1ccab6b3bc3155a6bdbea9ecc8f8e38d125c1c1dc74b6519a4b986297240f796

Sharing

Copy URL

Twitter E-mail

General

Target

1ccab6b3bc3155a6bdbea9ecc8f8e38d125c1c1dc74b6519a4b986297240f796
Size

1.6MB
MD5

827a6d37fb06ced329dfb2ba0760ac0c
SHA1

9d2eb2ec8bda4396f9060801b774ef69ad193c91
SHA256

1ccab6b3bc3155a6bdbea9ecc8f8e38d125c1c1dc74b6519a4b986297240f796
SHA512

27d6268881cb32b5d84e12144a412fa9a803e859d9c057b9558551b4904f6af87dbbe0271881f20a0d11957cb2bd7b5703fda7acef4684453280e1a5b1d421f2
SSDEEP

49152:COIydfuC31HE8gd3VyVeAZIy5GdQ+sdB:CXydfVHElgXGdFsdB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ccab6b3bc3155a6bdbea9ecc8f8e38d125c1c1dc74b6519a4b986297240f796

Files

1ccab6b3bc3155a6bdbea9ecc8f8e38d125c1c1dc74b6519a4b986297240f796
.dll windows:5 windows x86

11088e73a16c555ea4c5f08efda254b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
GetModuleFileNameW
GetBinaryTypeW
GetModuleHandleA
GetShortPathNameA
GetSystemTimeAsFileTime
GetOEMCP
Process32FirstW
GetProcessHeap
WaitForSingleObjectEx
GetUserDefaultLCID
MulDiv
SetEndOfFile
HeapDestroy
GetACP
LoadLibraryW

ws2_32

select

shell32

SHSetLocalizedName
ShellExecuteW
SHLoadInProc

esent

JetInit2
JetTerm2

winmm

midiOutUnprepareHeader
mciSendCommandW

winspool.drv

EnumPrinterDataExW
AddPrinterDriverW
DocumentPropertiesW

gdi32

PlayMetaFile
GetStretchBltMode
ResizePalette
CreateDiscardableBitmap
SetMetaRgn
ResetDCA

ole32

CoTaskMemAlloc
CoInitializeSecurity

rpcrt4

RpcBindingVectorFree
UuidCreateNil
NdrSimpleTypeMarshall
I_RpcSsDontSerializeContext
NdrAllocate

avifil32

AVIStreamSampleToTime

opengl32

glPixelStorei

setupapi

SetupUninstallNewlyCopiedInfs
SetupDiGetClassDescriptionExW
SetupDiBuildClassInfoList
SetupDiDeleteDeviceInterfaceData
SetupDiGetClassInstallParamsW
SetupDiCreateDeviceInterfaceRegKeyW

user32

GetNextDlgGroupItem
SetCapture
IsCharAlphaW
GetClipboardViewer
GetMenuContextHelpId
GetUpdateRgn
DefDlgProcA
PostMessageW
InsertMenuA
SetCursorPos

shlwapi

StrCmpNIA

advapi32

AddAccessDeniedObjectAce
CryptEncrypt
GetEffectiveRightsFromAclW
QueryServiceStatus
RegDeleteKeyW
RegCloseKey
LookupPrivilegeValueA
AreAnyAccessesGranted

wininet

InternetReadFileExA
InternetQueryOptionA

oleaut32

SafeArrayCreate
VarBoolFromStr
VarDateFromBool
GetErrorInfo
VectorFromBstr
GetRecordInfoFromGuids

clusapi

ClusterOpenEnum

winscard

g_rgSCardT1Pci

Exports

Exports

IehhzrfLieerati

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11088e73a16c555ea4c5f08efda254b6

Headers

File Characteristics

Imports

kernel32

ws2_32

shell32

esent

winmm

winspool.drv

gdi32

ole32

rpcrt4

avifil32

opengl32

setupapi

user32

shlwapi

advapi32

wininet

oleaut32

clusapi

winscard

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 56KB - Virtual size: 57KB

CODE Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 56KB - Virtual size: 57KB

CODE
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB