1c1f5b83bf77baee9b49866e1af1b4e5

Sharing

Copy URL Twitter E-mail

General

Target

1c1f5b83bf77baee9b49866e1af1b4e5
Size

478KB
MD5

1c1f5b83bf77baee9b49866e1af1b4e5
SHA1

e92f8a50ef7de825c808cfe39dbaf5e4ddfa64ff
SHA256

44fafd0ea8f1605395b7e2c428ce7874fab492bd242d9d1b9b2184f0fc47ef32
SHA512

d25a8c2dfc84a3e166c131c4f2794dc82cb742854951799c74f3ff94c16c6e8e9fa2ce032c6bb3208351b4c3f38240f4bfdac426cb036ef713b7ea7cd8d78060
SSDEEP

12288:zOwSUq9iPBdr2CKyKgQZO+irTmrz8qhDLsGykET5b8cej:z9tq9iWCKzy3Ez8aLY5b6j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c1f5b83bf77baee9b49866e1af1b4e5

Files

1c1f5b83bf77baee9b49866e1af1b4e5
.exe windows:4 windows x86 arch:x86

d8e4479a5eeefa54d5242e6acd5645be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoA
GetCPInfo
SetConsoleCtrlHandler
FreeEnvironmentStringsA
RtlUnwind
InitializeCriticalSection
FlushFileBuffers
GetCurrentProcess
GetUserDefaultLCID
VirtualAlloc
SetHandleCount
MultiByteToWideChar
HeapReAlloc
GetStringTypeW
GetCurrentDirectoryW
GetStringTypeA
GetEnvironmentStringsW
SetFilePointer
GetModuleFileNameA
GetLastError
HeapValidate
ExitProcess
GetOEMCP
HeapDestroy
IsBadReadPtr
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
GetVersionExA
GetEnvironmentStrings
IsValidLocale
QueryPerformanceCounter
WideCharToMultiByte
TlsFree
DebugBreak
TlsAlloc
VirtualFree
GetDateFormatA
HeapAlloc
GetTimeFormatA
HeapFree
DeleteCriticalSection
SetLastError
GetCurrentProcessId
EnumSystemLocalesA
InterlockedDecrement
HeapCreate
TlsSetValue
IsValidCodePage
GetCurrentThread
GetStartupInfoA
InterlockedIncrement
GetFileType
LeaveCriticalSection
TlsGetValue
CloseHandle
FreeEnvironmentStringsW
GetModuleHandleA
GlobalGetAtomNameA
GetLocaleInfoW
EnterCriticalSection
DosDateTimeToFileTime
SetStdHandle
CompareStringW
CompareStringA
GetCommandLineA
IsBadWritePtr
GetProcAddress
GetStdHandle
GetSystemInfo
GetACP
OutputDebugStringA
InterlockedExchange
LCMapStringA
WriteFile
GetTimeZoneInformation
VirtualQuery
VirtualProtect
UnhandledExceptionFilter
GetFileTime
SetEnvironmentVariableA
GetCurrentThreadId
LCMapStringW
ReadConsoleW
TerminateProcess

advapi32

LookupSecurityDescriptorPartsA

shell32

SheChangeDirExW
ShellHookProc
SHBrowseForFolderA
SHUpdateRecycleBinIcon
SheGetDirA
SHGetSettings
SHEmptyRecycleBinA
ShellExecuteEx
SHGetSpecialFolderPathW
SHGetFileInfoW
DragQueryFileAorW
SHFreeNameMappings
SHAppBarMessage
SHGetMalloc
ExtractAssociatedIconExW
CommandLineToArgvW
SHBrowseForFolder
SHFormatDrive
ExtractAssociatedIconExA

Sections

.text
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8e4479a5eeefa54d5242e6acd5645be

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

Sections

.text Size: 181KB - Virtual size: 181KB

.data Size: 281KB - Virtual size: 281KB

.rsrc Size: 14KB - Virtual size: 14KB

.text
Size: 181KB - Virtual size: 181KB

.data
Size: 281KB - Virtual size: 281KB

.rsrc
Size: 14KB - Virtual size: 14KB