1fa6acd75aad81c744457ed6bcfcfca4

Sharing

Copy URL Twitter E-mail

General

Target

1fa6acd75aad81c744457ed6bcfcfca4
Size

525KB
MD5

1fa6acd75aad81c744457ed6bcfcfca4
SHA1

e968db0507dd322a6fc4f2da4903f63d048b21d9
SHA256

1ad9b3242397c2a31ab3d3042090b2bd91c949a4f987246332732c7795b06744
SHA512

669d30466ba5509c1d36e870c2eabeb93e5aa59c73b9506f792f6b9d69bb7f66d9ae8be44e76ca7d4d0a32764ecb98cce3b4b23f604d602f83d098e60211bd5e
SSDEEP

12288:FFcKdlDoXz1WQa21OevjGm5PfmZTfp/L7ygxRFqz8I0+:LcwoXBaYOevjHP+ZN/LOm7qYIl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1fa6acd75aad81c744457ed6bcfcfca4

Files

1fa6acd75aad81c744457ed6bcfcfca4
.exe windows:4 windows x86 arch:x86

410743e057d444145f75ffe7b54a8551

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptContextAddRef
AbortSystemShutdownA
CryptDeriveKey
RegSaveKeyW
CryptGetHashParam
CryptExportKey
CryptSignHashA
CryptVerifySignatureA
LookupAccountNameA
RegEnumValueA
CryptHashSessionKey

comctl32

InitCommonControlsEx

user32

GetWindowModuleFileNameA
FlashWindow
CreateWindowStationW
SetUserObjectInformationW
SubtractRect
EnumDisplaySettingsW
RegisterClassExA
EnumWindowStationsA
LoadStringW
GetMenuItemCount
ReleaseDC
GetUserObjectSecurity
EndDeferWindowPos
SetMenuItemInfoA
DdeReconnect
GetDlgItemTextW
CreatePopupMenu
RegisterClassA
MessageBoxIndirectA
DrawFocusRect

comdlg32

GetFileTitleA
FindTextA
GetSaveFileNameA
ReplaceTextW

kernel32

GetModuleFileNameA
CreateMutexA
GetCurrentThread
ReadFile
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
UnmapViewOfFile
LeaveCriticalSection
CloseHandle
HeapSize
IsDebuggerPresent
CreateWaitableTimerA
TlsAlloc
FreeLibrary
WriteConsoleW
FreeEnvironmentStringsA
GetStartupInfoA
LCMapStringW
Sleep
SetStdHandle
HeapReAlloc
TerminateProcess
InterlockedExchange
GetUserDefaultLCID
GetConsoleCP
SetLastError
OpenMutexA
LCMapStringA
TlsFree
GetLastError
HeapCreate
CreateEventA
GetConsoleMode
VirtualFree
SetHandleCount
GetModuleHandleA
IsValidLocale
GetConsoleOutputCP
InterlockedDecrement
GetEnvironmentStringsW
SetEnvironmentVariableA
InterlockedIncrement
GetCurrentProcess
DeleteCriticalSection
UnhandledExceptionFilter
GetStdHandle
GetCommandLineA
GetEnvironmentStrings
GetOEMCP
TlsGetValue
MultiByteToWideChar
GetProcAddress
GetCurrentThreadId
GetTickCount
HeapFree
TlsSetValue
FreeEnvironmentStringsW
ExitProcess
SetUnhandledExceptionFilter
GetCPInfo
CompareStringA
GetDateFormatA
VirtualAlloc
LoadLibraryA
VirtualQuery
WriteFile
EnumSystemLocalesA
CompareStringW
GetFullPathNameW
GetFileType
lstrcmpA
WriteProfileStringW
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetTimeFormatA
GetLocaleInfoW
LoadLibraryExW
GetLocaleInfoA
WideCharToMultiByte
HeapDestroy
IsValidCodePage
MapViewOfFileEx
GetStartupInfoW
WriteConsoleA
GetTimeZoneInformation
QueryPerformanceCounter
GetModuleHandleW
GetStringTypeW
RtlUnwind
FlushFileBuffers
CreateFileA
GetProcAddress
SetConsoleCtrlHandler
GetThreadPriorityBoost
GetStringTypeA
GetACP

Sections

.text
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

410743e057d444145f75ffe7b54a8551

Headers

File Characteristics

Imports

advapi32

comctl32

user32

comdlg32

kernel32

Sections

.text Size: 190KB - Virtual size: 189KB

.rdata Size: 10KB - Virtual size: 22KB

.data Size: 313KB - Virtual size: 312KB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 190KB - Virtual size: 189KB

.rdata
Size: 10KB - Virtual size: 22KB

.data
Size: 313KB - Virtual size: 312KB

.rsrc
Size: 11KB - Virtual size: 11KB