1ccad4cd3bb585061c9b503d0f0e9e49

Sharing

Copy URL Twitter E-mail

General

Target

1ccad4cd3bb585061c9b503d0f0e9e49
Size

31KB
MD5

1ccad4cd3bb585061c9b503d0f0e9e49
SHA1

d70c8eb2205208cc506fcaa28896fac9258290f7
SHA256

060a708428c009a75bb0eda75d0d62f7e8b2f18e95536081f7ee52d56c777209
SHA512

062b6e1079b7d395aa79614eab05297bee24778a488bdada0476751801874224dc7f5c541a6cde064606207568d2b531d6b6687a8ef4340e18360c6ef775d5d7
SSDEEP

768:Ml2NBPp9wWTfvIJsGsQE/cutuJemNqJ6DS7LEiYNESIVSFRC4v:c2bPp9LvIJ9s1UutusmNqJnEiYNESIVw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ccad4cd3bb585061c9b503d0f0e9e49

Files

1ccad4cd3bb585061c9b503d0f0e9e49
.exe windows:4 windows x86 arch:x86

433bb7c1c176e41f514304390720e8db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupIterateCabinetW

advapi32

RegOpenKeyExA
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetValueExW
RegCloseKey
RegOpenKeyW
RegSetValueExA
RegCreateKeyExW
RegSetKeySecurity
RegQueryInfoKeyW
GetSecurityDescriptorDacl
RegFlushKey
RegCreateKeyExA
RegQueryValueExA
SetNamedSecurityInfoW

version

GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoSizeW
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoA

user32

GetForegroundWindow

kernel32

UnmapViewOfFile
FlushFileBuffers
DosDateTimeToFileTime
ReadFile
SetFileAttributesA
GetWindowsDirectoryW
QueryPerformanceCounter
SetEndOfFile
CreateEventW
UnhandledExceptionFilter
GetLastError
CopyFileA
CreateFileA
GetProcessHeap
GetCurrentProcessId
DeleteFileW
FileTimeToSystemTime
DeleteCriticalSection
WideCharToMultiByte
TlsSetValue
SystemTimeToFileTime
MultiByteToWideChar
GetSystemDirectoryA
GetSystemTimeAsFileTime
WaitForSingleObject
HeapReAlloc
GetModuleFileNameA
DeviceIoControl
GetCurrentThreadId
MapViewOfFile
GetFileAttributesA
GetModuleHandleA
VirtualAlloc
SetErrorMode
CreateFileW
UnlockFileEx
InterlockedCompareExchange
CloseHandle
GetFileSize
InterlockedDecrement
GetModuleHandleW
LeaveCriticalSection
LockFileEx
GetTempFileNameW
InterlockedIncrement
GetVersionExW
CopyFileW
MoveFileW
VirtualProtect
InitializeCriticalSection
CreateSemaphoreA
VirtualFree
GetTickCount
SetEvent
FreeEnvironmentStringsA
FindNextFileW
MoveFileExW
CreateFileMappingA
TlsGetValue
TlsAlloc
SetLastError
Beep
LocalFree
SetFilePointer
CreateDirectoryW
EnterCriticalSection
SetFileAttributesW
SetUnhandledExceptionFilter
GetTimeZoneInformation
ReleaseSemaphore
TlsFree
InterlockedExchange
lstrlenA
GetFileAttributesW
lstrlenW
FreeEnvironmentStringsW
LocalFileTimeToFileTime
GetLocalTime
GetUserDefaultLCID
GetSystemTime
LoadLibraryExA
GetCurrentProcess
TerminateProcess
InitializeCriticalSectionAndSpinCount
CreateEventA
RemoveDirectoryW
GetDiskFreeSpaceA
IsBadReadPtr
GetVersionExA
SetFileTime
GetProcAddress
GetUserDefaultLangID
FindFirstFileW
GlobalMemoryStatus
CreateFileMappingW
Sleep
ExitProcess
GetEnvironmentStringsW
LocalAlloc
HeapFree
LoadLibraryExW
WriteFile
GetWindowsDirectoryA
HeapAlloc
GetEnvironmentStrings
GetVersion
FreeLibrary
GetModuleFileNameW
GetTempPathW
FindClose
LoadLibraryA

wintrust

CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseContext
CryptCATAdminAddCatalog
CryptCATAdminAcquireContext

Sections

.text
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

433bb7c1c176e41f514304390720e8db

Headers

File Characteristics

Imports

setupapi

advapi32

version

user32

kernel32

wintrust

Sections

.text Size: 512B - Virtual size: 396B

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 2KB - Virtual size: 144KB

.rsrc Size: 2KB - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 4KB

.text
Size: 512B - Virtual size: 396B

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 2KB - Virtual size: 144KB

.rsrc
Size: 2KB - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 4KB