NoliMeTangere[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NoliMeTangere.exe
Size

3.5MB
MD5

396398228d730d66de7d4d9fceee5966
SHA1

5fad8c7aa286cf4d3da7d2b9d9fb2227288caeac
SHA256

714cd825be3ab825d2a82da3ab68542ec9c75ea57d30c3859cac7daa7ed1e32c
SHA512

20c6d37323d958fbc770f78c93705b598a79c50fec622b2e37c14021df6546ba506f1f5e875a57a5fdc7f5ccf4f05699f5435447eaa6e1d37f9c9586afd0de82
SSDEEP

49152:sr6ASzxURFp2YZiYaTNhYikKJqdhcFSgHT4QbHoeS3e5pTvMvsTT0lRTFf/32XjG:SSzmOYaTNhYikKJqduF1zl8RTNGprQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NoliMeTangere.exe

Files

NoliMeTangere.exe
.exe windows:4 windows x86 arch:x86

d5e4f7f5c32dbfff9f02df33516a7d83

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\flashfarm\depot\main\player\branches\FlashPlayer\FlashPlayer9_DotReleases\platform\win32\standalone\Release\FlashPlayer.pdb

Imports

wininet

HttpQueryInfoA

crypt32

CertFreeCertificateContext
CertVerifySubjectCertificateContext
CertFindCertificateInStore
CertCreateCertificateContext
CryptGetMessageCertificates
CryptVerifyMessageSignature
CertCloseStore

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

winmm

timeSetEvent
timeKillEvent
waveOutOpen
waveOutClose
waveOutUnprepareHeader
waveOutReset
waveOutGetPosition
timeEndPeriod
waveOutPrepareHeader
waveOutGetDevCapsA
waveInGetDevCapsA
waveOutGetNumDevs
waveInGetNumDevs
waveInStart
waveInAddBuffer
waveInStop
waveInClose
waveInUnprepareHeader
waveInReset
waveInPrepareHeader
waveInOpen
timeBeginPeriod
timeGetDevCaps
timeGetTime
waveOutWrite

oleaut32

SysFreeString

kernel32

CreateThread
GetSystemDefaultLangID
MoveFileA
DeleteFileA
GetFileAttributesA
VirtualQuery
GetSystemInfo
GetUserDefaultLangID
ExitThread
GlobalFree
GetFileAttributesW
WriteFile
SetFilePointer
CreateFileA
LockResource
LoadResource
FindResourceExA
FindResourceExW
GlobalAlloc
SetUnhandledExceptionFilter
GetTempPathA
GetCurrentProcess
GetCurrentProcessId
FindClose
FindNextFileA
FindFirstFileA
GetTimeZoneInformation
GetSystemTime
SystemTimeToFileTime
WideCharToMultiByte
CreateDirectoryA
ReadFile
GetFileSize
GetModuleFileNameA
CreateMutexA
SetWaitableTimer
GetCurrentDirectoryA
SetCurrentDirectoryA
RemoveDirectoryA
GetTempFileNameA
GetFullPathNameA
GetSystemDirectoryA
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
UnmapViewOfFile
ReleaseMutex
MapViewOfFile
CreateFileMappingA
TerminateThread
lstrcpyA
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalUnlock
GlobalLock
IsDBCSLeadByteEx
DeleteFileW
SetEndOfFile
SetFileAttributesA
CopyFileA
GetCommandLineW
GetModuleHandleA
ExitProcess
GetStartupInfoA
GetCommandLineA
GetProcessTimes
CreateEventA
SetEvent
ResetEvent
WaitForMultipleObjects
ReleaseSemaphore
VirtualFree
CreateSemaphoreA
VirtualAlloc
GetThreadPriority
WaitForSingleObject
CreateWaitableTimerA
SetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
GetLastError
FreeLibrary
GetVersionExA
CreateProcessA
CloseHandle
LCMapStringW
LCMapStringA
GetTickCount
GetCurrentThreadId
GetLocaleInfoA
HeapAlloc
GetProcessHeap
HeapFree
SetErrorMode
LoadLibraryA
GetProcAddress
GetCurrentThread
SetThreadAffinityMask
IsDBCSLeadByte
GetACP
GetCPInfo
MultiByteToWideChar
InterlockedExchange
InterlockedCompareExchange
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
VirtualProtect
HeapDestroy
HeapCreate
HeapReAlloc
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TerminateProcess
HeapSize
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetSystemTimeAsFileTime
RtlUnwind
GetStringTypeA
GetStringTypeW
GetOEMCP
SetStdHandle
FlushFileBuffers
GetFileAttributesExA

user32

LoadStringW
MoveWindow
SetMenu
UpdateWindow
ShowWindow
EnumDisplaySettingsA
SetDlgItemTextA
SetDlgItemTextW
EnableWindow
GetDlgItemTextA
GetWindowTextLengthA
GetDlgItemTextW
GetWindowTextLengthW
PostQuitMessage
GetMenuStringA
GetMenuStringW
RegisterClassA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
PostThreadMessageA
GetQueueStatus
PeekMessageA
MsgWaitForMultipleObjects
RegisterWindowMessageA
GetWindowTextA
UnregisterClassA
GetWindow
RemoveMenu
InsertMenuW
InsertMenuA
EmptyClipboard
SetClipboardData
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
RegisterClipboardFormatA
GetWindowLongA
DefWindowProcA
IsWindow
CreateWindowExA
ReleaseCapture
GetMenuItemID
DeleteMenu
ClientToScreen
TrackPopupMenu
SetCapture
GetCapture
WindowFromPoint
GetFocus
DestroyWindow
GetMenu
BeginPaint
EndPaint
LoadCursorA
SetCursor
GetCursorPos
ScreenToClient
GetClientRect
KillTimer
SetTimer
LoadMenuA
GetSubMenu
DestroyMenu
LoadStringA
EnableMenuItem
CheckMenuItem
InvalidateRect
MapVirtualKeyA
GetKeyState
GetForegroundWindow
WaitForInputIdle
DialogBoxParamW
DialogBoxParamA
MessageBoxA
SystemParametersInfoA
DialogBoxIndirectParamW
DialogBoxIndirectParamA
PostMessageA
EndDialog
SetWindowLongA
GetParent
GetWindowRect
GetDesktopWindow
SetWindowPos
LoadIconA
GetDlgItem
SendMessageA
SetFocus
GetMenuItemCount
GetMenuItemInfoA
GetSystemMetrics
InsertMenuItemA
MonitorFromWindow
GetDC
ReleaseDC
FillRect
DdeInitializeA
DdeCreateStringHandleA
DdeConnect
DdeClientTransaction
DdeDisconnect
DdeFreeStringHandle
DdeUninitialize
SendInput
GetKeyboardLayout
GetDoubleClickTime
SetWindowTextA

gdi32

StretchBlt
SetStretchBltMode
GetStretchBltMode
SelectObject
RealizePalette
SelectPalette
CreateDIBSection
BitBlt
GetDIBits
CreateCompatibleBitmap
GetDeviceCaps
GetStockObject
CreateFontIndirectA
SetBkMode
SetTextAlign
IntersectClipRect
SelectClipRgn
ExtTextOutW
SetTextColor
GetTextMetricsA
GetTextAlign
GetBkMode
CreateSolidBrush
EnumFontFamiliesA
SetTextCharacterExtra
GetClipRgn
CreateRectRgn
DPtoLP
GetTextExtentPoint32W
GetCurrentObject
EndPage
BeginPath
EndPath
GetBkColor
CreatePen
GetTextExtentPoint32A
CreatePalette
GetSystemPaletteEntries
GetClipBox
LPtoDP
StartDocA
EndDoc
StrokePath
ExtCreatePen
FillPath
StretchDIBits
CreateDCA
GetObjectA
RestoreDC
SaveDC
SelectClipPath
PolyBezierTo
DeleteObject
SetBkColor
ExtTextOutA
DeleteDC
CreateCompatibleDC
GdiFlush
GetTextColor
StartPage
LineTo
MoveToEx
SetPolyFillMode
GetPixel

comdlg32

GetSaveFileNameA
CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameW
GetOpenFileNameW
PrintDlgA

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

shell32

DragQueryFileA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
DragQueryFileW
SHAppBarMessage
DragAcceptFiles
SHBrowseForFolderA

ole32

CoTaskMemFree
CoCreateInstance
CoFreeUnusedLibraries
CoTaskMemAlloc
CoUninitialize
CoInitialize

ws2_32

select
ioctlsocket
ntohl
gethostname
WSAAddressToStringA
recvfrom
getsockname
setsockopt
sendto
send
recv
WSASetLastError
ntohs
getservbyport
gethostbyaddr
htons
getservbyname
htonl
inet_ntoa
gethostbyname
inet_addr
WSAStartup
WSASocketA
socket
WSAIoctl
WSAGetLastError
WSAAsyncSelect
closesocket
WSACleanup
connect

Exports

Exports

pcre_callout
pcre_compile
pcre_compile2
pcre_exec
pcre_free
pcre_fullinfo
pcre_malloc
pcre_stack_free
pcre_stack_malloc

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 260KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 196KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 316KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5e4f7f5c32dbfff9f02df33516a7d83

Headers

File Characteristics

PDB Paths

Imports

wininet

crypt32

version

winmm

oleaut32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

ws2_32

Exports

Exports

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 260KB - Virtual size: 258KB

.data Size: 196KB - Virtual size: 1.0MB

.rodata Size: 4KB - Virtual size: 192B

.rsrc Size: 316KB - Virtual size: 314KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 260KB - Virtual size: 258KB

.data
Size: 196KB - Virtual size: 1.0MB

.rodata
Size: 4KB - Virtual size: 192B

.rsrc
Size: 316KB - Virtual size: 314KB