1d9811e856c7167c6a2443471077418d

Sharing

Copy URL

Twitter E-mail

General

Target

1d9811e856c7167c6a2443471077418d
Size

293KB
MD5

1d9811e856c7167c6a2443471077418d
SHA1

88bcb6382fb42866dbc58322a9a38f695a6285c2
SHA256

48a0e8ae68442b5a86c314fc1d5c1e5bbc0c3df7b59420645d89345bf80698c2
SHA512

1f79e7ef238bdf9d8d6078a3101bf7f279a8bf1f57b1b6bc90a49d1be1c0e2b68480ca545d7882f1986b7a87a1954d0ec763915b594e91cccce2d6e534767e8a
SSDEEP

6144:YNwYOYeJpZ15X/wVaTM86j0XaFGLcNYvE26SMM6glM9cOeWbOmEx:0OYeJ/cETYj0XasINjhKMnJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d9811e856c7167c6a2443471077418d

Files

1d9811e856c7167c6a2443471077418d
.exe windows:4 windows x86 arch:x86

8841a306ef53b5d87d6da058a9cab09c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnhandledExceptionFilter
HeapFree
SetThreadLocale
GetSystemTimeAsFileTime
LockResource
GetACP
GetThreadLocale
FormatMessageW
HeapDestroy
lstrlenW
FindResourceExW
RaiseException
GetProcessHeap
SetUnhandledExceptionFilter
HeapSize
IsDebuggerPresent
HeapReAlloc
DeleteCriticalSection
FindResourceW
EnterCriticalSection
CloseHandle
LoadResource
SizeofResource
GetCurrentThreadId
LeaveCriticalSection
HeapAlloc
HeapCreate
VirtualAllocEx

ole32

CoImpersonateClient
CoCreateInstance
CoRevertToSelf

oleaut32

SafeArrayGetVartype
SafeArrayRedim
VarBstrCat
VariantCopy
SafeArrayCreate
SysAllocStringLen
SafeArrayUnlock
SafeArrayDestroy
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SafeArrayGetLBound
VariantInit
VariantCopyInd
SysStringLen
LoadRegTypeLi
SafeArrayLock
SafeArrayGetUBound
LoadTypeLi
SafeArrayCopy
VariantClear
SysAllocString
VarBstrCmp

advapi32

LookupAccountSidW
CopySid
GetLengthSid
GetTokenInformation
EqualSid
ConvertStringSidToSidW
OpenProcessToken
IsValidSid
OpenThreadToken

user32

UnregisterClassA
wsprintfW

userenv

UnloadUserProfile

rtm

RtmCloseEnumerationHandle
RtmEnumerateGetNextRoute
CheckTable
MgmDeInitialize
RtmInsertInRouteList
RtmReleaseEntities
MgmDeRegisterMProtocol
RtmAddRouteToDest
RtmRegisterClient
RtmLockRoute
RtmDeleteRouteToDest
RtmDeleteNextHop

fontext

DllCanUnloadNow

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 261KB - Virtual size: 650KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8841a306ef53b5d87d6da058a9cab09c

Headers

File Characteristics

Imports

kernel32

ole32

oleaut32

advapi32

user32

userenv

rtm

fontext

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 261KB - Virtual size: 650KB

.rsrc Size: 4KB - Virtual size: 10KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 261KB - Virtual size: 650KB

.rsrc
Size: 4KB - Virtual size: 10KB