1dfdbbd213455996a83a5b875c74da6f

Sharing

Copy URL Twitter E-mail

General

Target

1dfdbbd213455996a83a5b875c74da6f
Size

123KB
MD5

1dfdbbd213455996a83a5b875c74da6f
SHA1

f9bf432a4f40df3d1d86198cccd0843a134f915f
SHA256

6d661e63d51d2b38c40d7a16d0cd957a125d397e13b1e50280c3d06bc26bb315
SHA512

6fc7b6b1d02ee1a4c71336024fe5c55dfe33c819c602b5cda6f2eaef4ee3983a25e5a2000ca6bbd043d8f56da4a67e3bacfe3c96328404b00f6b7a75a2ff29ec
SSDEEP

3072:Jq4stdIzRevKMpk6o1SJL1aKkUY2IR5QTwFR:Jq4cdINWSSJL1a1U1kR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1dfdbbd213455996a83a5b875c74da6f

Files

1dfdbbd213455996a83a5b875c74da6f
.exe windows:5 windows x86 arch:x86

9f09c80afc4219c6edd3e0f82f2640d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Imports

kernel32

SetThreadContext
WriteProcessMemory
GetThreadContext
CreateProcessW
Sleep
GetModuleFileNameW
GetTickCount
GetLastError
DeleteFileW
CopyFileW
CloseHandle
WaitForSingleObject
GetStdHandle
CreateFileW
MoveFileW
CreateDirectoryW
VirtualProtectEx
GetComputerNameA
SetThreadPriority
CreateThread
CreateMutexW
GetProcessHeap
SetEndOfFile
CreateFileA
RaiseException
MultiByteToWideChar
ResumeThread
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
HeapSize
SetFilePointer
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapFree
HeapAlloc
GetModuleHandleW
GetProcAddress
ExitProcess
GetStartupInfoW
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
WriteFile
GetModuleFileNameA
GetModuleHandleA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
RtlUnwind
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage

user32

TranslateMessage
PostQuitMessage
EndPaint
BeginPaint
DefWindowProcW
RegisterClassExW
LoadCursorW
DispatchMessageW
GetMessageW
CreateWindowExW

advapi32

GetUserNameA

shell32

SHGetFolderPathW
ShellExecuteExW
ShellExecuteW

ws2_32

send
recv
WSAStartup
socket
connect
htons
closesocket
gethostbyname

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9f09c80afc4219c6edd3e0f82f2640d6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ws2_32

Sections

.text Size: 98KB - Virtual size: 97KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 12KB - Virtual size: 1.4MB

.text
Size: 98KB - Virtual size: 97KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 12KB - Virtual size: 1.4MB