1ca4836cdfb5ac9a57cac35a0de799f2

Sharing

Copy URL Twitter E-mail

General

Target

1ca4836cdfb5ac9a57cac35a0de799f2
Size

39KB
MD5

1ca4836cdfb5ac9a57cac35a0de799f2
SHA1

c89e1f0ae2767ca16a9163e533fc797e393b0d6c
SHA256

9419256330aafe3920c5bd3adf3df2314459d61945a0eedc8d81875cc7f44944
SHA512

2786655404f9cb67eeabae7d9a4cc3f062b0e6026c6892072833fdf0ee39007c89fb0d5f420385372599a184acb33156f57088dc6de4e4e468970676e162dac2
SSDEEP

768:4DzYNgxWST/t7FAJI8lS2u6NiHwqhG/MdpelYCX0FvM/Ki:4DzMST/t7aPoHthG0beZgvM/Ki

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ca4836cdfb5ac9a57cac35a0de799f2

Files

1ca4836cdfb5ac9a57cac35a0de799f2
.dll windows:4 windows x86 arch:x86

9176e16336d8a89fcc33fcc2579b5763

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress
VirtualAlloc
VirtualFree
VirtualProtect

ws2_32

listen

user32

IsWindow

ole32

CreateStreamOnHGlobal

gdi32

BitBlt

shlwapi

StrChrA

shell32

ShellExecuteA

psapi

GetModuleFileNameExA

avicap32

capCreateCaptureWindowA

winmm

waveInStop

advapi32

RegCloseKey

msvcrt

free

imm32

ImmGetContext

Exports

Exports

Qy001DoMainWSSK
222222222222
ServiceMain

Sections

.guoc
Size: 24KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guocy
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guof
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

guocy
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gyuio
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rtfgyh
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.guocyok
Size: 7KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9176e16336d8a89fcc33fcc2579b5763

Headers

File Characteristics

Imports

kernel32

ws2_32

user32

ole32

gdi32

shlwapi

shell32

psapi

avicap32

winmm

advapi32

msvcrt

imm32

Exports

Exports

Sections

.guoc Size: 24KB - Virtual size: 66KB

.guocy Size: 1024B - Virtual size: 6KB

.guof Size: 1024B - Virtual size: 2KB

guocy Size: - Virtual size: 4KB

.gyuio Size: 3KB - Virtual size: 3KB

.rsrc Size: - Virtual size: 4KB

.rtfgyh Size: 2KB - Virtual size: 3KB

.guocyok Size: 7KB - Virtual size: 4KB

.guoc
Size: 24KB - Virtual size: 66KB

.guocy
Size: 1024B - Virtual size: 6KB

.guof
Size: 1024B - Virtual size: 2KB

guocy
Size: - Virtual size: 4KB

.gyuio
Size: 3KB - Virtual size: 3KB

.rsrc
Size: - Virtual size: 4KB

.rtfgyh
Size: 2KB - Virtual size: 3KB

.guocyok
Size: 7KB - Virtual size: 4KB