1bac904a1d4f66753057ffcd9a031ae9

Sharing

Copy URL

Twitter E-mail

General

Target

1bac904a1d4f66753057ffcd9a031ae9
Size

251KB
MD5

1bac904a1d4f66753057ffcd9a031ae9
SHA1

00492c0b12cf0191d797ac87597c32aa4905d27e
SHA256

33b1eb87cedbc6b3af033c2db022b702a7531f9c390106114cb697511e6dd22e
SHA512

f557ee61d5074d03765f556d65be4f319348251a51eb394c78128a79c3c52fa9ef63b29572ff6335736f6358cb15d79c0bbfdeb1a5b3e63210d412394a49874c
SSDEEP

6144:k+ASSLIsklbzQ/P1aPDJNsR1LBLsj/9gzb7rRLc0e8fQIDiN:klBWY9qGL9+1ghLBqgiN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1bac904a1d4f66753057ffcd9a031ae9

Files

1bac904a1d4f66753057ffcd9a031ae9
.exe windows:4 windows x86 arch:x86

4685100073a119b8ac3678f38a1a30a4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winspool.drv

GetJobA
DeletePrinterConnectionA
GetPrinterA
OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

DeleteService
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
AllocateAndInitializeSid
FreeSid
OpenProcessToken
RegOpenKeyA
RegDeleteKeyA
RegCreateKeyExA
QueryServiceStatus
OpenThreadToken
OpenServiceA
OpenSCManagerA
LookupPrivilegeValueA
GetTokenInformation
SetServiceStatus
SetSecurityDescriptorDacl
SetEntriesInAclA
RegisterServiceCtrlHandlerA
RegSetValueExA
RegEnumKeyA
InitializeSecurityDescriptor
StartServiceCtrlDispatcherA

kernel32

ReadFile
HeapFree
SetEndOfFile
GetSystemTimeAsFileTime
GetCommandLineA
SetSystemPowerState
FormatMessageA
GetCPInfo
QueryPerformanceCounter
CreateFileA
GetVolumeInformationA
GetSystemTime
OpenProcess
GetVersionExA
GetModuleHandleA
GetDateFormatA
SizeofResource
DeviceIoControl
WaitForSingleObject
Sleep
GetTickCount
FreeLibrary
LoadLibraryA
GetProcAddress
GetProfileStringW
VirtualProtect
LoadLibraryExA
GetSystemInfo
ExpandEnvironmentStringsA
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
GetStartupInfoA
TlsAlloc
SetLastError
GetCurrentThreadId
GetLastError
TlsFree
TlsSetValue
TlsGetValue
CloseHandle
EnterCriticalSection
LeaveCriticalSection
WriteFile
SetFilePointer
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetLocaleInfoA
RtlUnwind
GetACP
GetOEMCP
SetStdHandle
FlushFileBuffers
InterlockedExchange
VirtualQuery
InitializeCriticalSection
HeapSize
GetCurrentProcessId
LCMapStringA
LCMapStringW

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4685100073a119b8ac3678f38a1a30a4

Headers

File Characteristics

Imports

winspool.drv

advapi32

kernel32

Sections

.text Size: 127KB - Virtual size: 126KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 87KB - Virtual size: 484KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 127KB - Virtual size: 126KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 87KB - Virtual size: 484KB

.reloc
Size: 9KB - Virtual size: 8KB