1f450ef2d800b06009fd13ae2d6b4946

Sharing

Copy URL

Twitter E-mail

General

Target

1f450ef2d800b06009fd13ae2d6b4946
Size

326KB
MD5

1f450ef2d800b06009fd13ae2d6b4946
SHA1

d631cb28e3cb34b9913d8eef6133d96576afd75d
SHA256

bd2f791b30572571fef8f7aaf18c0b67c1e0e0d6f98088194210c44a4c1cfdfc
SHA512

711731fda4aca6edfd5f5537d3ad0adf2151e781566af00fd530232836816691f7e68cff44dcb1dfdc9105b4a902408df7daa69442828ded73187e633668ba8d
SSDEEP

6144:lyD+GvtFzoxGtUv23ozjncYBFcmgWx6nHjWW6E5xjfo6tiuY9Xcrr43vsC:lyyGVFzEhv2A7JPzgWxzWc9u2P/7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f450ef2d800b06009fd13ae2d6b4946

Files

1f450ef2d800b06009fd13ae2d6b4946
.exe windows:5 windows x86 arch:x86

6555595062873d0842ff0c1be73f2bf4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
GlobalFree
lstrcmpiW
GetModuleHandleW
IsBadHugeReadPtr
GlobalHandle
LocalHandle
GlobalMemoryStatusEx
LocalLock
HeapAlloc
GetFileAttributesW
QueryPerformanceFrequency
GetDiskFreeSpaceW
GetProcessHeap
MulDiv
GetCurrentThread
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenW
FreeLibrary
WaitForSingleObject
IsBadCodePtr
IsBadReadPtr
LoadLibraryW
GetModuleFileNameW
GetProcAddress
DeleteFileW
GlobalReAlloc
SetEvent
WriteFile
DisableThreadLibraryCalls
GlobalAlloc
GetOverlappedResult
IsBadWritePtr
GetVersionExW
LocalUnlock
IsBadStringPtrW
CreateFileW
SleepEx
HeapFree
GetFullPathNameW
CreateEventW
MultiByteToWideChar
Sleep
GlobalLock
lstrcpyA
lstrlenA
GetACP
GetFileSize
CreateThread
CloseHandle
GetSystemInfo
GetPrivateProfileStringW
GetCurrentThreadId
lstrcpynW
GetLastError
VirtualFree
lstrcatW
GetLocalTime
GetThreadPriority
lstrcpyW
lstrcatA
WideCharToMultiByte
SetThreadPriority
InitializeCriticalSection
VirtualAlloc
QueryPerformanceCounter
LocalFree
GlobalUnlock

msvfw32

ICSeqCompressFrame
DrawDibDraw
DrawDibRealize
ICSeqCompressFrameStart
DrawDibClose
DrawDibOpen
ICSeqCompressFrameEnd
DrawDibGetPalette
ICCompressorChoose
ICCompressorFree
DrawDibBegin
ICImageDecompress

secur32

QuerySecurityContextToken

gdi32

CreatePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
DeleteObject
GetStockObject
SelectObject
RealizePalette
GetDeviceCaps
GetDCOrgEx
SetWindowOrgEx
SelectPalette
GetClipBox
PatBlt
GetObjectW

ntdll

memmove
_ftol
NtAllocateVirtualMemory

winmm

mmioFlush
SendDriverMessage
waveInOpen
waveInPrepareHeader
waveInReset
CloseDriver
waveInAddBuffer
mmioWrite
waveInStop
OpenDriver
mmioRead
mmioDescend
waveOutGetNumDevs
mmioSeek
timeGetTime
mmioAscend
waveInUnprepareHeader
mmioClose
mmioOpenW
mmioCreateChunk
mciSendStringW
waveInStart
waveInClose

advapi32

RegOpenKeyA
RegEnumKeyW
RegCreateKeyW
RegQueryValueExA
RegOpenKeyW
RegCloseKey
RegQueryValueExW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

BeginPaint
wsprintfA
SetTimer
EmptyClipboard
GetAsyncKeyState
LoadCursorW
SetWindowLongW
GetClassInfoW
GetParent
ClientToScreen
CreateWindowExW
SetCursor
MessageBeep
GetClientRect
GetWindowLongW
DefWindowProcW
SetRect
PostMessageW
CloseClipboard
IsWindow
wvsprintfW
EndPaint
ReleaseDC
RegisterClassW
SendMessageW
MessageBoxW
EqualRect
GetClipboardData
UpdateWindow
LoadStringA
DispatchMessageW
OpenClipboard
GetDC
TranslateMessage
GetMessageW
KillTimer
InvalidateRect
PeekMessageW
LoadStringW
MsgWaitForMultipleObjects
SetClipboardData
wsprintfW

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6555595062873d0842ff0c1be73f2bf4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvfw32

secur32

gdi32

ntdll

winmm

advapi32

version

user32

Sections

.text Size: 137KB - Virtual size: 137KB

.data Size: 6KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 74KB - Virtual size: 73KB

.rsrc Size: 107KB - Virtual size: 106KB

.text
Size: 137KB - Virtual size: 137KB

.data
Size: 6KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 74KB - Virtual size: 73KB

.rsrc
Size: 107KB - Virtual size: 106KB