1bacb7ab9d7911ba8dcacfa8d6cd3283

Sharing

Copy URL Twitter E-mail

General

Target

1bacb7ab9d7911ba8dcacfa8d6cd3283
Size

87KB
MD5

1bacb7ab9d7911ba8dcacfa8d6cd3283
SHA1

b8653b40ed35cdb3541ad7e4b99a0101102a76db
SHA256

cfea0bbc25370863265a7bc31c460fed493b29fd656d52e35cc9ae8e7350a4d3
SHA512

c8952d0fd0abe685f3d5e7a93d38d2e033976ec43a93f875aeaaf6ae8f83f63e0c6dba38026df430426ba4757c6926db914700059626cf140a69c23f5ba87f4b
SSDEEP

1536:uovpO/9+O5MC5v9nWHrj17xKUuI+w4anwDtw5q5Ynx//o3LB0ix2qIe5L/:VvU/mKUXgDeQYn9w2ix5Ie5L/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1bacb7ab9d7911ba8dcacfa8d6cd3283

Files

1bacb7ab9d7911ba8dcacfa8d6cd3283
.exe windows:5 windows x86 arch:x86

6e3b514783a341d8f42e9cb8b453eebd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegEnumKeyA
RegSetValueExA

ws2_32

inet_addr
ntohs
sendto
recv
connect
select
WSAGetLastError
htons
socket
__WSAFDIsSet
closesocket
gethostbyname
send
WSAStartup
ioctlsocket

user32

CharLowerA
CharUpperA
CharUpperBuffA
wsprintfA
wvsprintfA

kernel32

HeapSize
RtlUnwind
HeapReAlloc
VirtualAlloc
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
lstrlenA
WaitForSingleObject
GetTickCount
WideCharToMultiByte
CreateProcessA
FileTimeToSystemTime
GetTimeZoneInformation
GetProcAddress
GetLocalTime
LoadLibraryA
GetModuleHandleA
CloseHandle
FileTimeToLocalFileTime
ExitProcess
CreateFileA
SystemTimeToFileTime
GetSystemTimeAsFileTime
WriteFile
Sleep
GetFileAttributesA
GetSystemDirectoryA
lstrcatA
ExitThread
GetLastError
CopyFileA
SetFileAttributesA
GetModuleFileNameA
CreateMutexA
GetTempPathA
DeleteFileA
CreateThread
lstrcpyA
lstrcmpA
lstrcpynA
HeapAlloc
InterlockedIncrement
InterlockedDecrement
HeapFree
GetProcessHeap
lstrcmpiA
GlobalFree
GetFileSize
GlobalAlloc
ReadFile
GetTempFileNameA
MapViewOfFile
UnmapViewOfFile
GetCurrentThread
GetWindowsDirectoryA
GetDriveTypeA
GetEnvironmentVariableA
SetThreadPriority
FindFirstFileA
FindClose
CreateFileMappingA
FindNextFileA
SetFilePointer
GetSystemTime
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetStringTypeA

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6e3b514783a341d8f42e9cb8b453eebd

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ws2_32

user32

kernel32

Sections

.text Size: 57KB - Virtual size: 56KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 4KB - Virtual size: 7KB

.text
Size: 57KB - Virtual size: 56KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 4KB - Virtual size: 7KB