1b4232ce2f732dc6edba1095aeea49ae

Sharing

Copy URL

Twitter E-mail

General

Target

1b4232ce2f732dc6edba1095aeea49ae
Size

3.0MB
MD5

1b4232ce2f732dc6edba1095aeea49ae
SHA1

663067e7504f96e2303bd86e6a6cdbf00aeb4b3e
SHA256

e10e1c5917a2e0499e2b9c3162b7ba47350bcab4dfeea7ac12c7bac35ccc33c5
SHA512

502ff2f03b37099bf45017a3a6f7d083d4ae1b9a070462c6d19a6dda90b0602352610318487f7bd41b03d8a1edd2aa31e115e72f2511944882b3be77d75d62f0
SSDEEP

49152:qcl6aaR2heDhbs7H0STLAKdoeJrOA3jorJj/azWMrTsHwAg1QloFiilF3fFpJ:oRO0yTieXThWMHRNz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b4232ce2f732dc6edba1095aeea49ae

Files

1b4232ce2f732dc6edba1095aeea49ae
.exe windows:4 windows x86 arch:x86

d573c059c5dfe86b72d6028f16759fef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
ExitProcess
GetCurrentProcessId
GetCurrencyFormatA
GetEnvironmentVariableA
OutputDebugStringA
GetFullPathNameW
CreateMailslotW
GlobalFlags
QueueUserAPC
SetCriticalSectionSpinCount
VirtualAlloc

msvbvm60

_adj_fdiv_m64
__vbaLenBstr
__vbaFreeObjList
ord303
ord716
_CItan
ord313
ord558
_adj_fdiv_m32
__vbaObjVar
__vbaFreeStr
__vbaMidStmtBstr
__vbaVarSetObjAddref
__vbaHresultCheckObj
ord560
__vbaI4Str

msvcrt

__p__osver
pow
_endthreadex
_strrev
_adjust_fdiv
_CItanh
_wfopen
swscanf
_wfindfirst
memchr
_fgetchar
_sys_errlist
exit
realloc
_wtempnam
_mbctolower
_wchmod

mscms

UninstallColorProfileW
IsColorProfileTagPresent
EnumColorProfilesW
DisassociateColorProfileFromDeviceW
TranslateBitmapBits
IsColorProfileValid
InternalGetDeviceConfig
DeleteColorTransform
CreateColorTransformW
GetColorProfileHeader
InternalSetDeviceConfig

avifil32

AVIStreamInfoW
AVIFileRelease
AVIStreamStart
AVIFileGetStream
AVIStreamRead
AVIFileOpenW
AVIFileInit
AVIStreamTimeToSample
AVIFileInfoW
AVIStreamSampleToTime
AVIFileAddRef
AVIFileExit
AVIStreamReadFormat
AVIStreamRelease
AVIStreamLength

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 685KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1.4MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1.6MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 860B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.textbs
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d573c059c5dfe86b72d6028f16759fef

Headers

File Characteristics

Imports

kernel32

msvbvm60

msvcrt

mscms

avifil32

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 685KB

.idata Size: 1.4MB - Virtual size: 2.5MB

.data Size: 1.6MB - Virtual size: 2.7MB

.tls Size: - Virtual size: 860B

.textbs Size: 512B - Virtual size: 24B

.rsrc Size: 35KB - Virtual size: 35KB

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 685KB

.idata
Size: 1.4MB - Virtual size: 2.5MB

.data
Size: 1.6MB - Virtual size: 2.7MB

.tls
Size: - Virtual size: 860B

.textbs
Size: 512B - Virtual size: 24B

.rsrc
Size: 35KB - Virtual size: 35KB