1a4fca0b1fb49c09a5858bbb84624bf2030fc8ac906b17a65e55140d495eb961

Sharing

Copy URL

Twitter E-mail

General

Target

1a4fca0b1fb49c09a5858bbb84624bf2030fc8ac906b17a65e55140d495eb961
Size

268KB
MD5

d5d7533d6b0c890b5cd31dc73a7c3c72
SHA1

a1c3812ca8a93870641d8f86dd92ccbd2afda73f
SHA256

1a4fca0b1fb49c09a5858bbb84624bf2030fc8ac906b17a65e55140d495eb961
SHA512

88b4af5f4bb6b23b5d937c4c45b1f96763caf0c65269c318628da8fd8c416d95e0ffb66a66ea6b9283f65eddc068cca5d4dda0e11d1ca24112376694e7d17bd6
SSDEEP

3072:t/OkwF/YJbnl2EGI49EOuh6xcySiDiduzSiXwsVZ2Ixqg123MsLFzagTECh1gBtV:okysp2EGJduh4DKKZ7qgeMsBmwEk1KD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a4fca0b1fb49c09a5858bbb84624bf2030fc8ac906b17a65e55140d495eb961

Files

1a4fca0b1fb49c09a5858bbb84624bf2030fc8ac906b17a65e55140d495eb961
.exe windows:5 windows x86 arch:x86

e3d670f240c2fb5feae11e07fde9abb3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
FileTimeToSystemTime
GetMailslotInfo
GetLastError
SetLastError
GetProcessWorkingSetSize
AddAtomW
lstrcatW
GlobalAlloc
VirtualProtect
SetProcessShutdownParameters
GetCurrentProcessId
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CreateFileW
HeapReAlloc
GetProcessTimes
GetTickCount
GetProcessIoCounters
SetProcessAffinityMask
GetProcessAffinityMask
ExitProcess
GetStringTypeW
LCMapStringW
WriteConsoleW
GetLocaleInfoW
LoadLibraryW
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RaiseException
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
GetCurrentProcess
HeapAlloc
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
ReadFile
CloseHandle
GetProcAddress
GetModuleHandleW
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
FatalAppExitA
RtlUnwind
SetStdHandle
FlushFileBuffers
HeapSize
IsValidLocale

user32

GetMessageExtraInfo
BeginPaint
GetDC
GetMonitorInfoW

advapi32

GetUserNameA
SetSecurityDescriptorDacl
LookupPrivilegeNameA
InitiateSystemShutdownA
OpenEventLogA

shell32

ord179
ShellAboutA
ShellExecuteW

msimg32

TransparentBlt

winhttp

WinHttpWriteData

Sections

.text
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3d670f240c2fb5feae11e07fde9abb3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msimg32

winhttp

Sections

.text Size: 144KB - Virtual size: 141KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 24KB - Virtual size: 20KB

.rsrc Size: 68KB - Virtual size: 66KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 144KB - Virtual size: 141KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 24KB - Virtual size: 20KB

.rsrc
Size: 68KB - Virtual size: 66KB

.reloc
Size: 8KB - Virtual size: 6KB