1f7bd8a80ce3552296257181b2181b69

General

Target

1f7bd8a80ce3552296257181b2181b69
Size

509KB
MD5

1f7bd8a80ce3552296257181b2181b69
SHA1

a19a2293bdfee00fc329a5463a570ae8cb2cd330
SHA256

07b5ade240e2a04bf66060db814c39c65e610de4432268c5cb37458b7f886399
SHA512

ad9f90afeda99c662c2b7a57371bc83005c31257fc76567aadf8ab46a33ef54275fde046c66586af5440022a34a11b015d3aa97e8dabdfa6ab7b85df937820ab
SSDEEP

12288:mGV+Exu7SIcy+QQpM3p8+v6/SyXHxETG1RGG4RUIsT/c7ZO2:lgEMex/cm+vSBHxETWRGG4RUIH7b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f7bd8a80ce3552296257181b2181b69

Files

1f7bd8a80ce3552296257181b2181b69
.exe windows:5 windows x86 arch:x86

79e4411f48e736c9c086432a28c1cefb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ConvertStringSidToSidW
CreateServiceA
CryptGetHashParam
SetSecurityDescriptorGroup
LsaGetRemoteUserName
OpenSCManagerW
RegUnLoadKeyA
BuildSecurityDescriptorW
LsaRetrievePrivateData

kernel32

FillConsoleOutputAttribute
GetCommandLineA
GetModuleHandleA
FindNextVolumeMountPointW
IsBadStringPtrA
FindNextFileA
FlushConsoleInputBuffer
WriteConsoleA
GetLogicalDrives
WritePrivateProfileStructA
LocalReAlloc
GetStartupInfoA
SetConsoleTextAttribute
GlobalUnlock
VirtualProtect
FindFirstFileW
SetVDMCurrentDirectories

gdi32

GetCharacterPlacementA
UnrealizeObject
SetFontEnumeration
BRUSHOBJ_pvGetRbrush
EngCreateDeviceSurface

user32

DlgDirSelectExW
IsWindowEnabled
UnloadKeyboardLayout
SetWindowPlacement
CloseDesktop
GetClipboardFormatNameW
DdeQueryConvInfo
OemToCharBuffW

msvcrt

feof
_safe_fdiv
_strcmpi
strstr
fmod
_ismbcl0
_heapused
_controlfp
ungetwc
system

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79e4411f48e736c9c086432a28c1cefb

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

Sections

.text Size: 50KB - Virtual size: 50KB

.data Size: 5KB - Virtual size: 40KB

.rsrc Size: 1024B - Virtual size: 928B

.text
Size: 50KB - Virtual size: 50KB

.data
Size: 5KB - Virtual size: 40KB

.rsrc
Size: 1024B - Virtual size: 928B