eae766de55736c8de51e7f072fa7b5f0
SHA1

324061505bfbab18b27ed7a2b910eb09aedfb165
SHA256

850729319c047d894e79809ffef2272e25557b90960f7e61d889d1a6038808d4
SHA512

6bdeba5a24fb1ca8bd90897282375e109ce5df6dae51a57b05e18b06a560195d47539e118b990bf73ee980164c23b438f243b9ab370f8be364dd3488873bade4
SSDEEP

6144:g10HUduhJclL9pWmIX0IKFNIbheln8DJ/YhKGdsZ6NPlf+BJeFllE7lpzkKrp:50d959pAXHKobwlQJ/e3d+cPlf+Bcll+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
850729319c047d894e79809ffef2272e25557b90960f7e61d889d1a6038808d4N.exe

Files

850729319c047d894e79809ffef2272e25557b90960f7e61d889d1a6038808d4N.exe
.exe windows:4 windows x86 arch:x86

02e750e36136fa81a7eb1d2434594ee6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

user32

CharPrevA
CharUpperA

kernel32

TlsAlloc
GetTempFileNameA
WideCharToMultiByte
SetUnhandledExceptionFilter
FreeEnvironmentStringsA
SetStdHandle
CloseHandle
lstrcpynA
GetSystemInfo
HeapDestroy
SizeofResource
GetFileSize
SetLastError
HeapAlloc
SetHandleCount
HeapFree
GetProcessHeap
GetTempPathA
GetCommandLineA
VirtualFree
EnterCriticalSection
SetFilePointer
GetOEMCP
TlsSetValue
GetSystemTimeAsFileTime
HeapReAlloc
GetModuleHandleA
FindResourceA
GetCurrentThreadId
ReadFile
VirtualProtect
IsBadCodePtr
CreateFileA
DeleteCriticalSection
UnhandledExceptionFilter
lstrlenW
FormatMessageA
VirtualAlloc
GetStdHandle
LocalFree
GetShortPathNameA
LockResource
LeaveCriticalSection
LCMapStringW
RtlUnwind
FlushFileBuffers
TlsFree
HeapSize
GetFileType
CopyFileA
lstrlenA
LoadResource
WriteFile
TlsGetValue
CreateFileW
LCMapStringA
SetEndOfFile
GetACP
RaiseException
FreeLibrary
VirtualQuery
GetThreadLocale
DeleteFileA
IsDBCSLeadByteEx
FindResourceExA
FreeEnvironmentStringsW
GetStartupInfoW

oleaut32

VariantInit
VariantClear
SysAllocStringLen
BstrFromVector
SysFreeString
SafeArrayCopy
SafeArrayDestroy
SysStringLen
SafeArrayUnlock
SafeArrayGetUBound
LoadTypeLi
SafeArrayGetLBound
SafeArrayLock
SafeArrayGetVartype
SafeArrayRedim
SafeArrayCreate
LoadRegTypeLi
SysStringByteLen

urlmon

FindMimeFromData

advapi32

RegCloseKey
RegOpenKeyA

wininet

HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetSetOptionA
HttpEndRequestA
InternetSetStatusCallback
HttpSendRequestExA
HttpSendRequestExW
InternetSetOptionW
InternetWriteFile
InternetReadFileExA
InternetConnectA
HttpSendRequestA
InternetConnectW
HttpAddRequestHeadersA
InternetCrackUrlA
HttpOpenRequestA
HttpQueryInfoW
HttpSendRequestW
InternetOpenW
InternetOpenA

ole32

CoInitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitializeEx
CoCreateGuid

cmutil

CmAtolA
CmLoadImageW
GetOSMajorVersion
ReleaseBold
CmEndOfStrW

kbdpl

KbdLayerDescriptor

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 297KB - Virtual size: 777KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02e750e36136fa81a7eb1d2434594ee6

Headers

File Characteristics

Imports

shlwapi

version

user32

kernel32

oleaut32

urlmon

advapi32

wininet

ole32

cmutil

kbdpl

Sections

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 297KB - Virtual size: 777KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 297KB - Virtual size: 777KB

.rsrc
Size: 512B - Virtual size: 4KB