1fbf8137c1220b13f65bb9dac8b62e69

Sharing

Copy URL

Twitter E-mail

General

Target

1fbf8137c1220b13f65bb9dac8b62e69
Size

190KB
MD5

1fbf8137c1220b13f65bb9dac8b62e69
SHA1

371682188b87a514aa9e9f2b8c48182344d2e1df
SHA256

ec888bce30481fa495fe08d0735af15251fb61a2f16d6524112f57d2de1d64af
SHA512

2def856b15aa3649967cd33bd3296b62927968b2b18c015136b7c05971cbf11377d2aaa5e996106c1b3e8ebc80ebc71bfe71a2587d1a0f2721012454a29aa3a4
SSDEEP

3072:bhTOeyOfei4mRtiuEcXHQjAygScco7EdpJcJTJscjufQ5d2lBH+9aq5MmC:NlDfeiPt5BQMURFAJ7H5d2lx9q5ZC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1fbf8137c1220b13f65bb9dac8b62e69

Files

1fbf8137c1220b13f65bb9dac8b62e69
.exe windows:4 windows x86 arch:x86

2c9e6419c5ebd6a2364f6321cad8a850

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW

user32

GetClassLongW
GetPropW
CreateWindowExW
InvalidateRect
SendDlgItemMessageA
CharUpperW
WinHelpW
RemovePropW
InvalidateRgn
RegisterWindowMessageW
CharNextW
SetPropW
GetNextDlgGroupItem
GetNextDlgTabItem
IsRectEmpty
GetClassInfoExW
MessageBeep
CopyAcceleratorTableW
SetRect
DestroyMenu

advapi32

RegCloseKey
RegOpenKeyW
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyW
RegSetValueExW
RegQueryValueExW

oleacc

LresultFromObject
CreateStdAccessibleObject

gdi32

SetViewportOrgEx
OffsetViewportOrgEx
GetMapMode
ScaleWindowExtEx
TextOutW
DeleteDC
ExtSelectClipRgn
ScaleViewportExtEx
GetTextColor
PtVisible
GetDeviceCaps
GetStockObject
RectVisible
ExtTextOutW
SelectObject
GetBkColor
SetWindowExtEx
Escape
GetRgnBox

ole32

CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
CoGetClassObject
StgOpenStorageOnILockBytes
OleFlushClipboard
CoTaskMemAlloc
CLSIDFromProgID
CoCreateInstance
OleInitialize
CoRevokeClassObject
CoFreeUnusedLibraries
OleUninitialize
OleIsCurrentClipboard
CoTaskMemFree
CoUninitialize
CreateILockBytesOnHGlobal
CoInitialize
CLSIDFromString

kernel32

GetCalendarInfoW
GetSystemDefaultLangID
LocalFileTimeToFileTime
FindClose
MultiByteToWideChar
MoveFileW
GetCurrentProcessId
GetThreadContext
GetFileAttributesW
WideCharToMultiByte
InterlockedDecrement
SystemTimeToFileTime
SetFilePointer
GetLocaleInfoW
SetFileTime
LoadLibraryW
ConvertDefaultLocale
DeleteFileW
EnumResourceNamesA
GetModuleFileNameW
FindFirstFileW
ReadFile
EnumResourceLanguagesW
ExitProcess
GetCurrentDirectoryW
RemoveDirectoryW
WriteFile
CreateFileW
CreateDirectoryW
lstrcpyW
FindNextFileW
GetVersion
GetProcAddress

shlwapi

PathStripToRootW
PathFileExistsW
PathFindFileNameW
PathFindExtensionW
PathRemoveFileSpecW
PathIsUNCW
PathAppendW

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c9e6419c5ebd6a2364f6321cad8a850

Headers

File Characteristics

Imports

shell32

user32

advapi32

oleacc

gdi32

ole32

kernel32

shlwapi

Sections

.text Size: 108KB - Virtual size: 108KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 76KB - Virtual size: 76KB

.edata Size: 1024B - Virtual size: 112KB

.text
Size: 108KB - Virtual size: 108KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 76KB - Virtual size: 76KB

.edata
Size: 1024B - Virtual size: 112KB