1b1ee62546f4822144136b35271e57a134a7fcf22e37c1b73116ed4ac528720f

Sharing

Copy URL Twitter E-mail

General

Target

1b1ee62546f4822144136b35271e57a134a7fcf22e37c1b73116ed4ac528720f
Size

13KB
MD5

0110741fa51d0bbfbfc60080c87ab46b
SHA1

c45497d788cf54a7d52e4033345b44239c02f369
SHA256

1b1ee62546f4822144136b35271e57a134a7fcf22e37c1b73116ed4ac528720f
SHA512

35160a8badb8f3c1b872070d838b57f19a9fb6df1067c3006fe5913804a5bce71dabc5911e006bd6d0e69221b455512c86bd3758b36b8b66a5da53ea8e050e15
SSDEEP

192:627/8OXxSayLQn/pnZhf05jnv45H4H5sK2+s:6u0OB3nNZhf0BkH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b1ee62546f4822144136b35271e57a134a7fcf22e37c1b73116ed4ac528720f

Files

1b1ee62546f4822144136b35271e57a134a7fcf22e37c1b73116ed4ac528720f
.exe windows:6 windows x64

c59fc84443bb4f52e3d68a76bcd8f202

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
OutputDebugStringW
CloseHandle
CreateEventW
GetModuleHandleW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
IsDebuggerPresent

vcruntime140

memset
__vcrt_InitializeCriticalSectionEx
__C_specific_handler

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__acrt_iob_func
__p__commode
_set_fmode

api-ms-win-crt-runtime-l1-1-0

terminate
__p___argv
__p___argc
_exit
_register_thread_local_exe_atexit_callback
_initterm
_get_initial_narrow_environment
_c_exit
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_initterm_e
exit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c59fc84443bb4f52e3d68a76bcd8f202

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 420B

.gfids Size: 512B - Virtual size: 36B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 40B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 420B

.gfids
Size: 512B - Virtual size: 36B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 40B