1fff3506bce4ae80f455dc3f8e2c9e49

Sharing

Copy URL Twitter E-mail

General

Target

1fff3506bce4ae80f455dc3f8e2c9e49
Size

28KB
MD5

1fff3506bce4ae80f455dc3f8e2c9e49
SHA1

24a4fc25906c7bf32fe8118086280abf8091ccb8
SHA256

2ff507453f9dd85aa9425ba0cdb42fb027e6df6b9202a7b6a79ab88b5105b7a8
SHA512

e952d55cc1071e62fd769c24d86d251cdd56885ac7ee7f5b97fa063fa366f062c953e8b40f3e70799a5d36b3f156cb9abcde84e734b9e0653e120f6899ce7169
SSDEEP

384:w3kerecRd5lmdT6knArxwpxVxHp3vR1O:wpKc5lmdirxwfbH53O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1fff3506bce4ae80f455dc3f8e2c9e49

Files

1fff3506bce4ae80f455dc3f8e2c9e49
.dll windows:4 windows x86 arch:x86

1b02bd6f3e97c55c6754926639619fd1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileA
GetCurrentProcessId
DisableThreadLibraryCalls
FreeLibraryAndExitThread
CloseHandle
TerminateThread
WaitForSingleObject
CreateEventA
GetProcAddress
ExitProcess
ReadFile
GetFileSize
CreateFileA
WriteFile
SetFilePointer
GetLocalTime
CreateThread
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
CreateProcessA
GetStartupInfoA
WaitForMultipleObjects
VirtualFreeEx
CreateRemoteThread
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
lstrlenW
MultiByteToWideChar
GetLastError
GetCurrentProcess
lstrlenA
lstrcmpA
lstrcpyA
GetSystemDirectoryA
LoadLibraryA
FreeLibrary
IsDBCSLeadByte
Sleep

user32

GetKeyState
wsprintfA
CloseWindowStation
CloseDesktop
SetThreadDesktop
OpenDesktopA
OpenWindowStationA
WaitForInputIdle
CharUpperA
GetForegroundWindow
FindWindowA
GetAsyncKeyState
SetProcessWindowStation
GetFocus
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
GetActiveWindow
GetWindowTextA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

wininet

InternetSetOptionA
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
HttpQueryInfoA
InternetReadFile

imm32

ImmGetCompositionStringA
ImmGetContext
ImmReleaseContext

msvcrt

strstr
strlen
_EH_prolog
__CxxFrameHandler
memcpy
strchr
??2@YAPAXI@Z
??3@YAXPAX@Z
memset
free
_initterm
malloc
_adjust_fdiv
_except_handler3

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b02bd6f3e97c55c6754926639619fd1

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wininet

imm32

msvcrt

Sections

.text Size: 8KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 1KB

Shared Size: 4KB - Virtual size: 576B

.reloc Size: 4KB - Virtual size: 888B

.text
Size: 8KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 1KB

Shared
Size: 4KB - Virtual size: 576B

.reloc
Size: 4KB - Virtual size: 888B