1bc75832d1b095dccce467ff71d1aee4

Sharing

Copy URL Twitter E-mail

General

Target

1bc75832d1b095dccce467ff71d1aee4
Size

600KB
MD5

1bc75832d1b095dccce467ff71d1aee4
SHA1

78992aa2c2f015d4e927ca973107e3e7303c65a8
SHA256

20334646d428f20d89e4f0bd3b52fb97b5810b4bebd500f2dd744b82b61a35f1
SHA512

12c467e7254f54d652ef2f36d7a2c441381fc12f091b6ff68adf9dd04ae9f3e40e2310a7380f9f1026d47d93a7f06a7c35b4f8e23d81f6193dd28fad48499cda
SSDEEP

12288:GTR5HzY3Vn0WdWMI93ynMI92F8S/cgz87VJmVKZdUIvR:QRKmWMzPHLKZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1bc75832d1b095dccce467ff71d1aee4

Files

1bc75832d1b095dccce467ff71d1aee4
.exe windows:4 windows x86 arch:x86

3a2a23001778b6a9bbed947656740b81

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsA
GetStartupInfoA
FindResourceA
LocalReAlloc
GetLocaleInfoA
CreateFileA
HeapAlloc
SetLastError
MultiByteToWideChar
IsBadReadPtr
RaiseException
TlsSetValue
CompareStringW
GetACP
TlsGetValue
LoadLibraryW
TlsAlloc
GetModuleHandleW
GetOEMCP
OpenFile
LCMapStringA
GetConsoleMode
GetProcessHeap
GetConsoleOutputCP
CompareStringA
GetStringTypeW
OutputDebugStringW
GetModuleFileNameW
GetProcAddress
DeleteCriticalSection
GetLocaleInfoW
SetFilePointer
GetVersionExA
GetConsoleCP
GetAtomNameA
GetTimeFormatA
VirtualQuery
InterlockedIncrement
SetEnvironmentVariableA
IsValidCodePage
FreeLibrary
GetUserDefaultLCID
OutputDebugStringA
GetLastError
HeapReAlloc
InterlockedDecrement
ExitProcess
DebugBreak
VirtualFree
VirtualAlloc
SetHandleCount
QueryPerformanceCounter
GetCurrentProcess
HeapSize
GetModuleHandleA
GetEnvironmentStrings
HeapCreate
HeapDestroy
lstrlenA
IsValidLocale
SetUnhandledExceptionFilter
GetCommandLineA
GetEnvironmentStringsW
WriteConsoleA
TlsFree
WriteFile
GetCPInfo
WaitForDebugEvent
GetTickCount
GetStringTypeA
WriteConsoleW
GetDateFormatA
LCMapStringW
IsDebuggerPresent
RtlUnwind
GetCurrentThread
GetSystemTimeAsFileTime
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
EnumSystemLocalesA
EnterCriticalSection
GetFileType
Sleep
GetStdHandle
GetTimeZoneInformation
HeapFree
TerminateProcess
LoadLibraryA
GetSystemDirectoryW
SetConsoleCtrlHandler
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetModuleFileNameA
LeaveCriticalSection
SystemTimeToTzSpecificLocalTime
SetStdHandle
CloseHandle
InterlockedExchange
GetCurrentProcessId
FlushFileBuffers
HeapValidate
GetCurrentThreadId

comdlg32

GetSaveFileNameW

advapi32

RegOpenKeyExA
RegQueryValueA
RegRestoreKeyA
RegDeleteValueA
CryptSetProviderExA
CryptReleaseContext
CryptDuplicateKey
CryptSignHashW
GetUserNameW
RegEnumKeyA
RegCreateKeyExW
RegConnectRegistryW
LookupSecurityDescriptorPartsW
RegSaveKeyW

wininet

CreateUrlCacheContainerA
InternetLockRequestFile
GetUrlCacheEntryInfoExA
GopherCreateLocatorA
RetrieveUrlCacheEntryStreamA
InternetErrorDlg
InternetUnlockRequestFile
FindNextUrlCacheContainerA
IncrementUrlCacheHeaderData
UnlockUrlCacheEntryFile
DeleteUrlCacheGroup
UnlockUrlCacheEntryFileA
FindFirstUrlCacheEntryExW
SetUrlCacheConfigInfoA
InternetSetDialStateA
DeleteUrlCacheContainerW
DeleteUrlCacheEntryW
InternetSetOptionW
GetUrlCacheEntryInfoA
FindFirstUrlCacheContainerA
SetUrlCacheGroupAttributeW

Sections

.text
Size: 273KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 314KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a2a23001778b6a9bbed947656740b81

Headers

File Characteristics

Imports

kernel32

comdlg32

advapi32

wininet

Sections

.text Size: 273KB - Virtual size: 273KB

.data Size: 314KB - Virtual size: 324KB

.rsrc Size: 11KB - Virtual size: 10KB

.text
Size: 273KB - Virtual size: 273KB

.data
Size: 314KB - Virtual size: 324KB

.rsrc
Size: 11KB - Virtual size: 10KB