1c572c2e4cb5878e55ecce6ff414a4c9

Sharing

Copy URL Twitter E-mail

General

Target

1c572c2e4cb5878e55ecce6ff414a4c9
Size

294KB
MD5

1c572c2e4cb5878e55ecce6ff414a4c9
SHA1

c0c2ac3b11a0b3dea95de05fcf1dcd7af189bed1
SHA256

33fe60c1bfeba2b90b3d8d7a7b1de241bb7fc448695fc37872199a520ccfe293
SHA512

d77a30168ca90756a634e1bd987b03fc7e556639ce16331b53e69628c10371584309f0f3f5efc3e0ce82af9ca794eb7b6d6bd7e3cf87a81900c37ead1e710b2c
SSDEEP

6144:ipQCd1au9KZBXD7Bp3A4JwQzVKINYtYpeRrBaS8dt:ipQyau9KbfBpw3QzVKINI/r8S8d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c572c2e4cb5878e55ecce6ff414a4c9

Files

1c572c2e4cb5878e55ecce6ff414a4c9
.exe windows:4 windows x86 arch:x86

e814f6caefb67615e11a1e3d0d9ba5b0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PeekMessageW
TranslateMessage
FindWindowExW
GetClassNameW
GetWindowThreadProcessId
DispatchMessageW
MsgWaitForMultipleObjectsEx
GetWindowLongW

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHCreateDirectoryExW

ole32

CoUninitialize
CoInitializeEx
StringFromGUID2
CoCreateInstance
CoCreateGuid
OleRun

psapi

GetModuleFileNameExW
EnumProcessModules

shlwapi

PathRemoveFileSpecW
StrCmpW
StrStrIA
PathFileExistsW
SHDeleteEmptyKeyW

kernel32

SetThreadPriority
UnhandledExceptionFilter
ExpandEnvironmentStringsW
SizeofResource
OpenProcess
LockResource
WideCharToMultiByte
FormatMessageW
LoadLibraryExW
OpenFileMappingW
GetSystemTimeAsFileTime
HeapFree
GetTempFileNameW
ResumeThread
TerminateThread
IsDebuggerPresent
DeleteFileW
CloseHandle
WaitForMultipleObjects
ReleaseMutex
GetTempPathW
GlobalFree
SetLastError
LoadResource
WaitForSingleObject
CreateFileMappingW
CreateThread
RaiseException
GlobalAlloc
FindResourceW
GetCurrentThreadId
EnterCriticalSection
HeapDestroy
HeapReAlloc
lstrlenA
GlobalLock
GlobalUnlock
GetModuleHandleW
FindClose
FindNextFileW
CreateEventW
SetFilePointer
LeaveCriticalSection
FindFirstFileW
HeapAlloc
GetFileSize
MapViewOfFile
SetUnhandledExceptionFilter
CreateFileW
GetSystemInfo
GetProcessHeap
QueryPerformanceFrequency
UnmapViewOfFile
lstrcpyW
OpenMutexW
VirtualQuery
FreeLibrary
OpenEventW
FindResourceExW
CreateMutexW
OutputDebugStringW
DeleteCriticalSection
HeapSize
ResetEvent
WriteFile
lstrlenW
GetLocalTime
LocalAlloc
CreateDirectoryW
LocalFree
InitializeCriticalSectionAndSpinCount
CompareFileTime
VirtualAlloc

oleaut32

SysStringLen
VarUdateFromDate
SysFreeString
SysStringByteLen
VarCmp
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysAllocString

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

advapi32

RegOpenKeyExW
FreeSid
SetNamedSecurityInfoW
RegOpenKeyW
RegQueryInfoKeyW
RegSetValueExW
InitializeSecurityDescriptor
RegEnumKeyW
GetSidSubAuthority
GetSidSubAuthorityCount
GetLengthSid
RegCloseKey
SetSecurityDescriptorSacl
CryptReleaseContext
InitializeAcl
GetNamedSecurityInfoW
GetAce
RegDeleteValueW
RegCreateKeyExW
SetEntriesInAclW
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupAccountNameW
ConvertSidToStringSidW
RegEnumKeyExW
RegEnumValueW
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetUserNameW
CryptAcquireContextW
GetSidIdentifierAuthority
CryptGenRandom
RegDeleteKeyW
RegQueryValueExW
GetAclInformation
AddAce
AllocateAndInitializeSid
AddAccessAllowedAce

mapi32

ord75
ord17
ord185
ord135
ord11
ord45
ord140

esent

JetOpenTable
JetFreeBuffer
JetOpenDatabase
JetGetObjectInfo
JetCreateIndex
JetBeginSession
JetGetTableIndexInfo
JetCloseDatabase
JetTerm
JetAttachDatabase
JetSetIndexRange
JetSetCurrentIndex
JetCommitTransaction
JetMove
JetSeek
JetGetInstanceInfo
JetSetSystemParameter
JetBeginTransaction
JetEndSession
JetCreateInstance
JetMakeKey
JetInit
JetGetTableColumnInfo
JetRetrieveColumn
JetDetachDatabase
JetCloseTable

comctl32

CreateStatusWindow
ImageList_GetImageCount
CreateUpDownControl
ImageList_EndDrag
ImageList_DragMove
ImageList_Destroy
CreateStatusWindowW
ImageList_GetImageRect

loadperf

RestorePerfRegistryFromFileW

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 256KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e814f6caefb67615e11a1e3d0d9ba5b0

Headers

File Characteristics

Imports

user32

shell32

ole32

psapi

shlwapi

kernel32

oleaut32

version

advapi32

mapi32

esent

comctl32

loadperf

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 256KB - Virtual size: 274KB

.rsrc Size: 15KB - Virtual size: 118KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 256KB - Virtual size: 274KB

.rsrc
Size: 15KB - Virtual size: 118KB