1b9b8a794169a390731ad1be8695de71

Sharing

Copy URL

Twitter E-mail

General

Target

1b9b8a794169a390731ad1be8695de71
Size

305KB
MD5

1b9b8a794169a390731ad1be8695de71
SHA1

172275fcc76e0833ace60cbc4c47a50b69eaa0b9
SHA256

4744812cf50ce34610259483fe0713f6da6803f16b72da24a29ac6485e68e0ff
SHA512

c05fb434104b7782e84dc664504c510d32628bfb5123f0b7d3d3dc257616cb892d3e76bed14cc55de1f4be5a83bdc516667c7fe6c501da83c3bc75e8b57af8b2
SSDEEP

6144:2V1rhrT6XFwPMviz0jinT1G1frl1dnIiXHky71NkQGmsHAM2ckqj:2VDru6Mvize2GJlb5ky71NzGf/2ck

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b9b8a794169a390731ad1be8695de71

Files

1b9b8a794169a390731ad1be8695de71
.exe windows:4 windows x86 arch:x86

c55c63b72d53ef24d858756c10fe13c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

memmove
NtDuplicateObject
NtClose
RtlNewSecurityObject
ZwClose
RtlReleasePebLock
NtQueryVolumeInformationFile
NtCompleteConnectPort
NtPowerInformation
RtlImageNtHeader
iswctype
RtlCreateEnvironment

activeds

ord25
ord12
ord21
ord5
ord22
ord3
ord6
ord26
ord27
ord18
ord20
ord7
ord13
ord16
ord17

kernel32

ExitProcess
GetCommTimeouts
DeleteTimerQueue
CreateTimerQueue
FormatMessageW
lstrcmpiA
LCMapStringA
VirtualAlloc
Module32FirstW
GetFileTime
GetDateFormatA
GlobalFree
CopyFileA
GetVersion

msjet40

ord302
ord110
ord148
ord155
ord172
ord113
ord912
ord195
ord112
ord158
ord146
ord106
ord132
ord803
ord187
ord176
ord316
ord171
ord906
ord804

msvcrt

rand
asctime
sinh
strstr
fprintf
__p__commode
_purecall
_putch
tolower
__crtLCMapStringA
__p__fmode
wcsstr
fscanf
_fstati64
ferror
iswascii
_exit
_rotl

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textbs
Size: 74KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 85KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

DATA
Size: 55KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 62KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c55c63b72d53ef24d858756c10fe13c6

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

activeds

kernel32

msjet40

msvcrt

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 512B - Virtual size: 19KB

.textbs Size: 74KB - Virtual size: 127KB

.data Size: 85KB - Virtual size: 137KB

DATA Size: 55KB - Virtual size: 104KB

.CRT Size: 62KB - Virtual size: 111KB

.rsrc Size: 19KB - Virtual size: 18KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 512B - Virtual size: 19KB

.textbs
Size: 74KB - Virtual size: 127KB

.data
Size: 85KB - Virtual size: 137KB

DATA
Size: 55KB - Virtual size: 104KB

.CRT
Size: 62KB - Virtual size: 111KB

.rsrc
Size: 19KB - Virtual size: 18KB