1b1ea5848897f0bfb3645147ee837a1f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1b1ea5848897f0bfb3645147ee837a1f
Size

2.6MB
MD5

1b1ea5848897f0bfb3645147ee837a1f
SHA1

143399578d6acdd2c78c107808cdc4092b09952f
SHA256

63ab9c177f5a8e89390acad0c8aecc4baccad99216b39b9dd4513953d6cd9df8
SHA512

389b4b56beaf84c32d2803231d3580a809c1428a442d64d7f5e5176eb5477c4287b5dbd26d2871084caaf9b623ed44e0a68595b485c8300a498504d85f2fcd99
SSDEEP

49152:bCm3ANv6U0wMsL9wD6a94WD9/LV2K3GNm3KExUtMeiR4HK:bCmQNvXMewDd42tRXX8uyK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b1ea5848897f0bfb3645147ee837a1f

Files

1b1ea5848897f0bfb3645147ee837a1f
.exe windows:4 windows x86 arch:x86

16ddf9b1390c8bf7f7fde96c95b68f26

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CreateStreamOnHGlobal

comctl32

ImageList_SetIconSize

wsock32

WSACleanup

Sections

CODE
Size: 2.6MB - Virtual size: 14.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE