1c1b64df88e01de0ee22fe97fa60cb31

Sharing

Copy URL

Twitter E-mail

General

Target

1c1b64df88e01de0ee22fe97fa60cb31
Size

70KB
MD5

1c1b64df88e01de0ee22fe97fa60cb31
SHA1

bb222d604c4b79261b395dffb75af8d00c42fac5
SHA256

f7beeebb648bbc8fabc5cf5e63ee74b642b3bd18f117f8eb3d1eaa8d66cf6a64
SHA512

047a1a2194e4164de0b69ca68dda4dd54cf0f0bdc098d9f2d33ca8e032bcd044a84915fe1564e46199efbefe7c6fe30eef75b3a5f578043a8144cc6f0bba5880
SSDEEP

1536:N3PEEftFT32itBOHreju0EaglyOm4ZDADA:N31+0alyABA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c1b64df88e01de0ee22fe97fa60cb31

Files

1c1b64df88e01de0ee22fe97fa60cb31
.exe windows:4 windows x86 arch:x86

234cd051a24190ae132905598c9168e0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiA
lstrlenA
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
lstrcpyA
WinExec
GetWindowsDirectoryA
DeleteFileA
CloseHandle
WriteFile
GetCurrentProcessId
lstrcatA
CreateFileA
ReadFile
GetFileSize
GetModuleFileNameA
CreateProcessA
CopyFileA
ExitProcess
Sleep
GetModuleHandleA
HeapAlloc
GetProcessHeap
HeapFree
GetProcAddress
LoadLibraryA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetCPInfo
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetTickCount
InterlockedExchange
GetOEMCP
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcess
TerminateProcess
IsBadWritePtr
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
GetStartupInfoA
GetCommandLineA
HeapCreate
VirtualFree

user32

DispatchMessageA
wsprintfA
SetTimer
RegisterClassA
CreateWindowExA
DefWindowProcA
GetMessageA
TranslateMessage
FindWindowA
SendMessageA

advapi32

RegOpenKeyA
RegDeleteValueA
RegCloseKey
ControlService
DeleteService
OpenSCManagerA
CreateServiceA
OpenServiceA
StartServiceA
CloseServiceHandle
RegQueryValueExA

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle

ws2_32

gethostbyname
inet_ntoa
WSAStartup

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

234cd051a24190ae132905598c9168e0

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wininet

ws2_32

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB