1bd2b018dfc64396abbce7eb8639729b

General

Target

1bd2b018dfc64396abbce7eb8639729b
Size

25KB
MD5

1bd2b018dfc64396abbce7eb8639729b
SHA1

1fe6c6263c6c05a222d8062e161cfce72dbe9436
SHA256

25edc5648fbb89bdb182754ca4fa0bb9006372ca2e4316b1da11b880e093ca62
SHA512

d62dccdf60c7e678341875910d0ca80e2e9b3fbf9d48b42a32570a21f262f69de3dcb88301aab7cba3ab2acdb3e57d4e0765a0fa44b703c30a3cf15609419239
SSDEEP

384:QfNWkCBkXzidpwrLy//ha3teIWwCDE67OS+UAUbaIVXSIPaWw3BW6cPp:ANWkCB7bwehad/WwCDV8SVXzPuBkp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1bd2b018dfc64396abbce7eb8639729b

Files

1bd2b018dfc64396abbce7eb8639729b
.dll windows:4 windows x86 arch:x86

dad3e32f5edd57f197ad3a8b5b278262

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
CreateMutexA
GetCurrentProcessId
CreateThread
GetProcAddress
VirtualAlloc
ReadProcessMemory
GlobalLock
GlobalAlloc
CreateProcessA
GetModuleFileNameA
GetPrivateProfileStringA
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalUnlock
IsBadReadPtr
SetFilePointer
InitializeCriticalSection
VirtualProtectEx
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
SetThreadContext
OpenThread
SetUnhandledExceptionFilter
GetCommandLineA
GetCurrentThreadId
ReadFile
DeleteFileA
GetTempPathA
CreateFileA
WriteFile
CloseHandle
VirtualProtect
GetModuleHandleA
GetCurrentProcess
TerminateProcess
TerminateThread
ExitProcess
Sleep

user32

SetWindowsHookExA
GetWindowThreadProcessId
FindWindowA
CallNextHookEx
GetWindowTextA

msvcrt

_strupr
_stricmp
_strlwr
_strcmpi
__CxxFrameHandler
strcpy
sprintf
strlen
memcpy
strcat
memset
??2@YAPAXI@Z
atoi
??3@YAXPAX@Z
strstr
strncpy
strchr
fclose
fread
fopen
strcmp
wcslen
strrchr

Exports

Exports

kkk
lll

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dad3e32f5edd57f197ad3a8b5b278262

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 13KB

sdt Size: 512B - Virtual size: 4B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 13KB

sdt
Size: 512B - Virtual size: 4B

.reloc
Size: 3KB - Virtual size: 2KB