1[.]mem | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1.mem
Size

39KB
MD5

da25f99b66678849dbafdfb0c887725b
SHA1

e7b9b076d391ab5048ec7fc111ea69983480fd18
SHA256

d1424d2264e2e1e4714ecc2718eaa584e5ddc704a5bd2db764f098ae99b9ecb2
SHA512

a2a27b949ae39f25b549f8d488a001be90bb7b6d6c8bb5c07dd2c4ed99946f259697fe6bd9e895862c4d5f03333a0f847bbfcc2a72e5a61aaef9264438a4ba7e
SSDEEP

768:UrkOnD/pEPLoIyyMV93DDQjk+RyONpPy208:hqtEP0Iy79gAQNl28

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1.mem

Files

1.mem
.dll windows x86

2a72f1f8ad2606d9cd9d7d7dbcb691f6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetVersionExA
CreateProcessA
GetModuleHandleA
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
MoveFileA
GetCurrentProcess
OutputDebugStringA
HeapAlloc
GetProcessHeap
VirtualProtect
HeapFree
SetEvent
WaitForSingleObject
CreateEventA
GetFileAttributesA
CloseHandle
FreeLibrary
CreateMutexA
GetLastError
ExitProcess
GetLocalTime
CreateFileA
WriteFile
GlobalMemoryStatusEx
GetDriveTypeA
GetDiskFreeSpaceExA
GetComputerNameA
GetModuleFileNameA
lstrcatA
GetTickCount
lstrlenA
LocalAlloc
LocalSize
LocalFree
lstrcpyA
VirtualFree
Sleep
InterlockedExchange
VirtualAlloc
CopyFileA

user32

FindWindowA
GetLastInputInfo
GetWindowTextA
wsprintfA
GetSystemMetrics
GetClassNameA
GetWindow

advapi32

RegCloseKey
StartServiceCtrlDispatcherA
RegOpenKeyExA
RegQueryValueA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserA
OpenSCManagerA
OpenServiceA
DeleteService
OpenEventLogA
ClearEventLogA
CloseEventLog
CloseServiceHandle
RegOpenKeyA
StartServiceA
UnlockServiceDatabase
ChangeServiceConfig2A
LockServiceDatabase
CreateServiceA
RegSetValueExA

shell32

SHGetSpecialFolderPathA

ole32

CoUninitialize
CoCreateGuid
CoInitialize

msvcrt

strcspn
_stricmp
_strupr
_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
strchr
_beginthreadex
??3@YAXPAX@Z
memcpy
ceil
_ftol
__CxxFrameHandler
memset
??2@YAPAXI@Z
memcmp
_CxxThrowException
strlen
strcpy
exit
strstr
strncpy
strrchr
sprintf
atoi
_strcmpi
rand
malloc
memmove
_snprintf
realloc
strcat
strcmp
_except_handler3
free

urlmon

URLDownloadToFileA

wininet

InternetGetConnectedState

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

Exports

Exports

Shellex

Sections

.text
Size: 20KB - Virtual size: 256.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 256.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 256.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 256.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a72f1f8ad2606d9cd9d7d7dbcb691f6

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

msvcrt

urlmon

wininet

wtsapi32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 256.0MB

.rdata Size: 8KB - Virtual size: 256.0MB

.data Size: 8KB - Virtual size: 256.0MB

.reloc Size: 4KB - Virtual size: 256.0MB

.text
Size: 20KB - Virtual size: 256.0MB

.rdata
Size: 8KB - Virtual size: 256.0MB

.data
Size: 8KB - Virtual size: 256.0MB

.reloc
Size: 4KB - Virtual size: 256.0MB