c1b2e36e35184138353de141dfb5f6e2

General

Target

c1b2e36e35184138353de141dfb5f6e2
Size

27KB
MD5

c1b2e36e35184138353de141dfb5f6e2
SHA1

47214a01bc40854963357076a9590f0ba4f0cf83
SHA256

bdb0f83157b53055b36e756245ebe3b26ecb5c7bad3f5c6cb4ed1e95d4badb7c
SHA512

406168694911551fc9fde760b83151a9ec7c6b078f43bab59a0e162ab44cc7d39cb1293c97945fee40f3fc768688da21ca17363e15d03ed94fea23bf16e4b36c
SSDEEP

768:WtTV/83Vp5pv8lQvJ7tlWSTxqWTnvX33tWvQy/8k:WtTV/8P5ksVxlAvQEt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1b2e36e35184138353de141dfb5f6e2

Files

c1b2e36e35184138353de141dfb5f6e2
.exe windows:1 windows x86 arch:x86

860701bd80ac40babc72e489192171e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LocalAlloc
GetCurrentProcess
ExitThread
SetFilePointer
ResetEvent
ReadFile
CreateMutexA
LocalFree
GetModuleFileNameA
SetPriorityClass
SetEndOfFile
GetModuleHandleA
RegisterServiceProcess
GetPrivateProfileStringA
GetProcAddress
ExitProcess
CopyFileA
LocalReAlloc
CreateProcessA
CloseHandle
WaitForSingleObject
Sleep
CreateThread
CreateFileA
GetLastError
SetCurrentDirectoryA
DeleteFileA
GetFileSize
WriteFile
WritePrivateProfileStringA
lstrcat
lstrcmpi
lstrlen
GetWindowsDirectoryA

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey

user32

PeekMessageA
DispatchMessageA
TranslateMessage

ws2_32

socket
send
recvfrom
recv
inet_addr
gethostname
gethostbyname
connect
closesocket
bind
WSAStartup
sendto
WSAGetLastError
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent

Sections

CODE
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DUPATOR!
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

860701bd80ac40babc72e489192171e0

Headers

File Characteristics

Imports

kernel32

advapi32

user32

ws2_32

Sections

CODE Size: 15KB - Virtual size: 16KB

DATA Size: 4KB - Virtual size: 12KB

.idata Size: 2KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 24KB

DUPATOR! Size: 1KB - Virtual size: 4KB

CODE
Size: 15KB - Virtual size: 16KB

DATA
Size: 4KB - Virtual size: 12KB

.idata
Size: 2KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 24KB

DUPATOR!
Size: 1KB - Virtual size: 4KB