e1b7e5b7891f7ab9bf3b3b4c6c6204d5

Sharing

Copy URL Twitter E-mail

General

Target

e1b7e5b7891f7ab9bf3b3b4c6c6204d5
Size

64KB
MD5

e1b7e5b7891f7ab9bf3b3b4c6c6204d5
SHA1

f851f0130a63ddb2bb15b55d65e6492280114ec9
SHA256

644e01c87a70a177fda35fe12ede143c947a4fb88ba9d8dd5bd5ab9659e865d2
SHA512

f94370585b03e49344de3d458832c371aea3e46b487d77ae8c0212776387b7872a52ca050727a2ae5dadd3caa1cc2dfb3885ab2b09bd69a306109a07b0a42c0d
SSDEEP

768:kPvM+Zy7KXcoTAIRJwbfIRgouEtySCdatVz+RV/FsQfH9S7i8tWCupoV1tsD9WO3:kXM+OKoIRCfI1MatVzCsQ/Mycng

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1b7e5b7891f7ab9bf3b3b4c6c6204d5

Files

e1b7e5b7891f7ab9bf3b3b4c6c6204d5
.exe windows:4 windows x86 arch:x86

53a76c96dbb247e7e0a7ceea5a54abfc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

URLDownloadToFileA

wininet

DeleteUrlCacheEntry

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
sscanf
rand
fopen
printf
fseek
ftell
fgetc
fread
fclose
memcpy
time
strlen
strcat
strcpy
atoi
strstr
memset
sprintf
strcmp

kernel32

GetStartupInfoA
GetModuleHandleA
OpenProcess
TerminateProcess
GetVersionExA
WriteFile
GetComputerNameA
FreeLibrary
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
lstrlenA
WinExec
DeleteFileA
CreateFileA
GetFileSize
Process32Next
GetCurrentProcessId
Process32First
CreateToolhelp32Snapshot
GetProcAddress
LoadLibraryA
ResumeThread
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
CreateThread
Sleep
CopyFileA
CloseHandle
GetSystemDirectoryA
CreateDirectoryA

user32

wsprintfA
CharUpperA

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyA
GetTokenInformation
LookupAccountSidA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenServiceA
QueryServiceStatus
ControlService
RegDeleteValueA
CloseServiceHandle
OpenSCManagerA
DeleteService

shell32

SHGetSpecialFolderPathA
ShellExecuteA

ole32

CoCreateGuid

shlwapi

PathFileExistsA

Exports

Exports

?Dll2Main@@YGHPAUHINSTANCE__@@KPAX@Z

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53a76c96dbb247e7e0a7ceea5a54abfc

Headers

File Characteristics

Imports

urlmon

wininet

msvcrt

kernel32

user32

advapi32

shell32

ole32

shlwapi

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 24KB

.rsrc Size: 32KB - Virtual size: 30KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 24KB

.rsrc
Size: 32KB - Virtual size: 30KB