01ec980eefb52c397090c056a9750046

Sharing

Copy URL

Twitter E-mail

General

Target

01ec980eefb52c397090c056a9750046
Size

240KB
MD5

01ec980eefb52c397090c056a9750046
SHA1

a46b271d96183f2ce6cc11f9525ec982ebcd3b1a
SHA256

bdd11d08ab41c7aaaf6398a12a2aaac21b1254a8d6140aa7fc6405e802be8a62
SHA512

bce48d4859b177d24cdcbf9afb308660a8ab1988fc6ae56157bea2d6506e4eadb57b56ae157ca64e5ff7b3cb041f15127a9ac06126916470161175dcc7346143
SSDEEP

6144:gLdRE99cd91iZb3aztAwz3KnIgRqYBldcSKBK7Po:gLdRE99cDAZb3AtAwTKnLRflaSK87

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

01ec980eefb52c397090c056a9750046

resource
01ec980eefb52c397090c056a9750046

Files

01ec980eefb52c397090c056a9750046
.exe windows:5 windows x86 arch:x86

c1169b8c26f97338bc6519f35b7970aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAUnhookBlockingHook
closesocket
accept

kernel32

SetLastError
GetCurrentThreadId
InterlockedDecrement
RaiseException
RtlUnwind
WriteFile
GetStdHandle
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
GetCPInfo
InterlockedIncrement
GetOEMCP
IsValidCodePage
MultiByteToWideChar
CompareStringW
SetEnvironmentVariableA
HeapSize
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
WideCharToMultiByte
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapReAlloc
VirtualAlloc
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
HeapCreate
GetStartupInfoA
GetSystemTimeAsFileTime
HeapFree
lstrlenA
ContinueDebugEvent
ReadProcessMemory
GetModuleFileNameW
lstrlenW
WriteProcessMemory
FreeEnvironmentStringsA
GetCurrentProcess
IsDebuggerPresent
FindNextChangeNotification
GetModuleHandleA
TerminateProcess
UnlockFile
lstrcmpiA
Sleep
CompareStringA
IsBadStringPtrA
FlushConsoleInputBuffer
GetCommandLineA
IsBadCodePtr
FlushInstructionCache
LoadLibraryA
GetProcAddress
IsBadWritePtr
GetModuleFileNameA
lstrcpyA
CreateMutexA
GetLastError
CreateIoCompletionPort
lstrcmpA
lstrcatA
FindNextVolumeMountPointW
IsBadReadPtr
ExitProcess
GetACP

user32

ShowScrollBar
DrawAnimatedRects
ToAsciiEx
keybd_event
GetActiveWindow
GetClassWord
VkKeyScanExA
DrawMenuBar
EndDialog
DialogBoxParamA
MessageBoxA
EnableScrollBar
UserHandleGrantAccess
ValidateRect
DlgDirListComboBoxA
ValidateRgn
SetWindowsHookW
GetAsyncKeyState
AttachThreadInput
DestroyCaret
ArrangeIconicWindows
DrawIcon
GetClipCursor
DrawFocusRect
GetAltTabInfoA
DestroyMenu
UnhookWindowsHook
GetClassNameA
VkKeyScanW
AllowSetForegroundWindow

gdi32

GetWindowOrgEx
GetPixel
GetLogColorSpaceW
SaveDC
SetTextJustification
CreateCompatibleDC
GetTextMetricsA
GetRandomRgn
SetGraphicsMode
GetTextExtentExPointI
SetPaletteEntries
SetDIBitsToDevice
GetWinMetaFileBits
BeginPath
SetWorldTransform
SetICMProfileW
GetTextExtentExPointW
ColorCorrectPalette
GetRasterizerCaps
ColorMatchToTarget
StartDocW
SetArcDirection
CreateEnhMetaFileW
GetMiterLimit
OffsetWindowOrgEx
GetKerningPairsA
GetNearestPaletteIndex
RemoveFontMemResourceEx
GetNearestColor
SelectClipPath
SetViewportExtEx
SetColorSpace
PolyBezier
ScaleViewportExtEx
GetObjectW
RemoveFontResourceExW
CheckColorsInGamut
SetROP2
GetOutlineTextMetricsA
SetPixel
PlayMetaFile
CreateDiscardableBitmap
RoundRect
IntersectClipRect
UpdateICMRegKeyW
GetStockObject
CancelDC
SetMapperFlags
SetMetaRgn
GetICMProfileA
SetWindowExtEx
AbortPath
StrokePath
GetPath
PaintRgn
SetICMProfileA
Rectangle
BitBlt
ResetDCW

shell32

SHGetFileInfoA

ole32

CoInitialize

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1169b8c26f97338bc6519f35b7970aa

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

shell32

ole32

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 141KB - Virtual size: 141KB

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 141KB - Virtual size: 141KB