1b599cc16ae53d31194f6e4ffb240cd8e446e3b45d72f80ce5f24f17a840bde2

Sharing

Copy URL Twitter E-mail

General

Target

1b599cc16ae53d31194f6e4ffb240cd8e446e3b45d72f80ce5f24f17a840bde2
Size

12.1MB
MD5

b96bb2e4273c3b42ed6b0d243d7be509
SHA1

c27c41f836568866f2efb2dc91e7d82ed0a8acb0
SHA256

1b599cc16ae53d31194f6e4ffb240cd8e446e3b45d72f80ce5f24f17a840bde2
SHA512

3b7fd14b8fc50c65255e639c11d2ac2d8dd6f07a5a60dbb2075095e0226f891451c167fe27221b992f01a9616f57b5e0b69d32de5285e6edc1a5110a1593d4f7
SSDEEP

196608:ZCeqMxR9gZrOiwjbRNrS0+Z5vovam2kVLZvnK7uq2Y1s5iyY4P4v:ge1xRkOiwjbRw0+TQHVLquq2vFY4q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b599cc16ae53d31194f6e4ffb240cd8e446e3b45d72f80ce5f24f17a840bde2

Files

1b599cc16ae53d31194f6e4ffb240cd8e446e3b45d72f80ce5f24f17a840bde2
.exe windows:5 windows x86 arch:x86

adab71c8267734bd6ca3f314620e2e4f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiStreamOut

ws2_32

WSACleanup

kernel32

GetVersion
GetVersionExA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetActiveWindow
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

gdi32

TextOutA

winspool.drv

OpenPrinterA

advapi32

RegOpenKeyExA

shell32

Shell_NotifyIconA

ole32

CLSIDFromProgID

oleaut32

UnRegisterTypeLi

comctl32

ord17

comdlg32

ChooseColorA

wtsapi32

WTSSendMessageW

Exports

Exports

��(��x�6�z�2��wY)^氄��;d��Ŕ�L(EOw�p+X3+�`�m?D�zU�8(M�?!��ns!�<��I�Ȯ�f1��X�T04=��;��`��FA�)�RL`��7|�f�G;�l^x��D�uJƃb��I}W��T:�\ cX��(��q��e1��KG��k�wEI�b�f�3*��(6"j��3T"�/z4�"%>W��Y>gPfuUP �Q��0Ƚ�~A[�g;�/Q��q5�}�^H��Ϩwԓy=�M<]�V9.��"��~Y�K\|<�弊$�B2�gXHʭp��!� ��sD��3�G��B{}�Tn$b��6k�z-]u_Ys9��{%�2f��yu1O�PQ�>ʤY�y�K%1�� %�B"#��X�/�+��ɱXg�ĥ��O/�|ٲ��C.�u��I��e�pEh38<�sqjږ�H ,z�Q8�0�,n��_�19?��#��^ƶv63��gX�9�P�eb�S��i�}��}MD��p��n��8��d ]��UR*��K4*!��{߁��~q��i�9�N�(��V��L�'s�է�8�<q��e~ ��^�1s��JC�YS� �%0S��a�v@��n?� �{�Fi2& ��#dI.\��ٚ�0�pH8�:o=/�Z��C��8-_x��/�E�߉��(v��6z��0�~�Ϩ��=Ns :�r�Rݖ��F"��4��d<z � #շ]�8bG��|�.|>[��Ad)�0��t��S�j ��Q;�;��m�M7�l�P:?lb��4�&T��&Z��I<و��*�hQɛ��uQ_�5v�a��>8�=ל��"�2�!9�\9�/�p�V��x�o�$��Gjδ �) Dw$77)�s6� ˸a��Lp�k�"�F'0��_f򓣞gb��V�Dɳ�1��3Q��Cbs��,n��J.M��G��A��Ρl� )��G��:�d�m��<e��>��J:��j��ۜ��&�b��j/�Z&-�4��T�-|��%��E�N�<�Q�P�=E�o�Ŕٖ�:�K࠹��d�vQ��9�nG��Xk��%�5��6��5{��-��T��UI�l�kGm��V�Y��*��$g1��*Mͳ��"�wQa��"��0�l.M�=6`��Z��`;�ۙ8�zi�O��:��G�IYh��P��4�\G{)Q��1�� b }�G�l->��m��w�p�^_n�|�6��\%a��q|��g��ܢi5iO��`W��RdB�1�-�L�D��F��\5E��.s��c��P�.��_Ӄ��Q5n��]Y�Y��!2�x��~F��I��u�07 |b��s A+� h��m� π��՘RAmR%�]�M�K��T��&��7��*��n�Hs�A��E�=^�g. y�AS\ ��7� �5 �xkۅE ��w�d��r�|��{�*�s�GX(B�)��Q��i҅�\��ڨ��Mw��(/h��m�'�!iECH�U�#��'�-��ܛZ-H.=c�h�k��#eY3�K��84I��U�-��#�Tc�I*<��E�f!��qvg�C��Q�D�&�duxn�CN�.��s�1�0I1n�ڡ�w��q��%�X�0��vNf��}�FAqw��҃�&��˵��]!N%�ߐmD|��ܮ�#j�G��R�M��y%�?�$bZ޶@�y�9̒�Il�&O��OQ�`�FE�1IGX%��}�5�BoT�P_��^�̴,��3�1�=��Z�6��4��SM%��?V��oPo��v�G�{A'_a��?r�ݷh;��$�\��:w;��Ⱦj8!]�S�U��-��x��EkPNr�Yc��t��xn� <��ۭ?�?ǵ&��ɩ�<&=��=��.k��I��ld�B ��6�0��Λ�x�`��q��?N��5�N9�{k�h)\��Yb:*Ú�Q� Q|�p+�U�� T0�<��9u ��*?~iF.l��of��,&޻h�1�u�J�8@��,ѣ��S��B9� l7��Y��=�ޓ��q Ypt#e��z�H�:?��ڼ�Ш�_O]X��|x��q�Y�O!�p��Zߧ�P��$=Xj� +C%Vt�O��Q��`mI��=�E�k��SzH�o[/��B�F>`��y-6��b�A$�[��P��T�6��g�>&�)u�]�G�0Y�c��o�b�@��Ud��6�%h�cW�#��e��H7 Zު6��c��ŢU�� >�7�3㔍��S 1|��Rn�V� �L��?e� 7��9�v��b�/��U�Ur�U~�3�[�Q�B��\��?�}tnJ�m�ۑG��|�j��t��v�T�`�r�v�#��t[��d��t�b�Li�~��$#��hmN��ߘ%C��9@�X��"��g��b��6 ��W(�Z3��U�脜p��ä��l�J��zbO�g�?g� b^�<��,Gj��J}��c��BǊ�wQX��MK<��+��U�t��-�[��yǑ�J��vR9I�0�gfg#IQu��l��/��[��uO9�,lLxD�7"�7i�MZ�W�d�,i\��lE�I��K��K�q�k�� A��v/iח� :��{�+)��}��75@_��Et�W��5��́��<�X��a��^�ނ��f! @"�?'%�j�>��e��w� @t�,n�q!�!�jØ�N��`��w��j�@LG�ޭ(�@�x]��g?_1��ֹK @o�ڛ�1�ޯ�ʅV��)v4#·

Sections

.text
Size: - Virtual size: 589KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 8.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TiU0
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.TiU1
Size: 12.1MB - Virtual size: 12.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

adab71c8267734bd6ca3f314620e2e4f

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 589KB

.rdata Size: - Virtual size: 8.8MB

.data Size: - Virtual size: 209KB

.TiU0 Size: - Virtual size: 3.3MB

.TiU1 Size: 12.1MB - Virtual size: 12.1MB

.rsrc Size: 16KB - Virtual size: 13KB

.text
Size: - Virtual size: 589KB

.rdata
Size: - Virtual size: 8.8MB

.data
Size: - Virtual size: 209KB

.TiU0
Size: - Virtual size: 3.3MB

.TiU1
Size: 12.1MB - Virtual size: 12.1MB

.rsrc
Size: 16KB - Virtual size: 13KB