1ecf254f162fd5exeexeexeex[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

1ecf254f162fd5exeexeexeex.exe
Size

3.6MB
MD5

1ecf254f162fd51b05cb6afd22a1c75d
SHA1

68f411f96fa3fc22ffa087a5be871bbb8d441e6e
SHA256

eb3f61d708df7af9691f419448f78bed578c76c08692e53d94b1c64acc77093e
SHA512

aeaa276c8302aa1124670be678d7021534e1227e4572fb4c6924c63758c11a5e3fda6fe9ec5784bdee3a7b77777b7dfe16d3107ee08562dc9726d076ea8ee9e5
SSDEEP

49152:0s6RxZM01o53k0oR6TtZza0xK/MMz2kev/6C4Zejeg6CIhdxa0rE7CQIV:0XTZoRVjTfa6K/72t6JZ/Na0+C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ecf254f162fd5exeexeexeex.exe

Files

1ecf254f162fd5exeexeexeex.exe
.exe windows x86

29a281eea859309c381d8a2211bc81b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetSystemInfo
GetSystemDirectoryA
GetWindowsDirectoryA
GetSystemWindowsDirectoryA
GetNativeSystemInfo
GetComputerNameA
IsBadReadPtr
GetModuleHandleExA
Process32First
Process32Next
GetTickCount64
CreateDirectoryA
CreateFileA
FindClose
FindFirstFileA
FindNextFileA
GetFileSizeEx
RemoveDirectoryA
SetEndOfFile
SetFilePointer
WriteFile
CloseHandle
GetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetProcessTimes
SwitchToThread
GetTickCount
MapViewOfFileEx
UnmapViewOfFile
GetProcAddress
LocalFree
FormatMessageA
CreateSemaphoreA
CreateFileMappingA
OpenProcess
GetSystemTimeAsFileTime
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentVariableA
SetCurrentDirectoryA
GetFileAttributesA
GetFullPathNameA
GetSystemTime
FileTimeToSystemTime
GetTimeZoneInformation
GetStdHandle
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetFileTime
FlushFileBuffers
GetFileTime
SetLastError
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleW
GetModuleHandleExW
GetCPInfo
CreateFileW
GetFileType
RaiseException
GetStringTypeW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
SetFilePointerEx
SetStdHandle
HeapReAlloc
HeapSize
IsValidCodePage
GetOEMCP
GetModuleFileNameW
WriteConsoleW
EncodePointer
DecodePointer
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetDriveTypeA
GetThreadContext
GetLogicalDrives
DeviceIoControl
GetOverlappedResult
CreateEventW
EnumSystemFirmwareTables
GetSystemFirmwareTable
OpenMutexA
CreateToolhelp32Snapshot
GetCommandLineA
FindNextFileW
FindFirstFileExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
CompareStringEx
GetLocaleInfoEx
LCMapStringEx
GetModuleHandleA
GetModuleFileNameA
VirtualQuery
VirtualProtect
GetVersionExA
SetPriorityClass
SetThreadPriority
GetCurrentThread
TerminateProcess
HeapFree
GetCurrentDirectoryA
SetConsoleCtrlHandler
GetACP
SystemTimeToFileTime
GetLocalTime
GetTempPathA
GetDiskFreeSpaceA
GetUserDefaultUILanguage
GetExitCodeThread
GetCurrentThreadId
DuplicateHandle
SetThreadContext
GetStartupInfoW
GetCurrentProcessId
GetCurrentProcess
Sleep
GetProcessHeap
HeapAlloc
ReadFile
HeapCreate
TryEnterCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
InitializeSListHead
SetEvent
ResetEvent
WaitForSingleObjectEx
GetCommandLineW

user32

MessageBoxA
MessageBoxW
DrawMenuBar
GetSystemMenu
GetSystemMetrics
LoadStringA
AppendMenuA
EnumDisplayDevicesA
CharUpperBuffA
CharLowerBuffA

advapi32

SetSecurityDescriptorDacl
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
InitializeSecurityDescriptor
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

psapi

GetModuleFileNameExA

powrprof

PowerReadFriendlyName

ntdll

RtlRemoveVectoredExceptionHandler
RtlAddVectoredExceptionHandler

Sections

__wibu00
Size: 604KB - Virtual size: 604KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

__wibu01
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu02
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu03
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu04
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu05
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu06
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu07
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

__wibu08
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu09
Size: 83KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu0a
Size: 95KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

29a281eea859309c381d8a2211bc81b1

Headers

File Characteristics

Imports

kernel32

user32

advapi32

psapi

powrprof

ntdll

Sections

__wibu00 Size: 604KB - Virtual size: 604KB

__wibu01 Size: 7KB - Virtual size: 6KB

__wibu02 Size: - Virtual size: 2KB

__wibu03 Size: 9KB - Virtual size: 8KB

__wibu04 Size: - Virtual size: 16B

__wibu05 Size: 512B - Virtual size: 24B

__wibu06 Size: 36KB - Virtual size: 36KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

__wibu07 Size: 1.2MB - Virtual size: 1.2MB

__wibu08 Size: 5KB - Virtual size: 8KB

__wibu09 Size: 83KB - Virtual size: 96KB

__wibu0a Size: 95KB - Virtual size: 96KB

__wibu00
Size: 604KB - Virtual size: 604KB

__wibu01
Size: 7KB - Virtual size: 6KB

__wibu02
Size: - Virtual size: 2KB

__wibu03
Size: 9KB - Virtual size: 8KB

__wibu04
Size: - Virtual size: 16B

__wibu05
Size: 512B - Virtual size: 24B

__wibu06
Size: 36KB - Virtual size: 36KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

__wibu07
Size: 1.2MB - Virtual size: 1.2MB

__wibu08
Size: 5KB - Virtual size: 8KB

__wibu09
Size: 83KB - Virtual size: 96KB

__wibu0a
Size: 95KB - Virtual size: 96KB