1ada72872116c80f8e206b52171a4c87

Sharing

Copy URL Twitter E-mail

General

Target

1ada72872116c80f8e206b52171a4c87
Size

1.1MB
MD5

1ada72872116c80f8e206b52171a4c87
SHA1

51d543655a53d34e16a622d68380f74c56cc23d0
SHA256

b7811339393ce8673e5e4aa628d672c501b51b0a947c2106dfccc0980b304276
SHA512

0991bdc9d15b86998d5bfbf50bd29d2d2a32546877f47991a09c0c0f67ec9a38dc1dbf43c413e5b7376f6ed6af671c33a48f7bf3342eb24c1d8dc25231fec135
SSDEEP

24576:9h110gG8YO2eSxs3v4LrH8J3UuO6KzR7sq+fwQnQeSfbi:Z1y88eSxs4HcoMq+B0m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ada72872116c80f8e206b52171a4c87

Files

1ada72872116c80f8e206b52171a4c87
.exe windows:6 windows x64 arch:x64

1c787c0721693fe2dc6f1e09e0da27bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryW
GetProcAddress
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
GetSystemTimeAsFileTime
EnterCriticalSection
OpenFileMappingW
OpenMutexW
ReleaseMutex
MapViewOfFile
UnmapViewOfFile
GetModuleHandleW
Sleep
WaitForSingleObject
GetCurrentProcessId
GetCurrentThread
GetCurrentProcess
GetLastError
SetLastError
LockResource
LoadResource
FindResourceExW
OpenProcess
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
RtlLookupFunctionEntry

advapi32

StartServiceW
OpenProcessToken
OpenThreadToken
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
QueryServiceStatus
OpenSCManagerW

shell32

ShellExecuteExW

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memmove
__current_exception
__current_exception_context
_CxxThrowException
memcpy
wcsrchr
__std_exception_destroy
__std_exception_copy
_purecall
__std_terminate
memset
__C_specific_handler

api-ms-win-crt-heap-l1-1-0

malloc
realloc
free
_set_new_mode
calloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_initialize_onexit_table
_register_onexit_function
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___wargv
_seh_filter_exe
_set_app_type
terminate
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_initterm_e
exit
_exit
__p___argc
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfwprintf
__p__commode
_set_fmode
__acrt_iob_func
__stdio_common_vsnwprintf_s

api-ms-win-crt-string-l1-1-0

wcscat_s
wcsncpy_s
_wcsicmp
wcscpy_s

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c787c0721693fe2dc6f1e09e0da27bd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 116KB - Virtual size: 115KB

.reloc Size: 512B - Virtual size: 456B

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 116KB - Virtual size: 115KB

.reloc
Size: 512B - Virtual size: 456B