1d6be9e5b3379b846a1d567f97036943

Sharing

Copy URL

Twitter E-mail

General

Target

1d6be9e5b3379b846a1d567f97036943
Size

440KB
MD5

1d6be9e5b3379b846a1d567f97036943
SHA1

8c83102cecf749830be45f06683e99a51571aad9
SHA256

3b16ee4bc36808fbebbd5e19a74aef15c1af6cd84932500a6d532e647bb0445c
SHA512

22916227f73470656021fe8b1e28e68aa3736b02e02426159b434fcdc712dc233045ff83b0842b2d9f74a4e20100f90fa6add5e16f1a2a0f2867e22a0d4b42fb
SSDEEP

12288:a1M3B6IKD2rlC2+g3L9y0zaqLxIzE6H7DqxQm2q7:a1M3AIKD2rlCBSLE0za8xIzEC7DqAq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d6be9e5b3379b846a1d567f97036943

Files

1d6be9e5b3379b846a1d567f97036943
.exe windows:6 windows x86 arch:x86

3af701fcb8252873134d4d333adbd485

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
CreateFileW
FindClose
FindNextFileW
CloseHandle
lstrlenA
GetTickCount
Sleep
GetProcAddress
LoadLibraryA
GetModuleFileNameA
OutputDebugStringA
GetFullPathNameW
GetFullPathNameA
CreateFileA
CreateMutexW
HeapCompact
SetFilePointer
TryEnterCriticalSection
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FreeLibrary
SystemTimeToFileTime
QueryPerformanceCounter
WaitForSingleObject
UnlockFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
UnlockFileEx
FindFirstFileW
FormatMessageA
WriteFile
InitializeCriticalSection
LoadLibraryW
FormatMessageW
GetFileAttributesA
LeaveCriticalSection
HeapCreate
HeapValidate
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
GetCurrentThreadId
DeleteFileW
GetCurrentProcessId
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
IsProcessorFeaturePresent
EncodePointer
IsDebuggerPresent
GetFileSize
GetPrivateProfileStringW
GetEnvironmentVariableW
LocalFree
GetShortPathNameW
DeleteCriticalSection
DecodePointer
CopyFileA
HeapSize
GetLastError
InitializeCriticalSectionEx
GetFileAttributesW
HeapDestroy
WideCharToMultiByte
GetProcessHeap
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
HeapReAlloc

user32

wsprintfA
MessageBoxA

advapi32

RegCloseKey
RegOpenKeyA
UnlockServiceDatabase
OpenSCManagerA
SetServiceStatus
RegOpenKeyExA
StartServiceA
LockServiceDatabase
CreateServiceA
RegQueryValueExA
RegisterServiceCtrlHandlerA
RegSetValueExA
ChangeServiceConfig2A
StartServiceCtrlDispatcherA
CloseServiceHandle
OpenServiceA

shell32

SHGetSpecialFolderPathW
SHGetFolderPathA

crypt32

CryptUnprotectData

msvcp120

??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?id@?$collate@D@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_BADOFF@std@@3_JB
?id@?$ctype@D@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
_Strcoll
??_7facet@locale@std@@6B@
_Strxfrm
??_7_Facet_base@std@@6B@
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?tolower@?$ctype@D@std@@QBEDD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ

wininet

InternetOpenA
InternetSetOptionA
HttpSendRequestA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetConnectA
InternetReadFile
InternetCloseHandle
InternetCrackUrlA

msvcr120

rand
memcpy
memcmp
__CxxFrameHandler3
_CxxThrowException
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
?terminate@@YAXXZ
_except_handler4_common
_commode
_fmode
__initenv
_initterm
??3@YAXPAX@Z
_stricmp
sprintf
sprintf_s
memmove
_snprintf_s
free
malloc
memchr
_snwprintf_s
_purecall
_strdup
_vsnwprintf_s
??2@YAPAXI@Z
printf
strstr
strchr
fputc
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABV01@@Z
strncmp
_unlock_file
ungetc
fgetpos
_fseeki64
fflush
fgetc
fsetpos
strtok
setvbuf
_lock_file
_except1
srand
strftime
memcpy_s
fwrite
realloc
_localtime64
fclose
_time64
_localtime64_s
_msize
_endthreadex
_beginthreadex
memset
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e

Sections

.text
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3af701fcb8252873134d4d333adbd485

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

crypt32

msvcp120

wininet

msvcr120

Sections

.text Size: 364KB - Virtual size: 363KB

.rdata Size: 57KB - Virtual size: 56KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 1024B - Virtual size: 648B

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 364KB - Virtual size: 363KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 11KB - Virtual size: 10KB