1ad60b3ed65f489b5a55b0bca7a136569aaf87a73893a19bc5f7fc0c5b2c1455

Sharing

Copy URL

Twitter E-mail

General

Target

1ad60b3ed65f489b5a55b0bca7a136569aaf87a73893a19bc5f7fc0c5b2c1455
Size

6.6MB
MD5

1c1a5e10edc5c3f76c8c7b5f930d9cc6
SHA1

431597da16e4a6bc8cce616e4ac329f74d89362a
SHA256

1ad60b3ed65f489b5a55b0bca7a136569aaf87a73893a19bc5f7fc0c5b2c1455
SHA512

abb977cbe57d7645c93a8b6c1d371cc3e106e5343109ada746b7b37c1a9fca6028e005d990d8afa598494ab3cac3cb5f5d6c88b35069faf319293f2c8bb1b959
SSDEEP

98304:/2xVZQxbe0tUhxFVoPVj9mfUFjDNV5cfIxAY46Ned6x5U2+p2e0PWZWhOn+IaXPi:+j6obcVj8Kjxpsd6x5UlpXFZWEnQXPgj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
1ad60b3ed65f489b5a55b0bca7a136569aaf87a73893a19bc5f7fc0c5b2c1455

Files

1ad60b3ed65f489b5a55b0bca7a136569aaf87a73893a19bc5f7fc0c5b2c1455
.exe windows:5 windows x86 arch:x86

0ee2d3e5f03e5c87f330a10e47d7ab28

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetVersion
GetVersionExA
GetVersion
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

wsprintfA
SetFocus
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

winmm

midiStreamOut

ws2_32

bind

gdi32

LineTo

winspool.drv

OpenPrinterA

advapi32

RegCloseKey

shell32

Shell_NotifyIconA

ole32

CLSIDFromProgID

oleaut32

UnRegisterTypeLi

comctl32

ord17

comdlg32

ChooseColorA

wtsapi32

WTSSendMessageW

Exports

Exports

į�0��?r]��4)�� m^L"��Z��勏�-��t��^|�53��o T�rp�� s�'��M��)��\��b��2^�{�Hq�IF�^�MFEU,�û6��-�� ü��ʹ_C��6��$4�,�C��_Z��LE}��Qy��E4�H� ��z��*��͝�8ۓ45%h�M?PT��.�,�a*\�aB�;��c�{��_~�ѵ&�q�ܧ�d�>[��(/rA��g;�� <.i f�M�ᛳ�� 5�u5aG��ǌ��,: ��!B�#S�� :c�N9�6+��EA�)��C��)��>$�ssSDhd�"��< ��(��&�R&��c��y�a��UG�Y>~�Y�Y�X��B��Y�� 5ʊ��z�&��'��O�s��WZ�/è��; ��B��Ο#��5�2n�ECr�MSLdl��\�q��?ie_� �9��Ut��?D�|]J�y̫<#�� (F��3�b��g��~��f;��lf��ו�$��+&g��fΞ[�� "�ᙧ]aP��ޣ�B֡�R�u��)��<�b0��7�*`�;�W��{Zo^�WV��'�� =O�^��Q�Fl��KJg�VHC�)k�lc��=�ݵl�8�C��W5�~�aB�v��]\% 6�/&Z�M��S` �s��B�a��o:nx�k��M�f�!p0T��B0ʗ��C!��q��]K��ǲ�%��<C��-�)��I��.8�Nc��)Q$�|�z�=��k��2�T�0�M"��O0�αFM��n�K�=�Lפ�>��U��;� �_N?͟L��)��`�}�Rl�y��3:�xJ25Ȓ^�۰�X^��I��u�tb��]3�+ �X'3��(�`"U��ԋs��NۨWu�wZ��7,��r��k� r��Z��A �^$3��2��>�g�f"q=�v�3�W�zp�Q�rzb��<,u�E�Rj�C;��>�*k�u¸��01��U��k��n�ƭ|`|��w�K��Dn.ѩ@&2�3�EG�7��J�F��R�!�2��6$U��?2m��K�l��p��@uQ�K�B��W��i��%s.��q� 8L]�n��m�RI�M0z%��/W�Y�x��]f�� ӈ�2�O�G�Fբ��0_z��S� v�ZY��\��v~�6r��b�m��2�2�~��!��!��~�j\��4_eQ�lh�$��&(Ԇ��b��4�MK��4��2��=��;t�!�6SXv��>j�Y�ZpHE�5��0N#%@��q5Z�@��D�O�#Y�� b��$+X��wGN�:ћ� ��쯒KrW�� $g�Np�'?��{*�˃��|#|c�O�7��,��0��ݷB+�ʄ�Rn��o)�G��(�!��E Z�pO��N��]ᦃE��(�T��iޡ��)K?CW�<$#`//��sR+,��Ųm��U�p2�r=�}Ly~��pYI'8��&DG�'re�a[ӸY�tK*i��0`[��HMv��K[k��E� ��fv�#�5��),\�e��Ff��A��n@�S,!fp�b��@�D��<��D�ƄZ$P)Ϫ��s|��I�=֮.�Y��S3 |��qh8aF��g6��F��!��X6h��6<5R��N�7�m`�z*��/B�9�ZtK5�\�&�D�)x8D>��u��}L��y�JT��eu��7�˩��z՜��C1��0N<J�qQN��d�.!��O��<6��),�ꖪW�:��mq��`�x�|i��B�G4�5l��/��?˒�Q̫W��-��,��iha6��A��N;��_��Pwdm�P�L ��R��|��]�PEg&�u)D�S�h�B��悻˅��3��U��&�&ς0��K�!��x� R'Z�vX�V��;��;��p]<��ހ��|�K^��R��Sj��d�n)K��)��U>�;k�!�/=�|.�1@�.�4�k��Q{_�*�V�Q�h��ʓ?V�n�tęb&�+��-�fg�v=�Z��~p�I700�>VCD�&�#�,b�{UB(ad�k��xSy��i��h�� s�(6�Hh)E��"�O3��1@lE&o�9�l��;�Xit�0�Y��c�Ť��ߋ&�U�W ��#vc�dp�`Pش�;r"ٵ�4�<��)<��v�c��ECv8��{VP�WWRh��R��c��j��x;��7K��y��z�x�ۋ*��e��剧q&��+r��z�ím85%i=�a@�z||�RX�[��G�X9?��c��/�,oBMyi�'��S��ب�*� X&�X��0g� %�9��s;o]��~�K�I3�D� 1 #+�? #`r��$B��D��1Cs��@ �v�9�$yq.mH�5m8�x�\),Y*��+#��˒��/B��J�R]��,�GV; NGL�ǡ�F�/%�Jcu��և�į�"AZ�I?�Mϒ�ƝW��-;�dt?!>S�I��Q-Ɖ�&�b¾cq^ϐ�̿$�Oa6vJqC+�q�)ձ��E^�x��X��F�F�.%>|\��A��G� EK7U��)��п�X莳��$��6�x��<��(k��A��[��R}�H�i��Q��_�G�#��7��5S��`��4�P�d�5sy!R�1�ǜ m,#��|��^�G<��i�O��C��qP�}��89��-�K��n n�D��+u㉉��͘�L�ш�#�Ȁ9rS��I��XjQ��zE�%�0�wk�̴E��f}�r�� X7X��\�ǵT��8�^�8��<+��Nj��˚б}![6

Sections

.text
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 764KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 6.5MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ee2d3e5f03e5c87f330a10e47d7ab28

Headers

File Characteristics

Imports

kernel32

user32

winmm

ws2_32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 1.8MB

.rdata Size: - Virtual size: 4.6MB

.data Size: - Virtual size: 764KB

.text0 Size: - Virtual size: 2.6MB

.text1 Size: 6.5MB - Virtual size: 6.5MB

.rsrc Size: 140KB - Virtual size: 139KB

.text
Size: - Virtual size: 1.8MB

.rdata
Size: - Virtual size: 4.6MB

.data
Size: - Virtual size: 764KB

.text0
Size: - Virtual size: 2.6MB

.text1
Size: 6.5MB - Virtual size: 6.5MB

.rsrc
Size: 140KB - Virtual size: 139KB