1ef620cbc8dd37998129e472fab62cc5

Sharing

Copy URL Twitter E-mail

General

Target

1ef620cbc8dd37998129e472fab62cc5
Size

831KB
MD5

1ef620cbc8dd37998129e472fab62cc5
SHA1

f60eddab8201599cf6d6927c8facc741d8aa99ee
SHA256

21b194453d9a32dacb8fa4cad4cdf7886a81ef89f0525e4b16cf99b01285b19b
SHA512

36b528856b3d9ae8ba4891d2bb827ca02d9c9ced0a453c7b78cc0a9c4844e64959495c3e6e9ca789bb1694844479eb055bec77e258bbf1ea2b6ce22f18fbeac5
SSDEEP

12288:MXyYzJMhoOtTaSgvRCVO0zYtjK2bQE413CmXVZREI5nif0mGniiPgBMrLG:MCojO1gsJ2/41tjEIEfpGiiPgBKLG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ef620cbc8dd37998129e472fab62cc5

Files

1ef620cbc8dd37998129e472fab62cc5
.exe windows:5 windows x86 arch:x86

5bceea429298937db96a0281ad24e248

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

StringFromGUID2
CoLoadLibrary
HMENU_UserFree
CoGetMarshalSizeMax
CoRegisterMessageFilter
StgConvertPropertyToVariant
WriteFmtUserTypeStg
OleFlushClipboard
UpdateDCOMSettings
CLIPFORMAT_UserSize
CoSuspendClassObjects
WriteStringStream
OleCreateEx
HMENU_UserSize
CoAddRefServerProcess
CreatePointerMoniker
BindMoniker
OleConvertOLESTREAMToIStorage
IsValidPtrIn
CoQueryProxyBlanket
CoDeactivateObject
HMETAFILE_UserMarshal
CLIPFORMAT_UserUnmarshal
CoGetComCatalog
OleCreateDefaultHandler
CoTreatAsClass
HBRUSH_UserSize
CoIsHandlerConnected

kernel32

ProcessIdToSessionId
SearchPathA
WriteConsoleInputVDMW
LoadLibraryA
GetEnvironmentStrings
GetCPInfoExW
GetProfileIntA
CompareStringW
FatalExit
ExitProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleAliasExesLengthA
_lopen
SetHandleInformation
RegisterConsoleVDM
GetHandleInformation
EnumDateFormatsExA
InterlockedIncrement
CreateMemoryResourceNotification
LocalAlloc
IsWow64Process
GetModuleHandleA
BuildCommDCBAndTimeoutsW
GetStringTypeExW
VirtualAlloc
QueueUserWorkItem
HeapAlloc
RemoveDirectoryW
GetDriveTypeA
SetEnvironmentVariableW

apphelp

ApphelpFixMsiPackageExe
ApphelpUpdateCacheEntry
SdbCloseDatabase
ApphelpFreeFileAttributes
SdbGetTagDataSize
SdbReadBYTETag
SdbGetDatabaseVersion
ApphelpCheckIME
ApphelpCheckMsiPackage
SdbUnregisterDatabase
SdbQueryDataEx
ApphelpGetFileAttributes
SdbGrabMatchingInfoEx
SdbReadWORDTagRef
ApphelpCheckInstallShieldPackage
SdbQueryData
ApphelpCheckExe
SdbReadDWORDTag
SdbTagIDToTagRef
SdbReadStringTagRef
ApphelpShowDialog
SdbOpenApphelpInformation
SdbFindFirstMsiPackage_Str
SdbGetDatabaseID
SdbGetMsiPackageInformation
SdbReadMsiTransformInfo
SdbTagRefToTagID
SdbRegisterDatabase
ApphelpCheckShellObject
ShimDumpCache
SdbGetEntryFlags
SdbResolveDatabase

ntdll

_aullrem
RtlGetFullPathName_U
ZwQueryMutant
ZwSecureConnectPort
NtAdjustGroupsToken
ZwCreateThread
CsrGetProcessId
RtlAddAtomToAtomTable
NtAddAtom
RtlLargeIntegerToChar
NtStartProfile
ZwCreateMailslotFile
RtlDoesFileExists_U
RtlAddAuditAccessObjectAce
ZwCreatePagingFile
LdrFindEntryForAddress
RtlQueryProcessDebugInformation
RtlGetElementGenericTable
_strlwr
NtFlushVirtualMemory
ZwSetDefaultUILanguage
NtQueryEaFile
RtlApplicationVerifierStop
RtlAssert
RtlStartRXact
sqrt
ZwSetIoCompletion
RtlEraseUnicodeString
RtlAnsiCharToUnicodeChar
NtQueryDefaultUILanguage
NtSetHighWaitLowEventPair
NtPlugPlayControl
RtlGetLengthWithoutTrailingPathSeperators
NtDuplicateObject
ZwOpenIoCompletion
NtTerminateJobObject
__iscsymf
RtlCreateAcl
ZwQueryKey
NtCreatePagingFile
DbgUiStopDebugging
ZwQueryQuotaInformationFile
NtDebugContinue
ZwSaveKeyEx
RtlUnwind
NtSaveKeyEx
RtlZeroHeap
ZwSetValueKey
LdrShutdownProcess
ZwSetVolumeInformationFile
NtMakeTemporaryObject
RtlUnicodeToMultiByteSize
NtOpenIoCompletion
NtYieldExecution
RtlEnumerateGenericTableWithoutSplayingAvl
RtlSetUserValueHeap
DbgUiRemoteBreakin
RtlMapSecurityErrorToNtStatus
NtSetInformationThread
ZwProtectVirtualMemory
ZwOpenKey

Sections

.text
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 164KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5bceea429298937db96a0281ad24e248

Headers

DLL Characteristics

File Characteristics

Imports

ole32

kernel32

apphelp

ntdll

Sections

.text Size: 356KB - Virtual size: 355KB

.rdata Size: 106KB - Virtual size: 106KB

.data Size: 164KB - Virtual size: 1.6MB

.rsrc Size: 202KB - Virtual size: 201KB

.reloc Size: 1024B - Virtual size: 1016B

.text
Size: 356KB - Virtual size: 355KB

.rdata
Size: 106KB - Virtual size: 106KB

.data
Size: 164KB - Virtual size: 1.6MB

.rsrc
Size: 202KB - Virtual size: 201KB

.reloc
Size: 1024B - Virtual size: 1016B