1f0bfcb4e456abcbc2e8c2b26c768a71

Sharing

Copy URL Twitter E-mail

General

Target

1f0bfcb4e456abcbc2e8c2b26c768a71
Size

831KB
MD5

1f0bfcb4e456abcbc2e8c2b26c768a71
SHA1

154b3f844a7edd2e0858b63cd95188d5e086ad57
SHA256

42fcbf2dee791b38d887cb86c5e76889844e6ccb3e1752b57c9ac96f6ba155d3
SHA512

4b912cfb8a26c17e1fefda45f0dd5eed008691090409e3eeeeb6f99ae757ae02d2ac5156581342c1bed7a4792d96066b31bc228d21e8b0b9f8315cbc2f706d8b
SSDEEP

12288:a5hUsh+wpxJnBYnPgNek7DNjn7NgFUZOEeqXMRxnpRnwwu7pTOoBcovh91nwp:a4sUwpLenKLtjZg8ePl+3BcoH1wp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f0bfcb4e456abcbc2e8c2b26c768a71

Files

1f0bfcb4e456abcbc2e8c2b26c768a71
.exe windows:5 windows x86 arch:x86

07cab2d4433c2a1950c454f41e3b5b3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

DdEntry12
GdiResetDCEMF
OffsetRgn
GdiEntry4
GetTextMetricsW
DdEntry53
EngCopyBits
GetTextFaceW
DescribePixelFormat
XLATEOBJ_iXlate
GdiConvertRegion
ClearBitmapAttributes
FontIsLinked
SetBkMode
ExtCreateRegion
PolyTextOutW
SetRectRgn
GdiInitSpool
XLATEOBJ_piVector
GetCurrentPositionEx
FixBrushOrgEx
DdEntry26
GdiGetLocalBrush
GdiGetPageCount
DeleteObject
RemoveFontResourceW
SetViewportOrgEx
PlgBlt
StartFormPage
GetCharABCWidthsA

msdart

?ReadLock@CSpinLock@@QAEXXZ
?sm_dblDfltSpinAdjFctr@CSmallSpinLock@@1NA
?_CmpExch@CReaderWriterLock@@AAE_NJJ@Z
?IsWriteUnlocked@CReaderWriterLock2@@QBE_NXZ
??0CSingleList@@QAE@XZ
??1CSingleList@@QAE@XZ
??4CLockedDoubleList@@QAEAAV0@ABV0@@Z
?ConvertExclusiveToShared@CReaderWriterLock2@@QAEXXZ
?IsWriteLocked@CReaderWriterLock2@@QBE_NXZ
?SetTableLockSpinCount@CLKRHashTable@@QAEXG@Z
?WriteLock@CLKRLinearHashTable@@QAEXXZ
?GetDefaultSpinAdjustmentFactor@CReaderWriterLock2@@SGNXZ
?SetTableLockSpinCount@CLKRLinearHashTable@@QAEXG@Z
?TryWriteLock@CFakeLock@@QAE_NXZ
?IsReadUnlocked@CCritSec@@QBE_NXZ
?IsUsable@CLKRHashTable@@QBE_NXZ
?InitializeVersionInfo@CMdVersionInfo@@CAHXZ
?WriteUnlock@CLKRLinearHashTable@@QBEXXZ
?_CmpExch@CReaderWriterLock3@@AAE_NJJ@Z
MpHeapFree
?ConvertSharedToExclusive@CCritSec@@QAEXXZ
?_CalcKeyHash@CLKRLinearHashTable@@ABEKK@Z
??0CReaderWriterLock3@@QAE@XZ
?IsReadLocked@CLKRHashTable@@QBE_NXZ
?sm_wDefaultSpinCount@CReaderWriterLock@@1GA

kernel32

ConvertThreadToFiber
CreateWaitableTimerA
LoadLibraryW
SetLastError
BuildCommDCBW
GetCurrentDirectoryW
HeapCreate
CreateProcessInternalW
SetProcessWorkingSetSize
GetProcAddress
NlsGetCacheUpdateCount
BackupWrite

inetcomm

MimeOleEncodeHeader
MimeOleFileTimeToInetDate
MimeOleGenerateCID
MimeOleCreateByteStream
MimeOleSMimeCapsFromDlg
MimeEditGetBackgroundImageUrl
HrGetLastOpenFileDirectory
MimeOleGetCodePageCharset
HrFreeAttachData
MimeOleGetPropW
CreateSMTPTransport

odbccr32

SQLFetchScroll
SQLGetInfo
SQLSetConnectAttr
SQLGetData
SQLParamOptions
SQLSetScrollOptions
SQLFetch
SQLCancel
SQLTransact
SQLBindCol
SQLSetStmtOption
SQLMoreResults
SQLPrepare
SQLSetPos
SQLCloseCursor
SQLFreeHandle
SQLExecDirect
SQLSetDescRec
SQLNativeSql
SQLGetStmtOption
SQLRowCount
SQLParamData
SQLBindParameter
SQLSetDescField
SQLGetDescRec
ReleaseCLStmtResources
SQLEndTran
SQLExtendedFetch

pdh

PdhCollectQueryData
PdhTranslate009CounterA
PdhCollectQueryDataEx
PdhSetLogSetRunID
PdhVbIsGoodStatus
PdhVbOpenQuery
PdhGetDefaultPerfCounterA
PdhParseInstanceNameW

ntdll

RtlFreeThreadActivationContextStack
iswalpha
RtlImageNtHeader
RtlWalkHeap
ZwAdjustPrivilegesToken
ZwTraceEvent
_wcsnicmp
NtInitiatePowerAction
RtlUpcaseUnicodeStringToAnsiString
ZwQueryMultipleValueKey
ZwRaiseException
RtlDestroyEnvironment
NtCreateKey
strpbrk
RtlAbsoluteToSelfRelativeSD
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlUnicodeToCustomCPN

keymgr

DllMain
PRShowRestoreWizardW
PRShowSaveWizardExW
PRShowRestoreWizardExW
KRShowKeyMgr
PRShowSaveFromMsginaW
CPlApplet
PRShowRestoreFromMsginaW

Sections

.text
Size: 349KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 181KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07cab2d4433c2a1950c454f41e3b5b3f

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

msdart

kernel32

inetcomm

odbccr32

pdh

ntdll

keymgr

Sections

.text Size: 349KB - Virtual size: 348KB

.rdata Size: 91KB - Virtual size: 91KB

.data Size: 181KB - Virtual size: 1.6MB

.rsrc Size: 207KB - Virtual size: 207KB

.reloc Size: 1024B - Virtual size: 860B

.text
Size: 349KB - Virtual size: 348KB

.rdata
Size: 91KB - Virtual size: 91KB

.data
Size: 181KB - Virtual size: 1.6MB

.rsrc
Size: 207KB - Virtual size: 207KB

.reloc
Size: 1024B - Virtual size: 860B