1f1c0d7beab592000210dd54c34242d0bd84daa7ec72b51522eb1700c6658a48

Sharing

Copy URL Twitter E-mail

General

Target

1f1c0d7beab592000210dd54c34242d0bd84daa7ec72b51522eb1700c6658a48
Size

186KB
MD5

f4f3a6c8e5704cc1355e0fa65e003a03
SHA1

c1a780c8a640924257f08fd000cf3d6b4c78c2d2
SHA256

1f1c0d7beab592000210dd54c34242d0bd84daa7ec72b51522eb1700c6658a48
SHA512

c5685f93394695e623fdad8abcee1872f57efcbedd9008c5a92fe8620c1e316be07c8f4095e9cb718919eba89f9de6e8ce874f93704cdb4d53ddd82576c106cb
SSDEEP

3072:5plUs/k/1wOungmXoLqRgIgUmLPWDBREmTUMsZua5vSbTDjHMgPA6UW/S8ha46On:5plUs/k/1Eg0cqeIoLP4BYZua5vS31P/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f1c0d7beab592000210dd54c34242d0bd84daa7ec72b51522eb1700c6658a48

Files

1f1c0d7beab592000210dd54c34242d0bd84daa7ec72b51522eb1700c6658a48
.exe windows:6 windows x86 arch:x86

c30badcf6b52b7416c03e5265f74289a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

SearchProtocolHost.pdb

Imports

advapi32

CopySid
GetLengthSid
IsValidSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetTokenInformation
AddAce
GetAce
GetAclInformation
AddAccessAllowedAce
InitializeAcl
EventRegister
EventUnregister
EventWrite
AdjustTokenPrivileges
LookupPrivilegeValueW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
OpenThreadToken
LookupAccountNameW
ImpersonateLoggedOnUser
RevertToSelf
RegCloseKey
MakeSelfRelativeSD
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorLength
GetSidSubAuthority
SetSecurityDescriptorSacl
MakeAbsoluteSD
InitializeSid
GetSidLengthRequired
DeleteAce
EqualPrefixSid
LookupAccountSidW
CreateWellKnownSid
DeregisterEventSource
RegisterEventSourceW
ReportEventW
ConvertStringSecurityDescriptorToSecurityDescriptorA

kernel32

GetModuleHandleW
SetLastError
InterlockedCompareExchange
LoadLibraryA
GlobalUnlock
GlobalLock
UnmapViewOfFile
MapViewOfFile
GlobalFree
GlobalAlloc
WaitForMultipleObjects
GetTickCount
CreateThread
InterlockedIncrement
InterlockedDecrement
LoadLibraryW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
ResetEvent
LocalFree
GetHandleInformation
OpenEventW
GetCurrentProcessId
SetErrorMode
HeapSetInformation
lstrlenA
DelayLoadFailureHook
LoadLibraryExA
GetThreadTimes
GetCurrentProcess
GetProcessTimes
GetCurrentThreadId
WaitForSingleObject
SetEvent
CreateEventW
GetProcAddress
FreeLibrary
CloseHandle
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
lstrlenW
GetSystemDefaultLCID
CompareStringW
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
SearchPathW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetVersionExW
FindResourceExW
WaitForSingleObjectEx
OutputDebugStringW
CopyFileA
DeleteFileA
FlushViewOfFile
GetLocalTime
CreateFileA
FormatMessageA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeFormatW
LCMapStringW
SetPriorityClass
IsValidCodePage
OpenFileMappingW
OpenSemaphoreW
CreateFileMappingW
VerSetConditionMask
VerifyVersionInfoW
ReleaseSemaphore
RegEnumValueW
RegQueryValueExW
RegDeleteKeyExW
ExpandEnvironmentStringsW
CreateFileW
DuplicateHandle
GetFileSize
GetFileTime
UnlockFile
LockFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
WriteFile
ReadFile
DeleteFileW
FormatMessageW
OutputDebugStringA
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
Sleep
InterlockedExchange
ReleaseMutex
GetCurrentThread
GetVersionExA

msvcrt

_vsnwprintf
bsearch
fprintf
_iob
_controlfp
_errno
realloc
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
strncmp
strerror
_itow_s
_set_error_mode
_wcsicmp
_wtoi
_itow
wcsncpy_s
memcpy_s
memcpy
memset
__CxxFrameHandler3
wcschr
_purecall
_wcsnicmp
wcsncmp
_CxxThrowException
malloc
free
iswspace
_wtol
_ultow
_vsnprintf

user32

LoadStringW
UnregisterClassA
GetLastInputInfo
MsgWaitForMultipleObjects
CharNextW
PeekMessageW
DispatchMessageW

ole32

CLSIDFromProgID
CoInitializeSecurity
CoDisconnectObject
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CreateBindCtx
CreateStreamOnHGlobal
CoUnmarshalInterface
CoTaskMemFree
PropVariantClear
CoUninitialize
CoInitializeEx
PropVariantCopy

oleaut32

SysStringLen
SetErrorInfo
CreateErrorInfo
VarUI4FromStr
GetErrorInfo
SysFreeString

tquery

?ciNewNoThrow@@YGPAXI@Z
?ciNew@@YGPAXI@Z
?ciDelete@@YGXPAX@Z

msshooks

LoadMSSearchHooks

imm32

ImmDisableIME

shlwapi

SHRegGetValueW

ntdll

WinSqmIncrementDWORD

Sections

.text
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c30badcf6b52b7416c03e5265f74289a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

user32

ole32

oleaut32

tquery

msshooks

imm32

shlwapi

ntdll

Sections

.text Size: 147KB - Virtual size: 146KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 34KB - Virtual size: 36KB

.text
Size: 147KB - Virtual size: 146KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 34KB - Virtual size: 36KB