1ae5dc1737be930d2518bcac473f4fc63aded8ef730a454c9ee8fc1f7eeb9272

Sharing

Copy URL

Twitter E-mail

General

Target

1ae5dc1737be930d2518bcac473f4fc63aded8ef730a454c9ee8fc1f7eeb9272
Size

88KB
MD5

79e98c674f480b1eb34759bd3e802dbf
SHA1

8e8f60852340e88022324b526781e4f740e37c14
SHA256

1ae5dc1737be930d2518bcac473f4fc63aded8ef730a454c9ee8fc1f7eeb9272
SHA512

138396ea062204f1ec98007d0ce5da9473aab0f98ae14eed59438191f14f6414b6506d0a26872bf66ac07bc5481de72f51421a39028db78bf7c8e166dc891837
SSDEEP

1536:KQrQhL+InnBuF4lEYr9N2jeIBL9P+rNjLVqrtnFae5M+CfWJ:ri5nBUKL4lLkHkrtnFae5M+2W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ae5dc1737be930d2518bcac473f4fc63aded8ef730a454c9ee8fc1f7eeb9272

Files

1ae5dc1737be930d2518bcac473f4fc63aded8ef730a454c9ee8fc1f7eeb9272
.exe windows:5 windows x86

f0008f0b8331ec353b92ac6953bd3389

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushFileBuffers
CreateToolhelp32Snapshot
Process32FirstW
CloseHandle
Process32NextW
WriteFile
TerminateProcess
CreateProcessW
GetComputerNameExW
Sleep
CopyFileW
OutputDebugStringW
CreateFileW
GetCurrentProcessId
GetLocalTime
GetModuleFileNameW
GetLastError
WideCharToMultiByte
OpenProcess
CreateDirectoryW
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapReAlloc
VirtualAlloc
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
RtlUnwind
HeapSize
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
ExitProcess
GetStartupInfoW
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
RaiseException
HeapFree
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount

advapi32

CryptGenRandom
CryptAcquireContextW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
CryptReleaseContext

shell32

SHGetFolderPathW

ws2_32

inet_ntoa
gethostbyname
WSAStartup
recvfrom
sendto
inet_addr
ioctlsocket
closesocket
setsockopt
WSASocketW
htons
WSACleanup
WSAGetLastError
gethostname

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

secur32

GetUserNameExW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shlwapi

PathFileExistsW

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0008f0b8331ec353b92ac6953bd3389

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ws2_32

wtsapi32

secur32

version

shlwapi

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 13KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB