1454ff26d54a022b44190bffeb7a0d28

Sharing

Copy URL

Twitter E-mail

General

Target

1454ff26d54a022b44190bffeb7a0d28
Size

39KB
MD5

1454ff26d54a022b44190bffeb7a0d28
SHA1

a392bb9080b0fe1a9bc834f365c0d30784b296d5
SHA256

bdc11aeadad9ac2cb13e59703b0d26e6a15d8e5a1b4acb7e24bc9ca5afb32092
SHA512

c0658a95246009fa11c6028f2836ab5d0cb0d38b5056063a656cd634001a85e1920cc426b4e8b8ff12f4ea44c1ff5b3853f6319b2f6276faad7e746f146d6829
SSDEEP

768:vel51GZjLz10YSnTL8ysXF7eAynwnSL61XgLJblN26WQAsLQQ:Wb1GZjS38HdeAYwSO1QL7N26WDs0Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1454ff26d54a022b44190bffeb7a0d28

Files

1454ff26d54a022b44190bffeb7a0d28
.exe windows:4 windows x86 arch:x86

1f7b73e27007bf7b1d9fdd93b7d6a51d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

gmtime
_futime
_strdup
isxdigit
_wcsnset
_stricoll
_y1
_osver
__p__tzname
_locking
_cprintf
_ismbbkpunct
_setmode
vfwprintf
wcsncat
_fdopen
_getmbcp
_pgmptr
longjmp
setlocale
localeconv
strtod
_fileno
__badioinfo
__p__pgmptr
fgetpos
__p___argc
_dup2
tmpfile
_except_handler2

gdi32

GetTextCharset
TextOutW
CreateColorSpaceW
SetPolyFillMode
GetTextCharacterExtra
GetRandomRgn
GetDeviceCaps
GetBkMode
GetColorSpace
DeleteEnhMetaFile
ExtTextOutW
PolyTextOutW
CreateDIBSection
GetFontLanguageInfo
GdiFlush
GdiGetBatchLimit
CreateICA
GetGraphicsMode

user32

DdeQueryNextServer
ChangeMenuW
FreeDDElParam
FindWindowW
DdeQueryStringW

kernel32

SearchPathA
CreateFileMappingA
GetNamedPipeInfo
GetTickCount
SetupComm
CreateFileMappingW
CallNamedPipeW
_llseek
GetModuleHandleA
GetConsoleAliasesA
SetDefaultCommConfigA
BackupSeek
GetCurrentProcessId
IsBadHugeWritePtr
GetAtomNameA
GetVersionExW
GetConsoleMode
VirtualAlloc
OpenJobObjectW
GetConsoleCommandHistoryLengthW
RegisterWowBaseHandlers
SetCurrentDirectoryA
GetStartupInfoW
GetCommModemStatus
ExitProcess
GetCurrentThreadId
OpenFile
lstrcmpA
GlobalAddAtomW
EnumResourceNamesA
GetTempFileNameW
GetCommandLineW
OpenSemaphoreW
FillConsoleOutputCharacterW
ExpandEnvironmentStringsW
SetTapePosition
VirtualFree
CreateThread
GetConsoleWindow
GetDriveTypeW
Sleep
GetStartupInfoA
GetCurrentConsoleFont
SetConsoleInputExeNameA
OpenMutexA
GetDefaultCommConfigW
EnumResourceTypesA
GetProfileStringW

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ybp
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xktrc
Size: 26KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1f7b73e27007bf7b1d9fdd93b7d6a51d

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

gdi32

user32

kernel32

Sections

.text Size: 6KB - Virtual size: 6KB

.ybp Size: 5KB - Virtual size: 16KB

.xktrc Size: 26KB - Virtual size: 31KB

.reloc Size: 1024B - Virtual size: 21KB

.text
Size: 6KB - Virtual size: 6KB

.ybp
Size: 5KB - Virtual size: 16KB

.xktrc
Size: 26KB - Virtual size: 31KB

.reloc
Size: 1024B - Virtual size: 21KB