1bd19d36fe54b4695230d91f695bf51e

Sharing

Copy URL Twitter E-mail

General

Target

1bd19d36fe54b4695230d91f695bf51e
Size

42KB
MD5

1bd19d36fe54b4695230d91f695bf51e
SHA1

a13b5df85a935738d3bad402eacabeb2a2df5340
SHA256

34a9710552e6ca181585b5a2d6c0df20abd4da2aa0cc91e17fd8d39110387ca1
SHA512

c2c18e15558991c7f2e34c7a782f8ae395616db68485622cdf4442767bb90409cc25f8da23f198cafbc80c32fe05f52f3b0325fdda4d847c9de8fd3be2652e76
SSDEEP

768:6Q8OPlSjDeKUCl3VGNVFSMrGSgHArQgIPsHtNr4WuuZ4Ggrsx2csCBTZWKGw2/A2:kKwj6KPKSMrGNArQgI+546hDRBS/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/photo.exe

Files

1bd19d36fe54b4695230d91f695bf51e
.zip
photo.exe
.exe windows:4 windows x86 arch:x86

7809afa81e2d1f3147e75dae16491b93

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ntohl
htonl
bind
closesocket
getsockname
gethostbyname
WSAStartup
setsockopt
send
listen
accept
WSACleanup
inet_addr
shutdown
recv
inet_ntoa
socket
htons
ioctlsocket
connect
select

advapi32

GetUserNameA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA

wininet

InternetReadFile
InternetOpenA
InternetOpenUrlA

kernel32

GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
SetStdHandle
SetEndOfFile
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
CompareStringA
CompareStringW
SetEnvironmentVariableA
LocalFree
RaiseException
IsBadCodePtr
GetFileAttributesA
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
GetStdHandle
GlobalUnlock
GlobalLock
GlobalAlloc
GetWindowsDirectoryA
InterlockedDecrement
GetTickCount
Sleep
CopyFileA
GetProcAddress
LoadLibraryA
MultiByteToWideChar
SetFileTime
CloseHandle
GetFileTime
CreateFileA
SetFileAttributesA
ExitThread
GetSystemDirectoryA
CreateDirectoryA
GetModuleFileNameA
GlobalFree
UnmapViewOfFile
lstrlenA
MapViewOfFile
CreateFileMappingA
SetFilePointer
WriteFile
GetFileSize
FindClose
FindNextFileA
lstrcatA
GetFullPathNameA
SetCurrentDirectoryA
FindFirstFileA
GetDriveTypeA
LeaveCriticalSection
EnterCriticalSection
CreateThread
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
ExitProcess
CreateProcessA
WaitForSingleObject
CreateMutexA
SetErrorMode
GetTempPathA
GetLastError
GetVersionExA
TerminateThread
ExpandEnvironmentStringsA
HeapSize
GetModuleHandleA
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
SetHandleCount
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetCurrentProcess
TerminateProcess
ReadFile
LCMapStringW
LCMapStringA
WideCharToMultiByte
GetVersion
GetCommandLineA
GetStartupInfoA
GetLocalTime
GetSystemTime
GetTimeZoneInformation
HeapFree
HeapAlloc
RtlUnwind

user32

SetClipboardData
OpenClipboard
CloseClipboard
EmptyClipboard
VkKeyScanA
keybd_event
ShowWindow
SetFocus
FindWindowA
GetWindowThreadProcessId
CharLowerA
BlockInput
SetForegroundWindow

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

GetErrorInfo
VariantInit
SysAllocString
SysFreeString
VariantClear

shfolder

SHGetFolderPathA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7809afa81e2d1f3147e75dae16491b93

Headers

File Characteristics

Imports

ws2_32

advapi32

wininet

kernel32

user32

ole32

oleaut32

shfolder

version

Sections

.text Size: 67KB - Virtual size: 67KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 9KB - Virtual size: 22KB

.text
Size: 67KB - Virtual size: 67KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 9KB - Virtual size: 22KB