1b8afeec10126227950e11005de74cc0

Sharing

Copy URL Twitter E-mail

General

Target

1b8afeec10126227950e11005de74cc0
Size

515KB
MD5

1b8afeec10126227950e11005de74cc0
SHA1

81576dcb3f8062c8390852b4c0ba2f4148fd206d
SHA256

17ef3c606610160b5b6ff26c4fda7981d901fb9d86e74a8e8fc404e361189756
SHA512

4e7364a4dab6d98398a9f9f4691992a14b5208509012b2a2b4f2c364e5f95cfd16f8aa63e798169a736e44baca2f8c7b05970ab172ab589e194bcaf7a0e4a05f
SSDEEP

12288:GHNqzJRJDmhu1FHIlw12/6RPrIm/qeehCMSKE:OqzJRJDi+RIls2ODFqXtE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b8afeec10126227950e11005de74cc0

Files

1b8afeec10126227950e11005de74cc0
.exe windows:4 windows x86 arch:x86

1303dd8e45ab1c3bf948dc7ce2f90869

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExA
ReportEventA
CryptEnumProvidersA
RegDeleteKeyW
CryptDecrypt
RegCreateKeyA

gdi32

SetTextColor
SetMapMode
PlgBlt
ArcTo
GetGlyphOutlineA
GetTextExtentPoint32A
GetTextExtentExPointA
DeviceCapabilitiesExA
CreateEnhMetaFileA
GetCurrentPositionEx
GetDeviceGammaRamp
UnrealizeObject
CreateFontIndirectA

wininet

FtpFindFirstFileW
FtpOpenFileW
InternetQueryOptionW
InternetDialW
GopherGetLocatorTypeW

comctl32

InitCommonControlsEx

kernel32

WaitForDebugEvent
SetStdHandle
LCMapStringW
GetLastError
InterlockedDecrement
QueryPerformanceCounter
GetSystemTimeAsFileTime
LeaveCriticalSection
FreeEnvironmentStringsA
IsBadWritePtr
InitializeCriticalSection
GetStringTypeA
GetEnvironmentStrings
GetLocalTime
GetModuleHandleA
GetVersion
WriteFile
LCMapStringA
RtlUnwind
InterlockedExchange
GetCurrentThreadId
EnterCriticalSection
TlsGetValue
MultiByteToWideChar
ExitProcess
GetStdHandle
CompareStringA
GetSystemTime
GetTimeZoneInformation
GetStartupInfoW
GetCurrentThread
CloseHandle
GetStringTypeW
lstrcpy
GetTickCount
SetLastError
FindNextFileW
GetFileType
TlsSetValue
CompareStringW
GetCommandLineW
WideCharToMultiByte
WritePrivateProfileSectionA
HeapFree
UnhandledExceptionFilter
RaiseException
VirtualQuery
InterlockedIncrement
GetLocaleInfoW
FlushFileBuffers
GetModuleFileNameW
SetFilePointer
WaitCommEvent
HeapCreate
SetConsoleOutputCP
GetEnvironmentStringsW
TlsAlloc
DeleteCriticalSection
SetEnvironmentVariableA
UnlockFile
TlsFree
GetCPInfo
ReadFile
VirtualAlloc
HeapAlloc
LoadLibraryA
GetProcAddress
VirtualFree
GetThreadPriorityBoost
HeapDestroy
GetCurrentProcessId
GetStartupInfoA
GetCurrentProcess
DeleteAtom
HeapReAlloc
TerminateProcess
GetModuleFileNameA
GetCommandLineA
FreeEnvironmentStringsW
OpenMutexA
CreateMutexA
GetPrivateProfileStringW
SetHandleCount

user32

UnhookWindowsHookEx
IsCharAlphaW
WindowFromPoint
GetWindowLongA
DdeKeepStringHandle
RegisterClassExA
CopyAcceleratorTableW
MsgWaitForMultipleObjectsEx
RegisterClassA
BeginDeferWindowPos
GetKeyState
GetForegroundWindow
CharNextA
EnumDisplayDevicesA
TranslateMessage

Sections

.text
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1303dd8e45ab1c3bf948dc7ce2f90869

Headers

File Characteristics

Imports

advapi32

gdi32

wininet

comctl32

kernel32

user32

Sections

.text Size: 185KB - Virtual size: 184KB

.rdata Size: 5KB - Virtual size: 22KB

.data Size: 312KB - Virtual size: 311KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 185KB - Virtual size: 184KB

.rdata
Size: 5KB - Virtual size: 22KB

.data
Size: 312KB - Virtual size: 311KB

.rsrc
Size: 12KB - Virtual size: 12KB