1d1d6e305844ab0911a1c4ecd6c1c8f1d9d54156f0dd594a27d903cece392738

Sharing

Copy URL Twitter E-mail

General

Target

1d1d6e305844ab0911a1c4ecd6c1c8f1d9d54156f0dd594a27d903cece392738
Size

212KB
MD5

681a5e7c84bd627ec8495e5fd2fa0152
SHA1

b99ab2234496cf3e98247b286276aa57b38918f1
SHA256

1d1d6e305844ab0911a1c4ecd6c1c8f1d9d54156f0dd594a27d903cece392738
SHA512

4027cd25da4f6e928af8080768c621cdc1eb39b6326fa2095f549a062f9cf4919f197030469f48f9dcec24bd567bc3ad23ba184e2eedbca7b8cf2d553a200bec
SSDEEP

3072:s3MBTvdWeOh2NCFX+5iJJRHibqnAYW4OVwbqhtvMiF:s+Jm0CFX+5iIbqJOabqYs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d1d6e305844ab0911a1c4ecd6c1c8f1d9d54156f0dd594a27d903cece392738

Files

1d1d6e305844ab0911a1c4ecd6c1c8f1d9d54156f0dd594a27d903cece392738
.exe windows:4 windows x86 arch:x86

50e41286d0b107f61b4e0e11965457a2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidCreate

psapi

GetModuleFileNameExW

kernel32

SetEvent
GetSystemDirectoryW
Process32FirstW
GetNativeSystemInfo
WideCharToMultiByte
OutputDebugStringA
MultiByteToWideChar
HeapDestroy
HeapCreate
LoadLibraryA
GetModuleFileNameW
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapSize
FindFirstFileW
HeapAlloc
OpenProcess
FindClose
FileTimeToSystemTime
CreateProcessW
GetPrivateProfileStringW
FreeLibrary
WritePrivateProfileStringW
TerminateProcess
WaitForSingleObject
GetProcAddress
OpenEventW
GetProcessHeap
GetLastError
GetTickCount
Sleep
GetModuleHandleW
CreateToolhelp32Snapshot
Process32NextW
HeapFree
OutputDebugStringW
GetSystemTime
GetCurrentProcess
LoadLibraryW
GetVersionExW
CloseHandle
MoveFileExW
FindNextFileW
SystemTimeToFileTime
GetACP
GetOEMCP
IsValidLocale
EnumSystemLocalesA
GetCurrentThreadId
GetUserDefaultLCID
GetLocaleInfoA
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
SetLastError
TlsFree
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
WriteFile
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetFileAttributesW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetFileAttributesA
GetSystemTimeAsFileTime
GetModuleHandleA
ExitProcess
GetVersionExA
GetStartupInfoW
GetStringTypeA
GetStringTypeW
RtlUnwind
RaiseException
GetCPInfo
LCMapStringA
LCMapStringW
VirtualFree
VirtualAlloc
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
IsValidCodePage

user32

GetWindowLongW
GetClassNameW
GetDesktopWindow
PostMessageW
GetWindowTextW
EnumWindows
EnableWindow
GetDlgItem
FindWindowExW
GetWindowThreadProcessId
wsprintfW
MessageBoxW
ChangeDisplaySettingsW

advapi32

InitializeSecurityDescriptor
RegOpenKeyW
RegSetValueExA
SetNamedSecurityInfoW
CopySid
RegDeleteKeyW
RegOpenKeyExW
RegDeleteValueW
SetSecurityDescriptorDacl
FreeSid
RegQueryValueExA
RegSetValueExW
GetLengthSid
AllocateAndInitializeSid
CreateServiceW
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
OpenServiceW
OpenSCManagerW
AddAccessAllowedAce
AddAccessAllowedAceEx
RegCreateKeyA
RegCreateKeyW
StartServiceW
RegQueryValueExW
InitializeAcl
RegCreateKeyExW
QueryServiceStatusEx
CloseServiceHandle

shell32

SHGetSpecialFolderLocation
ShellExecuteExW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoInitialize

log4cplusu

?forcedLog@Logger@log4cplus@@QBEXHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PBDH@Z
??1Logger@log4cplus@@UAE@XZ
?isEnabledFor@Logger@log4cplus@@QBE_NH@Z
?getInstance@Logger@log4cplus@@SA?AV12@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

libelclogu

?DoConfigure@LibElcLog@ElcComponent@@YAXPB_W@Z

ws2_32

WSCEnumProtocols
WSCInstallProvider
WSACleanup
WSCWriteProviderOrder
WSCDeinstallProvider
WSAStartup

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50e41286d0b107f61b4e0e11965457a2

Headers

File Characteristics

Imports

rpcrt4

psapi

kernel32

user32

advapi32

shell32

ole32

log4cplusu

libelclogu

ws2_32

Sections

.text Size: 148KB - Virtual size: 145KB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 20KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 148KB - Virtual size: 145KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 20KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 1KB