1cb50af8c9440e2315930439b8025ddb

Sharing

Copy URL Twitter E-mail

General

Target

1cb50af8c9440e2315930439b8025ddb
Size

255KB
MD5

1cb50af8c9440e2315930439b8025ddb
SHA1

df68414a187336d4e3f6fabd049c53dd0ab1ee43
SHA256

e5c5c21dffb809e950908a543d320824caa4192d97be702826073d4014163d99
SHA512

288ef0787c9282f2a7b46c550b70d9c39674823dd8461cf691328ace7ad01d8de7bb5f2269b3578a0468aeae9ecfd27c30c4019524981ced31b3530a401b35fe
SSDEEP

6144:dYp8Myga3gSThv1kEOx9BGTmduQwX9/muu:88MqQs7OyTquNXU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1cb50af8c9440e2315930439b8025ddb

Files

1cb50af8c9440e2315930439b8025ddb
.exe windows:0 windows x86 arch:x86

09f14aebeae1e11fbb5a9d99105140dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
lstrlenW
SetThreadExecutionState
CreateEventW
GetProcAddress
SetWaitableTimer
HeapFree
LoadLibraryW
CancelWaitableTimer
WaitForMultipleObjects
VirtualFree
WaitForMultipleObjectsEx
GetStdHandle
SetPriorityClass
UnmapViewOfFile
InterlockedIncrement
VerSetConditionMask
GlobalDeleteAtom
GetCurrentProcess
LeaveCriticalSection
SetProcessShutdownParameters
CancelIo
InterlockedDecrement
VirtualAlloc
SetProcessShutdownParameters
CreateWaitableTimerW
GetTickCount
ReleaseMutex
GetProcessHeap
InitializeCriticalSection
QueryPerformanceCounter
OpenProcess
VerifyVersionInfoW
GetCurrentThreadId
lstrcpyW
CompareStringW
ResetEvent
GetCommandLineW
MulDiv
GetTickCount

hid

HidD_FreePreparsedData
HidD_GetHidGuid
HidP_GetSpecificButtonCaps
HidP_GetUsages
HidP_MaxUsageListLength
HidD_GetPreparsedData
HidP_GetCaps

atl

ord57
ord44
ord16
ord18
ord23
ord32
ord20
ord45
ord58
ord43

msvcrt

_exit
__p__commode
wcstol
_controlfp
__setusermatherr
_c_exit
_itow
_beginthreadex
_initterm
_except_handler3
__p__fmode
free
wcsstr
_onexit
_wcmdln
wcscpy
__set_app_type
_CxxThrowException
wcscmp
??2@YAPAXI@Z
_adjust_fdiv
__dllonexit
_ftol
fputws
wcslen
swscanf
malloc
_wcsicmp

setupapi

SetupDiGetClassDevsExW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiOpenDevRegKey

user32

SetWindowLongW
EnumDisplaySettingsW
SetWindowsHookExW
WindowFromPoint
DispatchMessageW
GetDoubleClickTime
PostMessageW
GetMessageW
ClientToScreen
GetWindowLongW
GetDC
CharNextW
MoveWindow
UpdateLayeredWindow
RegisterWindowMessageW
EnumDisplayMonitors
SetCursorPos
GetPropW
SetThreadDesktop
GetSysColorBrush
GetDesktopWindow
UnhookWindowsHookEx
GetThreadDesktop
UnregisterDeviceNotification

ole32

CoCreateInstance

gdi32

GetDeviceCaps
CreateSolidBrush
CreateCompatibleDC

advapi32

RegOpenKeyExA
CopySid
RegOpenKeyW
RegOpenKeyExW
OpenProcessToken
SetSecurityDescriptorOwner
RegQueryValueExW
RegSetValueW
InitializeSecurityDescriptor
RegDeleteKeyW
RegCreateKeyW
RegEnumKeyW
RegCreateKeyExW
RegCloseKey

Sections

.text
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 536KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09f14aebeae1e11fbb5a9d99105140dc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

hid

atl

msvcrt

setupapi

user32

ole32

gdi32

advapi32

Sections

.text Size: 212KB - Virtual size: 212KB

.data Size: 35KB - Virtual size: 34KB

.rsrc Size: 7KB - Virtual size: 536KB

.text
Size: 212KB - Virtual size: 212KB

.data
Size: 35KB - Virtual size: 34KB

.rsrc
Size: 7KB - Virtual size: 536KB