1b658feab1c9e0e580024f7c84ea0b13

Sharing

Copy URL

Twitter E-mail

General

Target

1b658feab1c9e0e580024f7c84ea0b13
Size

200KB
MD5

1b658feab1c9e0e580024f7c84ea0b13
SHA1

06599984d5eb47ec97bbd475e3f87136a34b59e0
SHA256

4231dc0530e50a439378ef19e6c8d8d1bf8b9d1869cbca920adc51a61927e860
SHA512

69df2789e56a1abe6c85ce67876fb43d0784f10632abc1b11a92f662e65d4bace1753f80bfe2688b81133cdb1a0d0eaf94e489838db08a93075fbb539c73d8c6
SSDEEP

6144:gl/7lRZep85Wpj1PQSTrPhlNRT2He3jnq:k/7oJpj1/r5W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b658feab1c9e0e580024f7c84ea0b13

Files

1b658feab1c9e0e580024f7c84ea0b13
.exe windows:3 windows x86 arch:x86

917d0739c97cdbaaab12c232b0446bd2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__set_app_type
_controlfp
_initterm
__getmainargs
_acmdln
exit
_cexit
__setusermatherr
_XcptFilter
_exit
_c_exit
wcscpy
_wcsicmp
free
malloc

advapi32

RegOpenKeyExA
RegQueryValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
AllocateAndInitializeSid
FreeSid
OpenThreadToken
OpenProcessToken
GetTokenInformation
CheckTokenMembership
OpenEventLogW
ReadEventLogA

kernel32

lstrlenW
GetSystemWindowsDirectoryW
LocalFree
LocalAlloc
GetCurrentProcess
GetLastError
GetCurrentThread
CloseHandle
lstrcmpiW
WaitForMultipleObjects
OpenEventW
CreateEventW
SetEvent
CreateMutexW
SetLastError
GetCommandLineW
GetWindowsDirectoryW
lstrcmpW
ExitProcess
GetVersionExW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
GetStartupInfoA
lstrcatW
GetNumberFormatW
lstrcpyW
VirtualAlloc

gdi32

CreateFontIndirectW
CreatePenIndirect
SetTextColor
BitBlt
SetBkColor
CreateSolidBrush
CreateCompatibleDC
SetMapMode
TextOutW
GetTextMetricsW
SetBkMode
RealizePalette
SelectPalette
GetObjectW
StretchBlt
CreateBitmap
DeleteDC
CreateRoundRectRgn
SelectObject
Polyline
DeleteObject

user32

FindWindowW
MapVirtualKeyW
GetAsyncKeyState
SetTimer
SendMessageW
EndDialog
LoadStringW
EnableWindow
MessageBoxW
DialogBoxParamW
IsWindow
GetKeyboardLayout
GetWindowThreadProcessId
wsprintfW
CheckDlgButton
GetClientRect
DestroyWindow
InvalidateRect
WinHelpW
GetKeyboardType
SetClassLongW
RegisterClassW
LoadCursorW
CreateWindowExW
GetSystemMetrics
SetWindowPos
SetWindowLongW
GetKeyState
wsprintfA
DrawIconEx
LoadImageW
SetWindowRgn
ToUnicodeEx
LoadIconW
GetWindowLongW
GetSysColor
ReleaseDC
GetDC
MapVirtualKeyExW
CloseDesktop
GetUserObjectInformationW
OpenDesktopW
OpenInputDesktop
PostMessageW
SetThreadDesktop
GetThreadDesktop
EndPaint
BeginPaint
DefWindowProcW
SetProcessWindowStation
OpenWindowStationW
GetProcessWindowStation
CloseWindowStation
MoveWindow
GetDesktopWindow
GetWindowRect
AllowSetForegroundWindow
SetForegroundWindow
GetForegroundWindow
ShowWindow
IsIconic
DispatchMessageW
TranslateMessage
GetMessageW
UpdateWindow
RegisterWindowMessageW
KillTimer
EnableMenuItem
CheckMenuRadioItem
CheckMenuItem
ReleaseCapture
SetCapture
SetCursor
ChildWindowFromPointEx
ScreenToClient
GetCursorPos
PostQuitMessage
SendInput
ActivateKeyboardLayout

comdlg32

ChooseFontW

winmm

PlaySoundW

shell32

ShellExecuteW

ole32

CoUninitialize
CoInitialize

msi

MsiSourceListSetInfoW
MsiCreateTransformSummaryInfoA
MsiViewGetColumnInfo
MsiGetProductCodeFromPackageCodeA
MsiProcessAdvertiseScriptW
MsiQueryComponentStateA
MsiSetInstallLevel
MsiOpenDatabaseW
MsiViewGetErrorA
MsiRecordGetStringA
MsiGetPropertyW
MsiDoActionA
MsiCreateTransformSummaryInfoW
MsiCreateRecord
MsiReinstallFeatureFromDescriptorA
MsiGetFeatureValidStatesW
MsiExtractPatchXMLDataA
MsiViewFetch
MsiDatabaseOpenViewW
MsiSourceListGetInfoA
MsiAdvertiseProductExA
MsiGetProductPropertyA
MsiGetFileSignatureInformationA
MsiEnumPatchesA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.yKZxx
Size: 2KB - Virtual size: 45KB

IMAGE_SCN_MEM_READ

.uM
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CBP
Size: 1KB - Virtual size: 35KB

IMAGE_SCN_MEM_READ

.p
Size: 3KB - Virtual size: 22KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

917d0739c97cdbaaab12c232b0446bd2

Headers

File Characteristics

Imports

msvcrt

advapi32

kernel32

gdi32

user32

comdlg32

winmm

shell32

ole32

msi

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 5KB - Virtual size: 5KB

.yKZxx Size: 2KB - Virtual size: 45KB

.uM Size: 3KB - Virtual size: 9KB

.data Size: 12KB - Virtual size: 1.2MB

.CBP Size: 1KB - Virtual size: 35KB

.p Size: 3KB - Virtual size: 22KB

.rsrc Size: 154KB - Virtual size: 154KB

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 5KB - Virtual size: 5KB

.yKZxx
Size: 2KB - Virtual size: 45KB

.uM
Size: 3KB - Virtual size: 9KB

.data
Size: 12KB - Virtual size: 1.2MB

.CBP
Size: 1KB - Virtual size: 35KB

.p
Size: 3KB - Virtual size: 22KB

.rsrc
Size: 154KB - Virtual size: 154KB