1ca34c1bad38270366671a353b65529a

Sharing

Copy URL Twitter E-mail

General

Target

1ca34c1bad38270366671a353b65529a
Size

255KB
MD5

1ca34c1bad38270366671a353b65529a
SHA1

7d8978efe6626181af9e8153bc19d6d26fe4cd2f
SHA256

4f6b61ff78c758dedfed47a93f86bd209e0fee02e33d3f606abc42fb0ce30781
SHA512

bac46113584963b1cd1d4ca02a1f645a4aa11e9073b0df885314ac1209c128fa54166067cf491302e740ef37ccd38952bfa45647ef9cb5af5504bd81b7a181c5
SSDEEP

3072:VPJih0SLO6eue1Hr4rhY1jRXWFW+rFDnyFr4Y/dv7RH5/FBjj/j33636gSI7VqNu:D0erX1t2hwLPj/jHWRSI7VqNcmt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ca34c1bad38270366671a353b65529a

Files

1ca34c1bad38270366671a353b65529a
.exe windows:4 windows x86 arch:x86

0f1edbd4f6cd60338b07763fe8856eaa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoW
GetCommandLineA
SetUnhandledExceptionFilter
FreeLibrary
RtlUnwind
InterlockedIncrement
FreeEnvironmentStringsW
GetCurrentProcess
HeapCreate
VirtualAlloc
TlsFree
SetHandleCount
HeapReAlloc
GetStringTypeW
DeleteCriticalSection
GetStringTypeA
GetFileType
TlsAlloc
GetModuleFileNameA
GetLocaleInfoA
InterlockedDecrement
ExitProcess
GetOEMCP
InitializeCriticalSectionAndSpinCount
IsValidLocale
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
HeapDestroy
GetEnvironmentStringsW
LeaveCriticalSection
QueryPerformanceCounter
GetMailslotInfo
VirtualFree
EnterCriticalSection
UnhandledExceptionFilter
GetCurrentThreadId
GetEnvironmentStrings
HeapAlloc
GetTimeZoneInformation
HeapFree
ContinueDebugEvent
TlsGetValue
GetCurrentProcessId
FreeEnvironmentStringsA
IsDebuggerPresent
HeapSize
WriteFile
LCMapStringW
GetDateFormatA
GetStartupInfoA
IsValidCodePage
GetLastError
SetEnvironmentVariableA
WideCharToMultiByte
WaitForDebugEvent
GetACP
GetModuleHandleA
GetEnvironmentVariableW
GetModuleHandleW
EnumSystemLocalesA
GetNumberFormatW
TlsSetValue
CompareStringW
CompareStringA
GetCurrentThread
LCMapStringA
GetProcAddress
GetStdHandle
GetTimeFormatA
GetCPInfo
SetLastError
InterlockedExchange
MultiByteToWideChar
TerminateProcess
GetUserDefaultLCID
VirtualQuery
SetConsoleCtrlHandler
Sleep
lstrcpynA

advapi32

CryptSetProviderExW
CryptSignHashW
CryptDuplicateHash
CryptSetProviderW
RegQueryMultipleValuesW
CryptVerifySignatureW
CryptDuplicateKey
CryptDestroyHash
RegQueryInfoKeyA
RegQueryMultipleValuesA

shell32

SHQueryRecycleBinW
CheckEscapesW
DuplicateIcon
SHGetSettings
SHGetDesktopFolder
ShellExecuteExW
ShellAboutW
RealShellExecuteExW
ShellExecuteEx
SHGetDataFromIDListA
ShellAboutA
CommandLineToArgvW
SHChangeNotify
DragQueryFile
SHGetFileInfoA
SHEmptyRecycleBinW
SHFileOperation
FindExecutableW
DragAcceptFiles
SHAppBarMessage
DoEnvironmentSubstA

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 137KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f1edbd4f6cd60338b07763fe8856eaa

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

Sections

.text Size: 112KB - Virtual size: 111KB

.data Size: 137KB - Virtual size: 168KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 112KB - Virtual size: 111KB

.data
Size: 137KB - Virtual size: 168KB

.rsrc
Size: 5KB - Virtual size: 4KB