e1b017a4eaccb0836fc6530fb04b20aa

Sharing

Copy URL Twitter E-mail

General

Target

e1b017a4eaccb0836fc6530fb04b20aa
Size

489KB
MD5

e1b017a4eaccb0836fc6530fb04b20aa
SHA1

261d551603dcfaa088100554baf8a207c7cbb98c
SHA256

d0c427db7f35f2007df98e92c3581c21d21b4bbd66520c0a8c0291e60371f886
SHA512

673a7984472372fc94c19c35fbbb27924f09c3933451fb9efc58b21f4df60cb47a9843065c39acb79da25b3afed3670ca22924b4f904b54f61ad2a7d9c0a517a
SSDEEP

6144:NSSYuIUu3UggQDRc/0o9HkjXr67uv+/AYZCUXAxKpI+jJfXny790Dpsm5uL31vRj:NSSRuwt0o9H+XgCQ1ypY9oL3Bm3+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1b017a4eaccb0836fc6530fb04b20aa

Files

e1b017a4eaccb0836fc6530fb04b20aa
.exe windows:4 windows x86 arch:x86

0fe6cff1dd01eba81ab2436c15e05fc7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHInvokePrinterCommandA
RealShellExecuteW

comdlg32

PrintDlgW
GetOpenFileNameA

wininet

InternetGetConnectedStateExW
IsHostInProxyBypassList
InternetSetOptionExW
InternetGetConnectedStateExA
InternetHangUp
GetUrlCacheEntryInfoExW
InternetSecurityProtocolToStringW
LoadUrlCacheContent

kernel32

GetCurrentProcessId
CompareStringA
GetLocalTime
OpenMutexA
UnhandledExceptionFilter
EnumSystemCodePagesW
TlsGetValue
GetCommandLineA
FlushFileBuffers
GetACP
TlsFree
WriteFile
CreateMutexA
GetStringTypeW
GetConsoleTitleA
GetEnvironmentStringsW
GetTimeZoneInformation
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
GetVersionExA
HeapReAlloc
CloseHandle
ExitProcess
MultiByteToWideChar
TlsSetValue
SetConsoleTitleW
GetLocaleInfoW
ReadConsoleInputW
GetLocaleInfoA
TerminateProcess
VirtualProtect
GetUserDefaultLCID
SetFilePointer
GetCurrentThread
GetEnvironmentStrings
GetModuleFileNameA
VirtualAlloc
InterlockedExchange
VirtualFree
GetStartupInfoA
SetLastError
GetFileType
GetSystemInfo
LoadLibraryA
VirtualQuery
HeapFree
GetStringTypeA
EnterCriticalSection
EnumSystemLocalesA
WideCharToMultiByte
GetModuleHandleA
GetProcAddress
LocalCompact
SetEnvironmentVariableA
GetOEMCP
DeleteCriticalSection
GetCurrentProcess
WritePrivateProfileStructA
LCMapStringW
HeapCreate
LocalReAlloc
InitializeCriticalSection
QueryPerformanceCounter
lstrcpynW
HeapAlloc
GetDateFormatA
LeaveCriticalSection
LCMapStringA
RtlUnwind
HeapValidate
SetStdHandle
WriteConsoleA
GetTimeFormatA
TlsAlloc
GetDriveTypeA
GetTickCount
IsValidLocale
MoveFileExA
IsBadWritePtr
GetLastError
EnumCalendarInfoW
IsValidCodePage
GetCPInfo
HeapSize
CreateEventA
ReadFile
FreeEnvironmentStringsW
HeapDestroy
GetFullPathNameW
SetHandleCount
GetStdHandle
GetCurrentThreadId
CompareStringW
lstrcpyn

user32

DdeUninitialize
RegisterClassA
ActivateKeyboardLayout
SetFocus
RegisterClassExA
RegisterDeviceNotificationA
ReplyMessage

advapi32

RegQueryValueExA

comctl32

InitCommonControlsEx

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 310KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0fe6cff1dd01eba81ab2436c15e05fc7

Headers

File Characteristics

Imports

shell32

comdlg32

wininet

kernel32

user32

advapi32

comctl32

Sections

.text Size: 159KB - Virtual size: 158KB

.rdata Size: 8KB - Virtual size: 15KB

.data Size: 310KB - Virtual size: 310KB

.rsrc Size: 10KB - Virtual size: 9KB

.text
Size: 159KB - Virtual size: 158KB

.rdata
Size: 8KB - Virtual size: 15KB

.data
Size: 310KB - Virtual size: 310KB

.rsrc
Size: 10KB - Virtual size: 9KB