1d6fd2c21a555c19b244809b66e16711

Sharing

Copy URL

Twitter E-mail

General

Target

1d6fd2c21a555c19b244809b66e16711
Size

160KB
MD5

1d6fd2c21a555c19b244809b66e16711
SHA1

1595476bfb22a1b899254201af7c8437be874746
SHA256

fa4e871559819f4da3fc949b3722fd4d1ac5d51cfa66519cdb7f818bbd4568e5
SHA512

aa67fadb97ac90b8e03f53d748a1b15ee84625bc1b9738dae3fbbc6547a87c54755741af2f0a73b7ae005ed97422ac3d077b74c1fb32b27ee880db8365579b94
SSDEEP

3072:YTbuhFW5DEFXfi6oyg706SwG+7LYDnlpp+y7Nw5+BUjW5Qib:Y38WkKAgQ6SwG9DlCx+GjWi+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d6fd2c21a555c19b244809b66e16711

Files

1d6fd2c21a555c19b244809b66e16711
.exe .ps1 windows:2 windows x86 arch:x86 polyglot

f11baad6ffe83815827b4203029eaa32

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

QueryServiceConfigA
RegOpenKeyExW
WmiQueryAllDataA
MD5Final
EncryptFileW
RegSaveKeyW
AddAccessDeniedAceEx
WmiQueryAllDataMultipleA
SystemFunction018
SystemFunction034
RegCloseKey
LookupAccountSidA
LogonUserExA
LookupPrivilegeNameA
CredEnumerateA
ObjectDeleteAuditAlarmA
SetServiceObjectSecurity
LsaOpenTrustedDomain
ImpersonateLoggedOnUser
AllocateLocallyUniqueId
GetInformationCodeAuthzPolicyW
LsaGetQuotasForAccount
EqualSid
StartServiceA
SetAclInformation
ElfBackupEventLogFileW
WmiFileHandleToInstanceNameW
OpenEventLogA
IsValidSid
RegQueryValueExW
LogonUserA
NotifyBootConfigStatus
AccessCheckByTypeResultListAndAuditAlarmByHandleW
ReportEventA
SystemFunction041
SaferGetPolicyInformation
RegCreateKeyExW
SystemFunction040
LookupPrivilegeDisplayNameW
LsaQueryInfoTrustedDomain
TrusteeAccessToObjectA
LookupPrivilegeDisplayNameA
CredRenameW
CryptSetProvParam
RegCloseKey
GetAce
CreateProcessAsUserW
RegEnumValueW
ObjectOpenAuditAlarmW
AreAnyAccessesGranted
WmiSetSingleItemA
ProcessTrace
RevertToSelf
LsaQueryForestTrustInformation
ProcessIdleTasks
LsaOpenSecret
GetServiceDisplayNameA
LsaOpenPolicy
SaferComputeTokenFromLevel

winscard

SCardEndTransaction
SCardDisconnect
SCardBeginTransaction
SCardEstablishContext
SCardReleaseContext
SCardGetCardTypeProviderNameW
SCardListCardsW
SCardStatusW

kernel32

CreateRemoteThread
ReadFile
SetLocaleInfoA
Thread32Next
WriteConsoleOutputW
EnumResourceNamesA
WideCharToMultiByte
SetConsoleCursorInfo
GetCurrentProcessId
GetProcessHeap
UnlockFile
GetProcessHeaps
CreateFileMappingW
LCMapStringW
SetFilePointer
GetConsoleMode
GetTimeFormatA
WriteTapemark
EnumerateLocalComputerNamesA
QueryPerformanceCounter
HeapFree
SetConsoleCtrlHandler
GetNumaNodeProcessorMask
GetSystemInfo
GetOEMCP
SetLastError
CreateMutexA
QueryMemoryResourceNotification
GetACP
RaiseException
CopyFileA
GetLocaleInfoA
SystemTimeToTzSpecificLocalTime
SetErrorMode
GetProcessPriorityBoost
EnterCriticalSection
MoveFileWithProgressW
GetCPInfoExW
GetCPInfo
TlsSetValue
GetSystemTimeAdjustment
MultiByteToWideChar
GetComPlusPackageInstallStatus
GetVersionExA
GetStdHandle
DeleteCriticalSection
GetNamedPipeInfo
GetCurrencyFormatW
GetHandleInformation
SetThreadIdealProcessor
VirtualAllocEx
HeapCreate
InterlockedDecrement
FindFirstVolumeMountPointA
GetCurrentProcess
GetSystemWow64DirectoryA
GetACP
GetSystemTimeAsFileTime
FlushFileBuffers
TlsAlloc
SetUnhandledExceptionFilter
GetLogicalDriveStringsW
HeapReAlloc
TerminateProcess
GetStringTypeW
SetThreadAffinityMask
GetVolumeInformationA
VirtualFree
GetStringTypeA
GetFileType
FreeEnvironmentStringsW
WriteProfileSectionA
GetTickCount
ResetEvent
DeleteTimerQueueEx
CreateActCtxA
GetLastError
GetCurrentDirectoryW
IsProcessInJob
FreeEnvironmentStringsA
GetEnvironmentStringsW
VirtualQuery
RtlUnwind
SetTapePosition
LeaveCriticalSection
HeapDestroy
ExitProcess
GetLastError
UnhandledExceptionFilter
OpenFileMappingA
SetStdHandle
AttachConsole
WriteProfileStringA
OutputDebugStringA
GetCommandLineA
HeapAlloc
SetHandleCount
GlobalAddAtomA
GetStartupInfoA
InterlockedIncrement
CreateConsoleScreenBuffer
CloseHandle
LCMapStringA

ntdll

RtlNtStatusToDosError
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
RtlFreeAnsiString

comctl32

InitCommonControlsEx
CreatePropertySheetPageW

gdi32

DeleteObject
CreateFontIndirectW
GetDeviceCaps

user32

LoadCursorW
LoadStringW
SetCursor
PostMessageW
SystemParametersInfoW
GetForegroundWindow
MessageBoxW
SetFocus
GetWindowRect
GetDC
GetWindowTextW
DestroyCursor
GetSystemMetrics
SendMessageW
SetWindowTextW
ReleaseDC
EnableWindow
ShowWindow
SetWindowPos
SetWindowLongW

activeds

ReallocADsMem
AdsTypeToPropVariant
ADsFreeEnumerator

Sections

.AITzZ
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HtAP
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.D
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.zudB
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.KnsRL
Size: 1KB - Virtual size: 24KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.OFbk
Size: 3KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.YFak
Size: 3KB - Virtual size: 29KB

IMAGE_SCN_MEM_READ

.rsrc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f11baad6ffe83815827b4203029eaa32

Headers

File Characteristics

Imports

advapi32

winscard

kernel32

ntdll

comctl32

gdi32

user32

activeds

Sections

.AITzZ Size: 1KB - Virtual size: 1KB

.HtAP Size: 2KB - Virtual size: 1KB

.D Size: 1KB - Virtual size: 1KB

.zudB Size: 1024B - Virtual size: 963B

.text Size: 15KB - Virtual size: 14KB

.rdata Size: 6KB - Virtual size: 5KB

.KnsRL Size: 1KB - Virtual size: 24KB

.OFbk Size: 3KB - Virtual size: 23KB

.data Size: 9KB - Virtual size: 23KB

.YFak Size: 3KB - Virtual size: 29KB

.rsrc Size: 112KB - Virtual size: 112KB

.AITzZ
Size: 1KB - Virtual size: 1KB

.HtAP
Size: 2KB - Virtual size: 1KB

.D
Size: 1KB - Virtual size: 1KB

.zudB
Size: 1024B - Virtual size: 963B

.text
Size: 15KB - Virtual size: 14KB

.rdata
Size: 6KB - Virtual size: 5KB

.KnsRL
Size: 1KB - Virtual size: 24KB

.OFbk
Size: 3KB - Virtual size: 23KB

.data
Size: 9KB - Virtual size: 23KB

.YFak
Size: 3KB - Virtual size: 29KB

.rsrc
Size: 112KB - Virtual size: 112KB