1ecd0c0fd5231f89a94995e8f36186b5

Sharing

Copy URL

Twitter E-mail

General

Target

1ecd0c0fd5231f89a94995e8f36186b5
Size

86KB
MD5

1ecd0c0fd5231f89a94995e8f36186b5
SHA1

7c888868c0b95937ea0e87a000aeb41ac12036fb
SHA256

7de46eff3c688e8a7cbd7a2c8c81149a856b802b09940fe9ff561ec578677dd8
SHA512

b601e8621bb7abfffd32b998ab5a96f42fc6f08b82a9f2a7775123981c28f8b9281315e70f313f90797b02bbbc82f9e9eaafca6d806ccc0f4fc7c0402495b6ec
SSDEEP

1536:c0PgVhodfFfAGP5MH0kv/TVDQhKODlCWZgp5cl:c0PgOfFI8Gb3A7yp5cl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ecd0c0fd5231f89a94995e8f36186b5

Files

1ecd0c0fd5231f89a94995e8f36186b5
.exe windows:5 windows x86 arch:x86

173800344e214837c10cb5c803066296

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
gethostbyname
WSACleanup
inet_ntoa
connect
socket
sendto
ioctlsocket
inet_addr
closesocket
recv
select
send
htons

shell32

ShellExecuteA

user32

FindWindowA
CloseClipboard
SetClipboardData
EmptyClipboard
keybd_event
SetForegroundWindow
SetFocus
ShowWindow
VkKeyScanA
OpenClipboard
wsprintfA

kernel32

FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
HeapSize
GetConsoleMode
GetConsoleCP
SetFilePointer
RtlUnwind
GetCurrentProcessId
Sleep
CreateThread
CloseHandle
CreateProcessA
ExpandEnvironmentStringsA
GetModuleFileNameA
GetModuleHandleA
GetLastError
CreateMutexA
SetErrorMode
TerminateProcess
OpenProcess
CopyFileA
SetFileAttributesA
GetFileAttributesA
lstrcmpiA
GetTempPathA
WriteFile
CreateFileA
GetLocaleInfoA
GetTickCount
ExitThread
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenA
CreateDirectoryA
lstrcatA
GetDriveTypeA
GetLogicalDriveStringsA
HeapCreate
GetProcessHeap
RaiseException
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ResumeThread
GetModuleHandleW
GetProcAddress
HeapAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapFree
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysAllocString
VariantInit
VariantClear

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameA

shlwapi

PathRemoveFileSpecA

urlmon

URLDownloadToFileA

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

173800344e214837c10cb5c803066296

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

shell32

user32

kernel32

advapi32

ole32

oleaut32

psapi

shlwapi

urlmon

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 5KB - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 436B

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 5KB - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 436B