1c2faa9c13a96fbad4b5d6611193bf03

General

Target

1c2faa9c13a96fbad4b5d6611193bf03
Size

28KB
MD5

1c2faa9c13a96fbad4b5d6611193bf03
SHA1

606cee90e1cfd2588c40d18bdd2f489848823746
SHA256

586a1c81a24d33c4d6927feaa31d7060b0e053048b55e8ef80eba0c30b723417
SHA512

eb5986e4c2daa339e8c4a88aa52301c5872e2e159a674581bec6c3be8cdbc69c5734813bca749d6efdc7886ba50e3cf59fb83e4f3b41a32b6405fc0268ddef8e
SSDEEP

384:W1MTg4ve1MMGZgUigQ0d+YDVvexdr2fMT5tE5I4I:WCTz2CMGOUi4dnvff056hI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c2faa9c13a96fbad4b5d6611193bf03

Files

1c2faa9c13a96fbad4b5d6611193bf03
.dll windows:4 windows x86 arch:x86

3408060669cc52ce2cf1531fc0b57d92

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
WaitForSingleObject
WriteFile
CreateFileA
LoadResource
SizeofResource
FindResourceA
lstrlenA
GetSystemDirectoryA
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
OpenProcess
GetCurrentProcessId
VirtualFreeEx
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
FindClose
CreateMutexA
lstrcpynA
lstrcpyA
lstrcmpA
FindFirstFileA
SetFileTime
GetFileTime
CreateThread
ReleaseMutex
FreeLibrary
CreateEventA
GetLastError
SetEvent
CloseHandle
DeleteFileA
Sleep
CopyFileA
FindNextFileA
GetModuleFileNameA

user32

UnhookWindowsHookEx
SendMessageA
EnumWindows
GetWindowThreadProcessId
wsprintfA
SetWindowsHookExA
CallNextHookEx
RegisterWindowMessageA

advapi32

RegSetValueExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

shlwapi

PathFileExistsA
StrStrIA

Exports

Exports

CoGetComCatalog
GetRPCSSInfo
INS
ServiceMain
WhichService

Sections

.bss
Size: - Virtual size: 65KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 1024B - Virtual size: 532B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 858B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3408060669cc52ce2cf1531fc0b57d92

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

Exports

Exports

Sections

.bss Size: - Virtual size: 65KB

.data Size: 7KB - Virtual size: 7KB

.shared Size: 1024B - Virtual size: 532B

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 1024B - Virtual size: 858B

.bss
Size: - Virtual size: 65KB

.data
Size: 7KB - Virtual size: 7KB

.shared
Size: 1024B - Virtual size: 532B

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 1024B - Virtual size: 858B