1ab502e5afc143ead7175832456ef9bd

General

Target

1ab502e5afc143ead7175832456ef9bd
Size

10KB
MD5

1ab502e5afc143ead7175832456ef9bd
SHA1

db32c008dc5d0eb371f9be834d889853b43b7f74
SHA256

863654f3d57e1c692d41e8d7c5dda22f3335524fe5592502a9992021171923d4
SHA512

db0355356f05e5cb58c8c67a729db090cd0434408f9e0dea4d6e708c686a75ed6c0566be1352ca8d97b6f857965397e714467a6ea58ee3260e4444138d9ba25e
SSDEEP

192:o4NKVXN/5dUQZbEER0T5GQ8AfBnwpa/bwRuSSs67aEh4W04rKNtEDKUh:HodtbLWoQPww9eW04rKNtEDf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ab502e5afc143ead7175832456ef9bd

Files

1ab502e5afc143ead7175832456ef9bd
.exe windows:4 windows x86 arch:x86

8a5891dc442bab4280634261993be25c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesA
SetPriorityClass
GetLastError
GetShortPathNameA
GetEnvironmentVariableA
CreateFileA
CopyFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
GetVersionExA
ResumeThread
SetFileTime
GetFileAttributesExA
DeleteFileA
WriteFile
ReadFile
GetTempFileNameA
GetTempPathA
Thread32Next
OpenThread
Thread32First
QueueUserAPC
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
ExpandEnvironmentStringsA
OpenProcess
VirtualAllocEx
WriteProcessMemory
GetModuleHandleA
GetProcAddress
CreateProcessA
lstrcpyA
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
GetCurrentProcess
lstrcatA
SetFilePointer
Sleep

user32

CharUpperA
wsprintfA

advapi32

ControlService
RegSetValueExA
StartServiceA
CloseServiceHandle
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptEncrypt
CryptDecrypt
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
RegCreateKeyA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegOpenKeyExA

msvcrt

strrchr
strncpy
??2@YAPAXI@Z
_except_handler3
__CxxFrameHandler
_CxxThrowException
??1type_info@@UAE@XZ
?terminate@@YAXXZ
strstr
??3@YAXPAX@Z
_strcmpi
_stricmp

setupapi

SetupIterateCabinetA

Sections

.data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8a5891dc442bab4280634261993be25c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

setupapi

Sections

.data Size: 10KB - Virtual size: 9KB

.data
Size: 10KB - Virtual size: 9KB