1d7adbcaf936a9d31c98d638eedcbf51

General

Target

1d7adbcaf936a9d31c98d638eedcbf51
Size

70KB
MD5

1d7adbcaf936a9d31c98d638eedcbf51
SHA1

4bba846d8414732e538ddea415218c214f3c4d78
SHA256

15ca6a260d141f6c345e919408096272492905e7dabfe1e7944a6617d16c9772
SHA512

369f9ae9b28a077d86f6cd7de3382d844d192b27fef30abca4f16519b3d1f68c111bc12db0487212d0df3390fbd2e8b9018b9ff15e1b979a15924081f02815d7
SSDEEP

1536:s3nq90+QVZ3CxVfLZha6D6MNLS+gc65g4:p90+SCxVfLfDNNLZgcs1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d7adbcaf936a9d31c98d638eedcbf51

Files

1d7adbcaf936a9d31c98d638eedcbf51
.dll windows:4 windows x86 arch:x86

cce4e7b61d2ca58d197a14b8115c4b00

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Process32Next
Process32First
CreateToolhelp32Snapshot
Sleep
ExitThread
TerminateThread
DeleteFileA
CreateMailslotA
GetModuleFileNameA
GetLastError
SetFilePointer
GetModuleHandleA
GetProcAddress
WaitForMultipleObjects
GetVersionExA
OpenProcess
lstrcpyA
lstrcatA
SetEvent
WaitForSingleObject
IsBadReadPtr
ReadFile
SetEndOfFile
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
LoadLibraryA
ReleaseMutex
GetModuleHandleW
CreateEventA
CreateMutexW
MultiByteToWideChar
CreateThread
FindClose
FindNextFileA
FindFirstFileA
lstrcmpA
ResetEvent
CompareStringA
lstrlenA
GetSystemDirectoryA
CreateDirectoryA
GetTickCount
GetTempFileNameA
GetFileAttributesA
CreateFileA
WriteFile
CloseHandle

user32

wsprintfA
FindWindowA

gdi32

SelectObject

advapi32

RegOpenCurrentUser
CryptDeriveKey
CryptEncrypt
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
RegNotifyChangeKeyValue
RegCreateKeyExA
RegSetValueExA
CreateProcessAsUserA
InitializeSecurityDescriptor
CryptCreateHash
CryptHashData
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RevertToSelf
CryptAcquireContextA
CryptDecrypt

iphlpapi

GetAdaptersInfo

shell32

SHGetFolderPathA

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cce4e7b61d2ca58d197a14b8115c4b00

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

iphlpapi

shell32

Sections

.text Size: 61KB - Virtual size: 61KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 61KB - Virtual size: 61KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB