1ebfd58562bbedc21f80ac2614721e47

Sharing

Copy URL Twitter E-mail

General

Target

1ebfd58562bbedc21f80ac2614721e47
Size

564KB
MD5

1ebfd58562bbedc21f80ac2614721e47
SHA1

af1c9c7b6676fd241eb24af5ed922a034001e1cd
SHA256

225ac8d93ecd34ac59901b28dd798ffb115a019f16d4afd9b3693b9fc6482041
SHA512

bea3f5b315311d330fa0f0c68c8a2e0a9bb8b1ff66461aefde85f9122fc1ac14c893c472ba47ce7cfd20d3278bb1a26edeaf9ae65ab251b8c42c12d7ffe86100
SSDEEP

12288:DU5S41C2j+HU0gVpgERRU+z1wDVpnych0fh9LmRmhrLu+XeD6MrXXVmQ0NI:QTj+HUTRaywDjnZh0fguG+XyTXVT0NI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ebfd58562bbedc21f80ac2614721e47

Files

1ebfd58562bbedc21f80ac2614721e47
.exe windows:4 windows x86 arch:x86

4a9b7309a6ac950ad4b19cafe45274aa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EnumThreadWindows
RegisterClassA
RegisterClassExA
SetMenuContextHelpId
IsChild

comctl32

InitCommonControlsEx

wininet

InternetGetCookieW
GopherFindFirstFileA
UpdateUrlCacheContentPath
GopherGetAttributeA
InternetWriteFileExA

advapi32

LogonUserW

kernel32

GetTickCount
GetConsoleCP
MultiByteToWideChar
ReadFile
GetModuleFileNameW
GetLastError
GetModuleFileNameA
DeleteCriticalSection
SetConsoleCtrlHandler
SetHandleCount
IsDebuggerPresent
HeapSize
GetCurrentProcess
HeapReAlloc
GetCPInfo
SetStdHandle
Sleep
RtlUnwind
TlsSetValue
HeapFree
GetDateFormatA
GetStartupInfoW
FreeLibrary
UnhandledExceptionFilter
EnterCriticalSection
CreateFileA
GetSystemTimeAsFileTime
VirtualFree
WriteFile
GetProcAddress
GetTimeFormatA
GetLocaleInfoW
FillConsoleOutputAttribute
GetVersion
EnumSystemLocalesA
QueryPerformanceCounter
OpenMutexA
SetUnhandledExceptionFilter
CommConfigDialogA
GetFileType
IsValidLocale
GetStdHandle
InterlockedIncrement
WideCharToMultiByte
GetStringTypeW
CreateMutexA
InterlockedExchange
EnumCalendarInfoW
GetCalendarInfoA
TlsAlloc
GlobalHandle
GetCommandLineW
GetModuleHandleW
LeaveCriticalSection
GetUserDefaultLCID
GetStringTypeA
IsValidCodePage
FlushFileBuffers
SetLastError
TransactNamedPipe
GetCommandLineA
GetCompressedFileSizeW
GetLocaleInfoA
GetEnvironmentStringsW
SetEnvironmentVariableA
ReadConsoleW
GetCurrentThreadId
SetFilePointer
GetOEMCP
LoadLibraryA
TerminateProcess
SystemTimeToTzSpecificLocalTime
WriteConsoleA
WriteConsoleW
GetCurrentThread
GetModuleHandleA
FreeEnvironmentStringsW
CompareStringA
GetNumberFormatW
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetCurrentProcessId
ExitProcess
GetStartupInfoA
HeapDestroy
CloseHandle
VirtualAlloc
GetSystemDefaultLangID
GetShortPathNameW
GetConsoleMode
GetFullPathNameA
HeapCreate
TlsGetValue
CompareStringW
GetACP
HeapAlloc
VirtualQuery
GetTempPathA
TlsFree
GetConsoleOutputCP
LCMapStringA
InterlockedDecrement
LCMapStringW
VirtualAllocEx

Sections

.text
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a9b7309a6ac950ad4b19cafe45274aa

Headers

File Characteristics

Imports

user32

comctl32

wininet

advapi32

kernel32

Sections

.text Size: 230KB - Virtual size: 230KB

.rdata Size: 9KB - Virtual size: 27KB

.data Size: 317KB - Virtual size: 316KB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 230KB - Virtual size: 230KB

.rdata
Size: 9KB - Virtual size: 27KB

.data
Size: 317KB - Virtual size: 316KB

.rsrc
Size: 6KB - Virtual size: 6KB