01f1977c174c18c0bd9e66e0fe1ff30e

Sharing

Copy URL

Twitter E-mail

General

Target

01f1977c174c18c0bd9e66e0fe1ff30e
Size

199KB
MD5

01f1977c174c18c0bd9e66e0fe1ff30e
SHA1

d2d07b942255343944c8616fd00cbde4c5d8a205
SHA256

1d00016cfd4814dc843ed7195ea03cfbf619608493f72a8a128713f11debc202
SHA512

819948165b7885140e11af03b55922a6b1f9ca78d44e100d659fadec9eedc456534e9a3b2d488a1ae35376cf31c3aaabff7f90adf07cd458089200734ae9f751
SSDEEP

6144:8ZmwgF+Ylq4Ve8zyAtcYBuz+KSAOha2Twz:+mD+Ylq4Vewtzuz+rUz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01f1977c174c18c0bd9e66e0fe1ff30e

Files

01f1977c174c18c0bd9e66e0fe1ff30e
.exe windows:6 windows x86 arch:x86

e41349b20004c839918b10ac32de213c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLogicalDrives
MultiByteToWideChar
WideCharToMultiByte
CreateMutexA
OpenMutexA
GetQueuedCompletionStatus
WaitForSingleObject
PostQueuedCompletionStatus
GetSystemInfo
CreateThread
CreateIoCompletionPort
HeapSize
ReadConsoleW
SetStdHandle
FindClose
FindNextFileW
FindFirstFileW
MoveFileExW
SetFilePointerEx
CloseHandle
GetLastError
CreateFileW
SetEndOfFile
GetProcessHeap
WriteFile
GetFileSizeEx
ReadFile
Sleep
GetModuleHandleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
HeapReAlloc
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetProcAddress
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
FreeLibrary
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
WriteConsoleW

user32

LoadStringW

advapi32

CryptImportKey
CryptDecrypt
CryptEncrypt
CryptAcquireContextW
CryptDestroyKey
CryptReleaseContext

crypt32

CryptStringToBinaryA

mpr

WNetGetConnectionW

iphlpapi

IcmpCloseHandle
GetAdaptersInfo
IcmpCreateFile
IcmpSendEcho

netapi32

NetShareEnum
NetDfsEnum
NetApiBufferFree

ws2_32

WSAStartup
inet_addr
htons
getnameinfo
WSACleanup

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e41349b20004c839918b10ac32de213c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

crypt32

mpr

iphlpapi

netapi32

ws2_32

Sections

.text Size: 124KB - Virtual size: 123KB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 3KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 124KB - Virtual size: 123KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 8KB