1c401f300277d41ffb24c2f24542a87f

Sharing

Copy URL Twitter E-mail

General

Target

1c401f300277d41ffb24c2f24542a87f
Size

408KB
MD5

1c401f300277d41ffb24c2f24542a87f
SHA1

1680bf9043ed124cf211edfb991c986e1b61d847
SHA256

cf223da1b6b54f8f4c057ae7a9d999e9670602e8a477bb3e61e5e4799200fe2d
SHA512

6dd5ce8441e56eb682b1497f96f1125594c3e1621645f7f9ce90885cb025067b1b2a368e40c2ee9dbcd7d345e87e9c1dd7e26afa918e6b371bd05970b9054343
SSDEEP

12288:9V/n8/rPewD6onKugDMGSsDWhzi6oHRQ50ubg:9ajLJni+hzi6UwD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c401f300277d41ffb24c2f24542a87f

Files

1c401f300277d41ffb24c2f24542a87f
.exe windows:4 windows x86 arch:x86

f28fd167830cd1dd9461e64f7f46b865

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetQueryDataAvailable
InternetGetCookieW
GetUrlCacheGroupAttributeA
FindFirstUrlCacheEntryA
DeleteIE3Cache
CreateUrlCacheGroup
GetUrlCacheEntryInfoA
DeleteUrlCacheEntryW
UnlockUrlCacheEntryFile
SetUrlCacheEntryGroupW
CreateUrlCacheContainerW
SetUrlCacheEntryInfoW
FindFirstUrlCacheContainerW
InternetWriteFileExW

comdlg32

ChooseColorA
FindTextW
PageSetupDlgA
PageSetupDlgW

gdi32

CreateRectRgn
SetMagicColors
CreateMetaFileW
Chord
AbortDoc
ExtTextOutA

advapi32

RegQueryInfoKeyW
CryptSetProviderA
CryptHashSessionKey
CryptSignHashW
RegCreateKeyA
CryptCreateHash
RegQueryValueA
AbortSystemShutdownW
RegQueryValueExA

kernel32

GetStringTypeW
InitializeCriticalSection
UnhandledExceptionFilter
QueryPerformanceCounter
DebugActiveProcess
RtlUnwind
GetPrivateProfileSectionW
VirtualAlloc
LocalCompact
lstrlenW
SetEndOfFile
ReadConsoleOutputAttribute
GetProcAddress
GetEnvironmentStringsA
FreeEnvironmentStringsW
GetProfileStringW
GlobalDeleteAtom
HeapReAlloc
SetCurrentDirectoryA
FreeEnvironmentStringsA
TransactNamedPipe
GetOEMCP
VirtualUnlock
GetCommandLineA
SetLastError
InterlockedExchange
GetCurrentThread
HeapAlloc
LocalFree
HeapCreate
GetCurrentThreadId
GetACP
GetFileType
HeapDestroy
DeleteCriticalSection
TlsFree
TerminateProcess
TlsSetValue
FoldStringA
WritePrivateProfileStringA
GetEnvironmentStringsW
TlsGetValue
ExitThread
MultiByteToWideChar
SetWaitableTimer
HeapFree
EnterCriticalSection
GetSystemTimeAsFileTime
LoadLibraryA
WideCharToMultiByte
GetStartupInfoA
LCMapStringA
WaitForMultipleObjects
lstrlenA
GetStringTypeA
GetStdHandle
GetVersion
GetCurrentProcessId
GetModuleHandleA
GetTickCount
LCMapStringW
TlsAlloc
GetCurrentProcess
WriteFile
SetThreadAffinityMask
GetUserDefaultLangID
VirtualQuery
GlobalGetAtomNameW
LeaveCriticalSection
GetCPInfo
GetLastError
ExitProcess
GetEnvironmentStrings
VirtualFree
IsBadWritePtr
SetHandleCount
GetModuleFileNameA

user32

SetWindowRgn
ValidateRgn
MapWindowPoints
GetWindowRgn
SetRectEmpty
SetDlgItemInt
RemovePropA
UnloadKeyboardLayout
DdeUnaccessData
DdeQueryStringA
IsDlgButtonChecked
InflateRect
TranslateMessage
DefDlgProcA
SetMenuContextHelpId
SetFocus
BringWindowToTop
GetSystemMetrics
GetComboBoxInfo
SetWinEventHook
DdeClientTransaction
GetKeyNameTextA

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 302KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f28fd167830cd1dd9461e64f7f46b865

Headers

File Characteristics

Imports

wininet

comdlg32

gdi32

advapi32

kernel32

user32

Sections

.text Size: 98KB - Virtual size: 98KB

.data Size: 302KB - Virtual size: 301KB

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 98KB - Virtual size: 98KB

.data
Size: 302KB - Virtual size: 301KB

.rsrc
Size: 7KB - Virtual size: 6KB