1b5476583cc6b4fa5cd1f7e26cc1ef81cb4e1ce4c1840694a5a7fc244cbb736a

Sharing

Copy URL Twitter E-mail

General

Target

1b5476583cc6b4fa5cd1f7e26cc1ef81cb4e1ce4c1840694a5a7fc244cbb736a
Size

1.4MB
MD5

e88b5e649f5bbfadf30821c3de010e20
SHA1

610e0ba939fdb9ea45efc1f2ad63d6d0b0ac4bc3
SHA256

1b5476583cc6b4fa5cd1f7e26cc1ef81cb4e1ce4c1840694a5a7fc244cbb736a
SHA512

0024ac19197cfcc02f56a9de706734983179f1be14fd20a2505d4905d07d1c18254ed5b9efbf0e5e6ee8f95419666f8fd853f996fd7ad95586a4664e5bbc0046
SSDEEP

24576:JMlLAta2HCP6GyNZ3VVH79FP5hdgRp51ey6qth77rDrjdAT9bImIiMpFgnusg:JMlLr2iP67VhI3PeyBrDrJA3Eeg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b5476583cc6b4fa5cd1f7e26cc1ef81cb4e1ce4c1840694a5a7fc244cbb736a

Files

1b5476583cc6b4fa5cd1f7e26cc1ef81cb4e1ce4c1840694a5a7fc244cbb736a
.exe windows x86

e9aa112a96583a5de2a46420d814be9c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
Sleep
CloseHandle
GetCurrentThreadId
SetLastError
InitializeCriticalSection
DeleteCriticalSection
GetLastError
CreateMutexW
lstrcmpiW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetCommandLineW
WriteFile
CreateFileW
FindAtomW
GlobalAddAtomW
GetTickCount
WideCharToMultiByte
lstrcpyW
FindNextFileW
FindClose
GetFullPathNameW
FindFirstFileW
CreateFileA
GetTempPathA
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetSystemTimeAsFileTime
GetStartupInfoW
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTempFileNameW
MoveFileW
MoveFileExW
CopyFileW
GetDriveTypeW
GetModuleHandleW
GetModuleFileNameW
MulDiv
RaiseException
GetPrivateProfileStringW
GetFileAttributesW
GetTempPathW
lstrcmpiA
DeviceIoControl
SetEnvironmentVariableW
GlobalFindAtomW
GetFileSizeEx
SystemTimeToFileTime
LocalFileTimeToFileTime
ReleaseMutex
FormatMessageW
GetSystemTime
LocalFree
lstrcmpA
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
SetFileAttributesW
CreateDirectoryW
WritePrivateProfileStringW
lstrlenA
OutputDebugStringW
DebugBreak
InterlockedIncrement
RemoveDirectoryW
GetProcAddress
DeleteFileW
GetSystemDirectoryW
LoadLibraryW
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
LCMapStringW
QueryPerformanceCounter
GetStartupInfoA
InterlockedCompareExchange
GetStdHandle
SetEndOfFile
SetFileTime
ReadFile
GetFileSize
UnmapViewOfFile
SetFilePointer
MapViewOfFile
CreateFileMappingW
FindResourceExW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
GetFileTime
GetExitCodeProcess
WaitForSingleObject
lstrlenW
InterlockedDecrement
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeLibrary
SetFilePointerEx
FreeEnvironmentStringsW
GetConsoleMode
GetLongPathNameW
TerminateProcess
GetConsoleCP
GetModuleFileNameA
HeapCreate
OpenProcess
GetCurrentProcessId
GetEnvironmentVariableW
GetVersionExW
LockResource
GetFileAttributesExW
OpenThread
CreateToolhelp32Snapshot
Module32FirstW
SuspendThread
Module32NextW
Thread32First
Thread32Next
IsValidCodePage

user32

wvsprintfW
SendMessageTimeoutW
LoadStringW
CharNextW
SendMessageW
FindWindowW
CreateWindowExW
DestroyWindow
GetWindowLongW
SetWindowPos
GetWindowRect
GetClientRect
InvalidateRect
ShowWindow
IsWindowVisible
RedrawWindow
UpdateWindow
GetDC
ReleaseDC
GetActiveWindow
MessageBoxW
GetWindowPlacement
CopyRect
KillTimer
SetTimer
PostMessageW
ScreenToClient
DefWindowProcW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
BringWindowToTop
GetSystemMetrics
LoadImageW
LoadIconW
CreateDialogParamW
IsIconic
PostQuitMessage
InflateRect
GetParent
GetWindow
MonitorFromWindow
GetMonitorInfoW
IsDialogMessageW
MoveWindow
GetSystemMenu
SetWindowTextW
EnableMenuItem
GetWindowThreadProcessId
wsprintfW
ExitWindowsEx
UnregisterClassA
IsWindowEnabled
EnableWindow
CharUpperW
GetWindowTextLengthW
GetWindowTextW
MapWindowPoints
MessageBeep
SetFocus
SetWindowLongW
IsWindow
GetDlgItem
SetDlgItemTextW

gdi32

DeleteObject
GetStockObject

advapi32

RegSetValueExW
RegEnumKeyExA
RegQueryValueExA
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExA
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

ShellExecuteExW
SHChangeNotify
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteW
ord680
SHBrowseForFolderW
ord165
SHFileOperationW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateGuid
CoUninitialize
CoInitialize
OleRun
CoCreateInstance
CoTaskMemFree

oleaut32

SystemTimeToVariantTime
VarUdateFromDate
VariantTimeToSystemTime
VariantInit
SysStringLen
SysStringByteLen
SysAllocStringByteLen
VariantClear
SysAllocString
VarUI4FromStr
SysFreeString

shlwapi

PathRemoveExtensionW
PathFindFileNameW
PathIsDirectoryW
SHSetValueW
SHGetValueW
SHDeleteValueW
PathMatchSpecW
StrRetToStrW
PathIsPrefixW
PathRemoveFileSpecW
SHSetValueA
PathCombineA
PathAppendA
PathFindExtensionW
wnsprintfW
PathFileExistsW
PathCombineW
PathAppendW
PathIsRelativeW
SHDeleteKeyW
SHGetValueA

comctl32

InitCommonControlsEx

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

netapi32

Netbios

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetModuleFileNameExW
EnumProcesses

setupapi

SetupIterateCabinetW

Sections

.text
Size: 406KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 889KB - Virtual size: 889KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9aa112a96583a5de2a46420d814be9c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

urlmon

iphlpapi

wininet

netapi32

version

psapi

setupapi

Sections

.text Size: 406KB - Virtual size: 406KB

.rdata Size: 81KB - Virtual size: 81KB

.data Size: 17KB - Virtual size: 28KB

.rsrc Size: 889KB - Virtual size: 889KB

.reloc Size: 33KB - Virtual size: 33KB

.text
Size: 406KB - Virtual size: 406KB

.rdata
Size: 81KB - Virtual size: 81KB

.data
Size: 17KB - Virtual size: 28KB

.rsrc
Size: 889KB - Virtual size: 889KB

.reloc
Size: 33KB - Virtual size: 33KB