1e05d1ebd97eb4f0f9bb93b1f28918e3e7db65b240841dd5911852d88b9359aa

Sharing

Copy URL

Twitter E-mail

General

Target

1e05d1ebd97eb4f0f9bb93b1f28918e3e7db65b240841dd5911852d88b9359aa
Size

316KB
MD5

d0fa74c3b4149cd5dd7475ff9db41acc
SHA1

b5631040aafd0f1bca88a1f05a9b2c348a88ba05
SHA256

1e05d1ebd97eb4f0f9bb93b1f28918e3e7db65b240841dd5911852d88b9359aa
SHA512

890cedc0e23f1d04c216d6464f64c51ba7be9f1c24995c3b9ca057f6debc3bdc750441d1e8a906f09b830eae043172fe0460accd753762386c44d690587010cb
SSDEEP

6144:mNyjvHt9i1CDt0qhZZpvVR11pezYL7AMJbZDIFaepmhY:mNyDiIBNZHvVR11peswMJbZcFa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1e05d1ebd97eb4f0f9bb93b1f28918e3e7db65b240841dd5911852d88b9359aa

Files

1e05d1ebd97eb4f0f9bb93b1f28918e3e7db65b240841dd5911852d88b9359aa
.dll windows:4 windows x86 arch:x86

799a7ec84fb47d6a772db4c4cebd5bf7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

dinput8

DirectInput8Create

kernel32

SetEvent
InitializeCriticalSection
DeleteCriticalSection
SetThreadContext
GetThreadContext
LoadLibraryA
CreateThread
lstrlenW
SetLastError
MapViewOfFile
IsDebuggerPresent
GetFileAttributesW
GetFileAttributesA
SetFilePointer
GetFullPathNameA
lstrlenA
GetLastError
SetFilePointerEx
GetFileSize
GetFileSizeEx
WaitForSingleObject
CreateEventA
ResumeThread
TerminateProcess
CreateProcessA
CreateProcessW
FindNextFileA
FindFirstFileExA
GetFileAttributesExA
GetTickCount
CopyFileA
CopyFileExA
DeleteFileA
MoveFileA
MoveFileExA
ReplaceFileA
LoadLibraryW
GetModuleHandleW
LoadLibraryExA
LoadLibraryExW
MapViewOfFileEx
FindNextFileW
FindFirstFileW
FindFirstFileExW
GetFileAttributesExW
SetFileAttributesW
CopyFileW
CopyFileExW
DeleteFileW
MoveFileW
MoveFileExW
ReplaceFileW
Module32Next
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
DisableThreadLibraryCalls
WaitForMultipleObjects
SetFileAttributesA
InterlockedExchange
EnterCriticalSection
TerminateThread
LeaveCriticalSection
VirtualQuery
UnmapViewOfFile
CreateFileMappingW
CreateFileMappingA
GetCurrentThread
FlushInstructionCache
ExitProcess
SetUnhandledExceptionFilter
OutputDebugStringA
FindFirstFileA
FindClose
GetSystemInfo
VirtualAlloc
VirtualProtect
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
VirtualFree
GetModuleHandleA
GetProcAddress
GetCurrentProcess
CreateFileA
ReadFile
GetModuleFileNameA
GetCurrentDirectoryA
WriteFile
FreeLibrary
VirtualFreeEx
ReadProcessMemory
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
LocalFree
GetWindowsDirectoryA
InterlockedDecrement
GetVolumeInformationA
DeviceIoControl
HeapFree
HeapAlloc
IsBadReadPtr
CreateDirectoryA
CreateMutexA
ReleaseMutex
InterlockedIncrement
RtlUnwind
RaiseException
GetCurrentThreadId
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
HeapReAlloc
IsBadWritePtr
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
HeapSize
IsBadCodePtr
GetOEMCP
SetStdHandle
FlushFileBuffers
SetEndOfFile
CloseHandle
Sleep

user32

FindWindowA
CharUpperBuffA
MessageBoxA

advapi32

RegOpenKeyExA
RegSetKeySecurity
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegCloseKey
RevertToSelf
ImpersonateSelf
GetUserNameA
RegQueryMultipleValuesW
RegQueryMultipleValuesA
RegQueryValueExW
RegQueryValueExA
RegQueryValueW
RegQueryValueA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegOpenKeyW
RegOpenKeyA
RegCreateKeyExW
RegCreateKeyExA
RegCreateKeyW
RegCreateKeyA

shell32

ShellExecuteExW
ShellExecuteExA
SHGetSpecialFolderPathA
SHGetFolderPathA
SHGetMalloc
ShellExecuteA
ShellExecuteW
SHGetPathFromIDListA
SHGetDesktopFolder

iphlpapi

GetAdaptersInfo

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateGuid
CoCreateInstance
CoSetProxyBlanket

oleaut32

SysFreeString
VariantInit
VariantChangeType
VariantClear
SysAllocString

Exports

Exports

_InitAP2@4
_InitAP@0

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.aecode
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pecode
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aphr
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

799a7ec84fb47d6a772db4c4cebd5bf7

Headers

File Characteristics

Imports

dinput8

kernel32

user32

advapi32

shell32

iphlpapi

ole32

oleaut32

Exports

Exports

Sections

.text Size: 177KB - Virtual size: 177KB

.aecode Size: 38KB - Virtual size: 38KB

.pecode Size: 21KB - Virtual size: 20KB

.rdata Size: 42KB - Virtual size: 41KB

.data Size: 11KB - Virtual size: 19KB

.aphr Size: 4KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 784B

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 177KB - Virtual size: 177KB

.aecode
Size: 38KB - Virtual size: 38KB

.pecode
Size: 21KB - Virtual size: 20KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 11KB - Virtual size: 19KB

.aphr
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 784B

.reloc
Size: 20KB - Virtual size: 19KB