1ade1482deeab31a4b80a247fa2a7586

Sharing

Copy URL Twitter E-mail

General

Target

1ade1482deeab31a4b80a247fa2a7586
Size

455KB
MD5

1ade1482deeab31a4b80a247fa2a7586
SHA1

b62d2a867357148449cabe8f5d0c5d8a3bf67b97
SHA256

bb17e7483b7bd0f0e88146cc41b73fa6178875a2493bbb9991841009eac84c49
SHA512

37371ba084123c51a10aa4222d20e6113154662847ca5fe86007c11c01bbef1fee21752f98b1edd1dac0d81f783158d560de6b5e14282101a6eddde24a859425
SSDEEP

12288:RUh7lRc9ZNqzBheew6J/o6GmWIaUISLN9vptwzAmPXr:RwRq/chetaAEXvptUr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ade1482deeab31a4b80a247fa2a7586

Files

1ade1482deeab31a4b80a247fa2a7586
.exe windows:5 windows x86 arch:x86

a58d58652bc1a4b42f5a0d86399c1b39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSALookupServiceNextW
getnameinfo
WSASendTo
WSAStringToAddressA
WSALookupServiceEnd
WSALookupServiceBeginW
WSASocketW
WSAIoctl
freeaddrinfo
WSAAddressToStringA
WSAEventSelect
WSARecvFrom
getaddrinfo
WSAAddressToStringW

crypt32

CryptUnprotectData
CertCloseStore
CertOpenStore
CertFindCertificateInStore
CertFreeCertificateContext

dnsapi

DnsReplaceRecordSetW
DnsValidateName_A
DnsApiFree

shell32

ExtractIconW
Shell_NotifyIconW

wmi

WmiNotificationRegistrationW

advapi32

RegQueryValueExA
CryptSetProviderA
RegEnumKeyExW
RegQueryInfoKeyA
RegDeleteValueW
RegEnumKeyExA
CryptAcquireContextA
CryptVerifySignatureA
RegDeleteKeyW
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegEnumValueW
RegQueryValueExW
RegDeleteValueA
CryptSignHashA
RegQueryInfoKeyW
RegEnumValueA
RegCreateKeyExW
RegSetValueExW

rpcrt4

RpcBindingFromStringBindingW
NdrClientCall2

comctl32

ImageList_GetIconSize
ImageList_Draw
CreateToolbarEx
ImageList_Destroy
InitCommonControlsEx
PropertySheetW
CreatePropertySheetPageW

kernel32

SetFileTime
SetThreadPriority
GetACP
LockResource
FormatMessageW
GetFileAttributesA
GetLocaleInfoW
GetUserDefaultLCID
FindNextFileW
UnlockFile
RtlUnwind
GetCommandLineW
LCMapStringA
GetProcessHeap
SetEvent
GetVersionExW
SizeofResource
HeapDestroy
EnterCriticalSection
GetFileAttributesW
FileTimeToLocalFileTime
TlsGetValue
SuspendThread
ResumeThread
lstrlenW
GetVersion
CompareStringW
lstrcmpA
VirtualAlloc
CloseHandle
GetSystemInfo
HeapFree
ResetEvent
FatalAppExitA
RaiseException
GetCurrentThread
InterlockedDecrement
GetDriveTypeW
SetErrorMode
GlobalGetAtomNameW
HeapCreate
MulDiv
GlobalLock
IsValidCodePage
FileTimeToSystemTime
TerminateProcess
WritePrivateProfileStringW
GetStdHandle
DuplicateHandle
SetFileAttributesW
InitializeCriticalSection
WaitForSingleObject
GlobalSize
GlobalAlloc
HeapAlloc
LockFile
TlsSetValue
FreeResource
UnhandledExceptionFilter
GlobalDeleteAtom
GetPrivateProfileIntW
GlobalHandle
CreateEventW
TlsFree
GlobalFlags
VirtualFree
DeleteFileW
LCMapStringW
LocalReAlloc
lstrcmpW
LoadResource
TlsAlloc
InterlockedIncrement
GetVolumeInformationW
GetCurrentProcess
FreeEnvironmentStringsW
ExitThread
GetOEMCP
lstrcpyA
SetCurrentDirectoryA
ConvertDefaultLocale
FindClose
GetStartupInfoW
IsDebuggerPresent
GetCurrentDirectoryA
GetLastError
GlobalFindAtomW
lstrlenA
GetStringTypeExW
GetShortPathNameW
GetVersionExA
LeaveCriticalSection
SetHandleCount
SetLastError
Sleep
GlobalUnlock
SetEndOfFile
GetEnvironmentStrings
ReadFile
DeleteCriticalSection
CreateFileW
FlushFileBuffers
WideCharToMultiByte
GetFullPathNameW
SetFilePointer
GlobalAddAtomW
FindResourceW
GetEnvironmentStringsW
LoadLibraryA
GetAtomNameW
CompareStringA
SystemTimeToFileTime
CreateThread
GetCurrentThreadId
GetCurrentProcessId
GetCPInfo
LocalAlloc
FindFirstFileW
GetFileSize
EnumResourceLanguagesW
FreeEnvironmentStringsA
GlobalFree
ExitProcess
lstrcmpiW
WriteFile
GetFileTime
CopyFileW
HeapReAlloc
InterlockedExchange
GetPrivateProfileStringW
CreateProcessW
GetModuleFileNameW
GetModuleHandleA
GetThreadLocale
MoveFileW
LocalFileTimeToFileTime
GlobalReAlloc
GetCommandLineA
SetUnhandledExceptionFilter
HeapSize

comdlg32

PrintDlgA
GetOpenFileNameA

msvcrt

wcscpy
_ltoa
atol
malloc
strtoul
_wcsicmp
_itow
_snwprintf
_initterm
wcschr
free
_adjust_fdiv
strncmp
isxdigit
wcscmp
__dllonexit
_wcsnicmp
memmove
wcscat
_ltow
_onexit
wcslen
sprintf
qsort
isdigit
_except_handler3
isupper
bsearch
strncpy

Sections

.data
Size: 35KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 359KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a58d58652bc1a4b42f5a0d86399c1b39

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

dnsapi

shell32

wmi

advapi32

rpcrt4

comctl32

kernel32

comdlg32

msvcrt

Sections

.data Size: 35KB - Virtual size: 1.8MB

.rsrc Size: 16KB - Virtual size: 15KB

.rdata Size: 359KB - Virtual size: 358KB

.text Size: 44KB - Virtual size: 44KB

.data
Size: 35KB - Virtual size: 1.8MB

.rsrc
Size: 16KB - Virtual size: 15KB

.rdata
Size: 359KB - Virtual size: 358KB

.text
Size: 44KB - Virtual size: 44KB