1f8423b16f16627d184b6d0971bb4557

Sharing

Copy URL

Twitter E-mail

General

Target

1f8423b16f16627d184b6d0971bb4557
Size

581KB
MD5

1f8423b16f16627d184b6d0971bb4557
SHA1

215edab7adb39f51567732e011c7d010bce31887
SHA256

6a4c6b4a0d6791217bf3c9f7e1a2db6f97f1733d25f6a0feb641bfceee0d47f3
SHA512

e63ad9b285be8202392d37088f65f16c7a7c6563a0c2fe7aaf49e24cfb84fd81c86303ffecd888e3c1f2a8ef45681ef67690791290f20b5495c35292d74916c4
SSDEEP

12288:eezOsTqYe/St0y/gxzwEhUgtCW1acsTDxg3W1OGhxoqBKC:ePG/tQ9hUdWsDZEWMGrGC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f8423b16f16627d184b6d0971bb4557

Files

1f8423b16f16627d184b6d0971bb4557
.exe windows:4 windows x86 arch:x86

0ca3284742aaadf730ae15cd6ca84640

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExA
CryptContextAddRef
LogonUserW
RegDeleteKeyW
RegRestoreKeyW
StartServiceW
LookupPrivilegeNameW
CryptEnumProvidersW
LookupSecurityDescriptorPartsW
RegQueryInfoKeyW
RegReplaceKeyW
CreateServiceA
RegEnumKeyExA
CryptHashSessionKey
CreateServiceW
CryptDuplicateKey
CryptSetProvParam
CryptImportKey

wininet

FtpGetFileSize
FtpRenameFileA
FtpCommandW
InternetQueryFortezzaStatus
InternetGetCertByURL

user32

ShowScrollBar
GetWindowRect
SendIMEMessageExA
GetWindowDC
CreateMenu
GetMenu
SetWindowsHookA
SetWindowTextA
SetMenu
RegisterClassA
ReplyMessage
ShowWindowAsync
OemToCharW
IsWindowVisible
TranslateAcceleratorA
SystemParametersInfoW
SetWindowTextW
CreateMDIWindowW
WaitMessage
RegisterClassExA

comdlg32

ReplaceTextW

kernel32

lstrlenA
HeapReAlloc
GetCurrentThread
SetHandleCount
DebugBreak
GetConsoleMode
GetTimeFormatA
GetTickCount
GetLastError
GetEnvironmentStrings
GetStringTypeA
GetDiskFreeSpaceExA
WriteFile
IsDebuggerPresent
GetCommandLineW
CompareStringW
AddAtomW
VirtualFree
RtlUnwind
IsValidLocale
CompareStringA
GetTimeZoneInformation
HeapAlloc
IsValidCodePage
GetLocaleInfoA
GetModuleHandleA
ReadFile
GetEnvironmentStringsW
IsBadReadPtr
RaiseException
TlsFree
SetUnhandledExceptionFilter
LCMapStringW
FlushFileBuffers
GetProcessHeap
OpenMutexA
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
SetStdHandle
InterlockedDecrement
InterlockedExchange
WriteConsoleW
VirtualQuery
WriteConsoleA
SetEnvironmentVariableA
FreeEnvironmentStringsA
HeapCreate
ExitProcess
CreateMutexA
LoadLibraryW
WideCharToMultiByte
LCMapStringA
TerminateProcess
GetDateFormatA
EnumSystemLocalesA
SetFilePointer
GetModuleFileNameA
QueryPerformanceCounter
GetProcAddress
GetSystemTimeAsFileTime
HeapValidate
OutputDebugStringW
GetPrivateProfileStructW
InterlockedIncrement
GetACP
lstrcatA
CreateFileA
UnhandledExceptionFilter
GetCurrentThreadId
GetUserDefaultLCID
GetVersionExA
LoadLibraryA
MultiByteToWideChar
GetConsoleOutputCP
VirtualAlloc
FindResourceA
HeapDestroy
SetComputerNameA
GetModuleFileNameW
GetConsoleCP
GetCPInfo
GetStartupInfoW
GetStringTypeW
GetCommandLineA
SetConsoleCtrlHandler
DeleteCriticalSection
TlsGetValue
TlsAlloc
OpenMutexW
InitializeCriticalSection
LeaveCriticalSection
OutputDebugStringA
EnterCriticalSection
GetStdHandle
GetFileType
GetOEMCP
CloseHandle
GetLocaleInfoW
FileTimeToLocalFileTime
TlsSetValue
GetStartupInfoA
HeapFree
SetLastError
FreeEnvironmentStringsW

gdi32

SetMagicColors
PolyDraw
SetMetaRgn
GetObjectW
GetStretchBltMode
EnumFontFamiliesExA
GetEnhMetaFileHeader
GetPath
CopyEnhMetaFileA
CreateMetaFileA
TextOutA
CreatePen

comctl32

InitCommonControlsEx

Sections

.text
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ca3284742aaadf730ae15cd6ca84640

Headers

File Characteristics

Imports

advapi32

wininet

user32

comdlg32

kernel32

gdi32

comctl32

Sections

.text Size: 314KB - Virtual size: 314KB

.rdata Size: 47KB - Virtual size: 54KB

.data Size: 209KB - Virtual size: 208KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 314KB - Virtual size: 314KB

.rdata
Size: 47KB - Virtual size: 54KB

.data
Size: 209KB - Virtual size: 208KB

.rsrc
Size: 9KB - Virtual size: 8KB