1f3a1a6a232ac371ed645205410eabcfb87de7e314aac19469bcc05f0bab054f

Sharing

Copy URL Twitter E-mail

General

Target

1f3a1a6a232ac371ed645205410eabcfb87de7e314aac19469bcc05f0bab054f
Size

8.8MB
MD5

3cbbe3b5f507b74fac359990b1325dee
SHA1

cbf62be237957916a23c7a6013c9d01a39861a8a
SHA256

1f3a1a6a232ac371ed645205410eabcfb87de7e314aac19469bcc05f0bab054f
SHA512

4449c4dd49076e33195cca9a78c2838ecdf4d521a8865e6eb0eb9653a2248ca9a3b46eeb67fa107e1d5257295beb07a3cddb8ff2f1b955c467b91feea6e522e3
SSDEEP

196608:G2tDNNMy7vyLJGwe4Rnc3JnFi93a8PVIS3:vBZ7WRnOP+3HI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f3a1a6a232ac371ed645205410eabcfb87de7e314aac19469bcc05f0bab054f

Files

1f3a1a6a232ac371ed645205410eabcfb87de7e314aac19469bcc05f0bab054f
.exe windows:6 windows x64 arch:x64

725c6d16af0c113c652487fd3f6f19ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp140

??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ

mfc140u

ord3951

kernel32

VirtualProtectEx
GetVersion
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetShellWindow
CharUpperBuffW

advapi32

RegCloseKey

comctl32

InitCommonControlsEx

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_copy

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-string-l1-1-0

strcat_s

api-ms-win-crt-heap-l1-1-0

realloc

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-runtime-l1-1-0

_crt_atexit

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

api-ms-win-crt-time-l1-1-0

_localtime64

ws2_32

WSACleanup

ntdll

NtQuerySystemInformation

ole32

CoCreateGuid

Sections

.text
Size: - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Cx6
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ieq
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.p5L
Size: 8.8MB - Virtual size: 8.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

725c6d16af0c113c652487fd3f6f19ad

Headers

DLL Characteristics

File Characteristics

Imports

msvcp140

mfc140u

kernel32

user32

advapi32

comctl32

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

ws2_32

ntdll

ole32

Sections

.text Size: - Virtual size: 114KB

.rdata Size: - Virtual size: 33KB

.data Size: - Virtual size: 3.4MB

.pdata Size: - Virtual size: 4KB

.Cx6 Size: - Virtual size: 3.9MB

.ieq Size: 5KB - Virtual size: 4KB

.p5L Size: 8.8MB - Virtual size: 8.8MB

.rsrc Size: 68KB - Virtual size: 67KB

.text
Size: - Virtual size: 114KB

.rdata
Size: - Virtual size: 33KB

.data
Size: - Virtual size: 3.4MB

.pdata
Size: - Virtual size: 4KB

.Cx6
Size: - Virtual size: 3.9MB

.ieq
Size: 5KB - Virtual size: 4KB

.p5L
Size: 8.8MB - Virtual size: 8.8MB

.rsrc
Size: 68KB - Virtual size: 67KB