1eb385d09f45c207e552c76431688f2d

Sharing

Copy URL

Twitter E-mail

General

Target

1eb385d09f45c207e552c76431688f2d
Size

576KB
MD5

1eb385d09f45c207e552c76431688f2d
SHA1

df6cb68422abc1afb15ea8502e7d410653a8c30b
SHA256

d00f875900021374167170209a3dc3f3f5fd1a2d168ecd7dea768e37d38575f3
SHA512

5058cbe782b6ad30e57355a38fc1bd87eefebbe564603dc521ffa0fe75614e9524de292d8f22dd950ece8923babf5ab4630de83f10f9570f488e67c2dccb3cec
SSDEEP

12288:3vZZp+jGbOuorSl8ah0ij7I/ZOt7jyj8PDCWMC2wVvvhwMk1:B6j88amijKs7jMmCWMC2wdhwv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1eb385d09f45c207e552c76431688f2d

Files

1eb385d09f45c207e552c76431688f2d
.exe windows:4 windows x86 arch:x86

2353b7d4e985e0b52aca1ccf89553998

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
recv
send
htonl
inet_addr
closesocket
gethostbyname
inet_ntoa
bind
listen
accept
gethostbyaddr
socket
htons
connect
WSACleanup

iphlpapi

GetAdaptersInfo
GetIpAddrTable

kernel32

CreateFileW
CreateFileA
ReadFile
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidCodePage
IsValidLocale
GetLocaleInfoA
GetStringTypeW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CopyFileA
Sleep
CreateMutexA
OpenMutexA
DeleteFileA
GetModuleFileNameA
WideCharToMultiByte
GetCommandLineW
SetEvent
CreateEventA
CloseHandle
CreateThread
HeapFree
HeapAlloc
GetProcessHeap
Process32Next
Process32First
CreateToolhelp32Snapshot
GetModuleFileNameW
GetTickCount
WaitForSingleObject
ExitThread
FindClose
FindNextFileA
FindFirstFileA
GetDriveTypeA
GetLogicalDrives
WinExec
SetEndOfFile
GetFileAttributesA
RaiseException
GetStringTypeA
FlushFileBuffers
SetFilePointer
GetConsoleMode
GetConsoleCP
LoadLibraryA
GetOEMCP
InterlockedIncrement
InterlockedDecrement
GetCommandLineA
GetVersionExA
GetStartupInfoA
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapValidate
IsBadReadPtr
GetProcAddress
GetModuleHandleA
ExitProcess
GetSystemTimeAsFileTime
GetLastError
GetCurrentThreadId
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
QueryPerformanceCounter
GetCurrentProcessId
FatalAppExitA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
VirtualFree
WriteFile
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
HeapReAlloc
VirtualAlloc
GetACP

advapi32

RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

shell32

CommandLineToArgvW
ShellExecuteA

ole32

CoCreateInstance
OleInitialize

oleaut32

SysAllocString
SysStringLen
SysFreeString

Sections

.text
Size: 456KB - Virtual size: 455KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2353b7d4e985e0b52aca1ccf89553998

Headers

File Characteristics

Imports

ws2_32

iphlpapi

kernel32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 456KB - Virtual size: 455KB

.rdata Size: 92KB - Virtual size: 91KB

.data Size: 20KB - Virtual size: 26KB

.rsrc Size: 4KB - Virtual size: 248B

.text
Size: 456KB - Virtual size: 455KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 20KB - Virtual size: 26KB

.rsrc
Size: 4KB - Virtual size: 248B