1b01f9aca65a2e6047405951d31bc0f1

Sharing

Copy URL Twitter E-mail

General

Target

1b01f9aca65a2e6047405951d31bc0f1
Size

175KB
MD5

1b01f9aca65a2e6047405951d31bc0f1
SHA1

fd8821ef07fd32fa93970d6d8db8d6b0190446be
SHA256

688521ac252df09b66552d4a9746a58b584a870a6940ed8885ab54eafb41394d
SHA512

62307ff9e780b8ecbaebb22b2dfb7349a0079b57eb607185d2c651c0a91fa4114e992f631c4b7ab6ffa9faaa087ee91e90108654a9893f33072dd3fd5a18dbff
SSDEEP

3072:cuLPyB/LD3dUcCDwtLFbik/MlJ9EOK3UtEBW0dZbZ1a7aWGrfGzIqMLsWHqU0Mmb:cRBBCDwt9ikm0OKEyW0dZ91waW2fGzWU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b01f9aca65a2e6047405951d31bc0f1

Files

1b01f9aca65a2e6047405951d31bc0f1
.dll windows:6 windows x86 arch:x86

60e9f3380fce189dae48056ca736a4e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

ShellExecuteA

kernel32

ExitProcess
CreateSemaphoreA
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObject
ReleaseSemaphore
GetTempPathA
WriteConsoleW
SetEndOfFile
HeapSize
GetStringTypeW
FlushFileBuffers
SetStdHandle
CreateFileW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
SetFilePointerEx
GetFileSizeEx
CreateDirectoryA
HeapReAlloc
GetFileType
GetStdHandle
TerminateProcess
OpenProcess
Process32First
Process32Next
CreateToolhelp32Snapshot
GetDriveTypeA
FindClose
FindNextFileA
FindFirstFileA
CloseHandle
GetLastError
GetCurrentThread
lstrcatA
GlobalMemoryStatus
GetSystemInfo
GetModuleHandleA
GetVersionExA
lstrcpyA
LocalAlloc
GetComputerNameA
Sleep
GetTickCount
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryA
MoveFileA
CopyFileA
ResumeThread
SuspendThread
DeleteFileA
GetModuleFileNameA
ReadFile
PeekNamedPipe
CreateProcessA
DecodePointer
GetEnvironmentVariableA
CreatePipe
ExitThread
TerminateThread
CreateFileA
CreateThread
GetConsoleOutputCP
LCMapStringW
HeapFree
HeapAlloc
ReadConsoleW
GetConsoleMode
GetModuleFileNameW
GetModuleHandleExW
RaiseException
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileAttributesA
WriteFile

user32

GetWindowDC
GetDC
ReleaseDC
GetSystemMetrics
wsprintfA
PostQuitMessage
GetForegroundWindow
GetWindowTextA
GetWindow
IsWindowVisible
ShowWindow
CreateDialogParamA
GetMessageA
TranslateMessage
DispatchMessageA
CallNextHookEx
GetKeyboardState
GetKeyState
ToUnicodeEx
ToAsciiEx
SetWindowsHookExA
UnhookWindowsHookEx
ExitWindowsEx
GetDesktopWindow
IsWindow
SendMessageA
DestroyWindow

advapi32

RegQueryValueExA
RegCloseKey
OpenProcessToken
OpenSCManagerA
RegSetValueExA
RegCreateKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegEnumValueA
RegEnumKeyExA
RegQueryInfoKeyA
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenThreadToken
GetUserNameA
QueryServiceConfigA
EnumServicesStatusA
ControlService
QueryServiceStatusEx
CloseServiceHandle
StartServiceA
OpenServiceA
RegOpenKeyExA

gdi32

SaveDC
SetPixel
GetPixel
DeleteObject
RestoreDC
BitBlt
SelectObject
DeleteDC
CreateDIBSection
GetDeviceCaps
CreateCompatibleDC
CreateDCA
SetDIBits
CreateCompatibleBitmap
GetDIBits
GetObjectA

ws2_32

gethostname
WSAGetLastError
send
WSACleanup
closesocket
inet_addr
htons
inet_ntoa
connect
WSAAsyncSelect
recv
WSASetLastError
bind
listen
accept
socket
gethostbyname
WSAStartup

winmm

mciSendStringA

gdiplus

GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipLoadImageFromFile
GdipDisposeImage
GdipCloneImage
GdipFree
GdipLoadImageFromFileICM

ntdll

RtlUnwind

userenv

GetUserProfileDirectoryA

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

Exports

Exports

?KeyEvent@@YGJHIJ@Z

Sections

.data
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

60e9f3380fce189dae48056ca736a4e5

Headers

DLL Characteristics

File Characteristics

Imports

shell32

kernel32

user32

advapi32

gdi32

ws2_32

winmm

gdiplus

ntdll

userenv

avicap32

Exports

Exports

Sections

.data Size: 161KB - Virtual size: 160KB

.bss Size: - Virtual size: 32KB

.idata Size: 6KB - Virtual size: 5KB

.reloc Size: 7KB - Virtual size: 6KB

.data
Size: 161KB - Virtual size: 160KB

.bss
Size: - Virtual size: 32KB

.idata
Size: 6KB - Virtual size: 5KB

.reloc
Size: 7KB - Virtual size: 6KB