1f86fafda880e925a736f044b4a8c7de

Sharing

Copy URL Twitter E-mail

General

Target

1f86fafda880e925a736f044b4a8c7de
Size

28KB
MD5

1f86fafda880e925a736f044b4a8c7de
SHA1

aea6148751ffb2fe3061fa38bf23d2cc9a0837bd
SHA256

879c8933fdf070c3704aa43b612decb8343a974fa287aff0c9bb1a6b5316936b
SHA512

cf6ca3218318af3c9ea052f79664a7b8f621e576e0e880a062c19cf99821851f9b687c7e177a506e7f6e8336e02dbb489d47ee80c904c35057ea27ffb8566f1d
SSDEEP

768:1W885/5wL/np+vCpnXeFqLtg/Wugt4m6E:ELY/piCpnXeoy/Wt4m6E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f86fafda880e925a736f044b4a8c7de

Files

1f86fafda880e925a736f044b4a8c7de
.dll windows:4 windows x86 arch:x86

aa52ddf609c122b8296865124939f940

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord6282
ord823
ord858
ord5807
ord5204
ord3229
ord939
ord6663
ord6877
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord6385
ord2976
ord3830
ord3831
ord3825
ord6283
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord6467
ord5442
ord5572
ord2915
ord4277
ord4278
ord922
ord924
ord4203
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord5356
ord5353
ord6059
ord860
ord941
ord537
ord389
ord1228
ord1988
ord690
ord2764
ord4129
ord926
ord3663
ord3613
ord3126
ord350
ord3616
ord3127
ord5651
ord354
ord5186
ord3318
ord2818
ord535
ord5207
ord6869
ord1979
ord3079
ord665
ord825
ord540
ord3081
ord800
ord1116

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
sprintf
atoi
memset
time
__CxxFrameHandler
_CxxThrowException
rand
srand
free
fclose
strncpy
wcstombs
_mbscmp
strcpy
fopen
strlen
malloc
fread
fwrite

kernel32

LocalFree
lstrcatA
GetPrivateProfileStringA
CreateProcessA
WaitForSingleObject
WritePrivateProfileStringA
GetPrivateProfileIntA
GetLocalTime
GetWindowsDirectoryA
lstrlenA
GetTempPathA
GetTempFileNameA
lstrcpyA
DeleteFileA
MoveFileA
GetTickCount
MoveFileExA
Sleep
LocalAlloc

advapi32

CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
CryptEncrypt

wininet

InternetGetConnectedState

shlwapi

PathIsURLA
PathFindFileNameA

iphlpapi

GetAdaptersInfo

Exports

Exports

DoWork
ServiceMain

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa52ddf609c122b8296865124939f940

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

advapi32

wininet

shlwapi

iphlpapi

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 1KB - Virtual size: 5KB

.rsrc Size: 1024B - Virtual size: 824B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 1KB - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 2KB - Virtual size: 1KB