1fa05d5cf417ddabdfb43578cf6e6704d36d6a721c5994d97fe8e92fdd6be0fc

Sharing

Copy URL Twitter E-mail

General

Target

1fa05d5cf417ddabdfb43578cf6e6704d36d6a721c5994d97fe8e92fdd6be0fc
Size

736KB
MD5

938f575686c664c942c4d7258f0e5434
SHA1

88e51a8ea0c29dd5d8caa271381d924609bed39a
SHA256

1fa05d5cf417ddabdfb43578cf6e6704d36d6a721c5994d97fe8e92fdd6be0fc
SHA512

37a54ec139692905b8a9565b848f2aacfd7528e15bf778c74b2bef37d67f84251b76cb9596a265a8e93d71251531a65a10c896949cee2bab7d4d168412c165c7
SSDEEP

1536:YIaLoIjYl8tGBWcXmSYiw0RuZaUSuAx2M7y/vPrHCnUV3UplimcnL/5qcGkPy5vI:rOor8spAl6buwiAUcanL/5qW9A1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1fa05d5cf417ddabdfb43578cf6e6704d36d6a721c5994d97fe8e92fdd6be0fc

Files

1fa05d5cf417ddabdfb43578cf6e6704d36d6a721c5994d97fe8e92fdd6be0fc
.exe windows x86

646b30bd620faebabafc1c73afe9fa2e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
MultiByteToWideChar
ReadFile
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
FlushFileBuffers
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetEndOfFile
GetProcessHeap
WriteConsoleW
VirtualAlloc
HeapReAlloc
InitializeCriticalSectionAndSpinCount
CreateFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetStartupInfoA
GetProcAddress
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetLastError
HeapFree
CloseHandle
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
HeapAlloc
RaiseException
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
Sleep
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP

user32

LoadBitmapA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
EndDialog
KillTimer
SetTimer
DialogBoxParamA
DestroyWindow
DefWindowProcA
BeginPaint
EndPaint
InvalidateRect
PostQuitMessage
CreateWindowExA
GetSystemMetrics
MoveWindow
GetDC
ReleaseDC
ShowWindow
UpdateWindow
LoadIconA
LoadCursorA
RegisterClassExA
LoadStringA
LoadAcceleratorsA

gdi32

Rectangle
GetTextExtentPoint32A
GetPixel
SetBkColor
SetTextColor
TextOutA
DeleteDC
CreateCompatibleDC
CreateFontA
GetStockObject
MoveToEx
LineTo
SelectObject
BitBlt
GetObjectA
DeleteObject
CreateSolidBrush

wininet

FtpGetFileSize
FtpOpenFileA
InternetConnectA
InternetOpenA
InternetReadFile

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 633KB - Virtual size: 633KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

646b30bd620faebabafc1c73afe9fa2e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

wininet

Sections

.text Size: 79KB - Virtual size: 79KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 5KB - Virtual size: 14KB

.rsrc Size: 633KB - Virtual size: 633KB

.text
Size: 79KB - Virtual size: 79KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 633KB - Virtual size: 633KB