1eb3390d1fc4a26a92b8b8b89a2b3e1e

General

Target

1eb3390d1fc4a26a92b8b8b89a2b3e1e
Size

1.9MB
MD5

1eb3390d1fc4a26a92b8b8b89a2b3e1e
SHA1

d32ca03a235ef354a02e4dad636b1aa42e97cf83
SHA256

46a14b9c59b2379100372027b21351098f30b2c8617f72d34b228d565e895c80
SHA512

fe9554f370ce4bab36c4c0d6975761b591531f7a8bc22eac450fbe6ad6bbe64999f34b9c6c44ac2ee652df94efd9480d3e4daba9621a3f8fc8f1862800076221
SSDEEP

49152:unnRicI/OacR5TzMhyBOnLJy2IFrs6UJ:SfHtKA2IFrs6UJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1eb3390d1fc4a26a92b8b8b89a2b3e1e

Files

1eb3390d1fc4a26a92b8b8b89a2b3e1e
.exe windows:4 windows x86 arch:x86

8c7f80ec19dfdf5b3d0aa7cd65cbcb06

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetIpAddrTable

setupapi

CM_Get_Sibling
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

shell32

SHGetFolderPathW

newdev

UpdateDriverForPlugAndPlayDevicesW

shlwapi

StrCmpNIA
StrStrA

kernel32

Sleep
GlobalAlloc
WideCharToMultiByte
CreateMutexA
VirtualFree
GetProcAddress
CreateFileW
LoadLibraryA
AddAtomA
FindResourceA
EnterCriticalSection
GetProcessHeap
GetTickCount
WaitForMultipleObjects
GetSystemInfo
SetThreadPriority
LoadResource
IsBadReadPtr
ReleaseMutex
GetExitCodeThread
GetCurrentThreadId
GetSystemTime
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentThread
InterlockedDecrement
IsBadWritePtr
EnumResourceTypesA
InterlockedIncrement
LeaveCriticalSection
DisableThreadLibraryCalls
LoadLibraryW
VirtualAlloc
GetThreadPriority
GetModuleFileNameA
ResetEvent
GetCurrentProcessId
GetPrivateProfileStructA
HeapFree
FreeLibrary
ReleaseSemaphore
MultiByteToWideChar
lstrlenA
GetLastError
TerminateThread
CreateSemaphoreA
LockResource
ExitProcess

Sections

.text
Size: 904KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1022KB - Virtual size: 1021KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c7f80ec19dfdf5b3d0aa7cd65cbcb06

Headers

File Characteristics

Imports

iphlpapi

setupapi

shell32

newdev

shlwapi

kernel32

Sections

.text Size: 904KB - Virtual size: 4.1MB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1022KB - Virtual size: 1021KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 904KB - Virtual size: 4.1MB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1022KB - Virtual size: 1021KB

.rsrc
Size: 512B - Virtual size: 4KB