1d78811b3e642bb8115cb50ec2774e50

Sharing

Copy URL Twitter E-mail

General

Target

1d78811b3e642bb8115cb50ec2774e50
Size

432KB
MD5

1d78811b3e642bb8115cb50ec2774e50
SHA1

12c430a862d41f54fc55b9e505715813eee81682
SHA256

8843256d6b78a0134c322ea49aa64e745ce8643371f65d19dcef5077120eae7a
SHA512

a98dded17dabad3651c14b3f3333a5d609bd2271cd9bd661b02a6647ef6d63c7d0b2c83ae556f5d4a5260cec09a1e35d750c41bf51fe84c68a57b6f5d63ef84f
SSDEEP

12288:AN9XafibbLNNfBvWunmsO+1GBScXNuz5:g9X5cuq+11ak

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d78811b3e642bb8115cb50ec2774e50

Files

1d78811b3e642bb8115cb50ec2774e50
.exe windows:4 windows x86 arch:x86

ec6fa032f479fddf1f65ace5fa4917df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapDestroy
IsValidLocale
LCMapStringW
VirtualFree
GetProcAddress
LeaveCriticalSection
HeapReAlloc
WriteFile
FreeEnvironmentStringsW
GetUserDefaultLCID
GetCurrentProcessId
HeapAlloc
CompareStringA
GetLocaleInfoA
TlsFree
GetModuleHandleA
SetConsoleCtrlHandler
GetCurrentThread
GetMailslotInfo
TlsAlloc
GetOEMCP
InterlockedIncrement
GetACP
InterlockedDecrement
SetLastError
SetEnvironmentVariableA
GetTimeFormatA
VirtualProtect
SetConsoleTitleW
ExitProcess
GetTickCount
FormatMessageW
IsDebuggerPresent
HeapFree
GetEnvironmentStrings
GetModuleFileNameA
HeapSize
LoadLibraryA
QueryPerformanceCounter
GetDateFormatA
VirtualAlloc
MultiByteToWideChar
FreeLibrary
VirtualQuery
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
RtlUnwind
GetEnvironmentStringsW
GetLocaleInfoW
GetStdHandle
TlsGetValue
OpenEventW
LCMapStringA
GetCPInfo
GetSystemTimeAsFileTime
GetFileType
EnterCriticalSection
GetPrivateProfileStructA
GetLastError
GetModuleHandleW
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
CompareStringW
GetStartupInfoA
TlsSetValue
GetLongPathNameW
IsValidCodePage
WideCharToMultiByte
GetStringTypeW
GetStringTypeA
InterlockedExchange
HeapCreate
GetTimeZoneInformation
GetCommandLineA
Sleep
FreeEnvironmentStringsA
EnumSystemLocalesA
SetHandleCount

advapi32

CryptExportKey
CryptGetKeyParam
GetUserNameA
RegFlushKey
RegReplaceKeyA
CryptEnumProviderTypesA
CryptGetDefaultProviderA
RegConnectRegistryW
RegEnumValueW
CryptDuplicateKey
CryptVerifySignatureA
CryptDeriveKey
RegEnumKeyW
CryptEnumProviderTypesW
RegLoadKeyW
RegQueryValueW
LookupAccountNameA

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 274KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec6fa032f479fddf1f65ace5fa4917df

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 140KB - Virtual size: 139KB

.data Size: 274KB - Virtual size: 298KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 140KB - Virtual size: 139KB

.data
Size: 274KB - Virtual size: 298KB

.rsrc
Size: 16KB - Virtual size: 16KB