1f89db82bc92bb4f490be2c658416968

Sharing

Copy URL Twitter E-mail

General

Target

1f89db82bc92bb4f490be2c658416968
Size

216KB
MD5

1f89db82bc92bb4f490be2c658416968
SHA1

1d16c4e9b87a0e42ad1c25dc54d513505ec2c548
SHA256

bcf841965893aa6ed57a742fc3f4995db58ed62cac63b67a6441aed7a0c66bff
SHA512

36925312a15f6d5f8fa59eb7d172418d5ce34626e30e82af72dc90b38f5f9d088f463f6129d3c5a30fe9cb822f0194ff84c0071af6a77a18088c84dca86a3aad
SSDEEP

6144:oItxogSWgawEHyuKRo560rNqQWe8m1LQd7LG6XOKsW:oItxlPhQNRo53r0S1LOXOKT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f89db82bc92bb4f490be2c658416968

Files

1f89db82bc92bb4f490be2c658416968
.exe windows:4 windows x86 arch:x86

f0291de02b0c8c7475394a83fe9fc8a5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateGuid
CoUninitialize
CoInitializeEx
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoTaskMemRealloc
CoCreateInstance

kernel32

DeleteCriticalSection
lstrcpyA
GetCurrentProcess
OpenProcess
GetExitCodeProcess
GetExitCodeThread
DuplicateHandle
CloseHandle
Sleep
GetProcAddress
CreateEventA
GetCurrentThreadId
GetCurrentProcessId
HeapAlloc
HeapFree
GetProcessHeap
ExitProcess
lstrlenA
GetWindowsDirectoryA
GetFileAttributesA
lstrcatA
CopyFileA
GetModuleFileNameA
DeleteFileA
WaitForSingleObject
CreateMutexA
ResumeThread
CreateThread
TerminateThread
FindResourceA
GetLocaleInfoA
lstrcpynA
LoadResource
InterlockedIncrement
InterlockedDecrement
GetSystemTimeAsFileTime
GetCommandLineA
SizeofResource
IsDBCSLeadByte
GetACP
MultiByteToWideChar
RaiseException
InterlockedExchange
GetLastError
SetLastError
GetThreadLocale
GetModuleHandleA
LoadLibraryExA
GetVersionExA
GlobalSize
GlobalAlloc
GlobalFree
CreateFileA
WriteFile
FindResourceExA
LockResource
LoadLibraryA
CreateDirectoryA
GetTempPathA
GetVolumeInformationA
GetLocalTime
GlobalDeleteAtom
GlobalAddAtomA
GlobalFindAtomA
GlobalGetAtomNameA
GetThreadContext
SetThreadContext
CreateProcessA
FlushInstructionCache
GetShortPathNameA
VirtualProtectEx
WriteProcessMemory
SetFilePointer
SetFileTime
ReadFile
GetFileTime
TerminateProcess
Process32First
Process32Next
CreateToolhelp32Snapshot
VirtualFree
VirtualAlloc
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
GetFileAttributesExA
GetStartupInfoA
VirtualProtect
GetSystemInfo
VirtualQuery
HeapReAlloc
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
IsBadWritePtr
HeapSize
GetOEMCP
GetCPInfo
RtlUnwind
GetStringTypeA
GetStringTypeW
QueryPerformanceCounter
LCMapStringA
LCMapStringW
SetStdHandle
FlushFileBuffers
LocalFree
EnterCriticalSection
lstrcmpiA
lstrlenW
LeaveCriticalSection
WideCharToMultiByte
InitializeCriticalSection
FreeLibrary
lstrcmpA
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetTickCount
VirtualFreeEx

user32

MsgWaitForMultipleObjects
CharNextA
TranslateMessage
GetMessageA
SetTimer
IsChild
KillTimer
IsWindowEnabled
SetWinEventHook
wsprintfA
EnumWindows
GetWindowLongA
GetDesktopWindow
IsWindowVisible
GetWindowModuleFileNameA
GetWindowThreadProcessId
wvsprintfA
DispatchMessageA

advapi32

AdjustTokenPrivileges
RegQueryValueExA
RegCloseKey
RegDeleteValueA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteKeyA
RegEnumKeyExA
RegCreateKeyExA
RegOpenKeyExA

oleaut32

VarBstrCat
SysAllocStringByteLen
SysStringLen
VarUI4FromStr
SysFreeString
VariantInit
VariantClear
SysStringByteLen
SysAllocString
SysAllocStringLen

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 88KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f0291de02b0c8c7475394a83fe9fc8a5

Headers

File Characteristics

Imports

ole32

kernel32

user32

advapi32

oleaut32

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 88KB - Virtual size: 98KB

.rsrc Size: 4KB - Virtual size: 512B

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 88KB - Virtual size: 98KB

.rsrc
Size: 4KB - Virtual size: 512B

.reloc
Size: 12KB - Virtual size: 9KB