1bf6cbbefb2a2f181877acf32efb14a591939c0764da6d272756d1bec34c3f79

Sharing

Copy URL Twitter E-mail

General

Target

1bf6cbbefb2a2f181877acf32efb14a591939c0764da6d272756d1bec34c3f79
Size

848KB
MD5

09ae48ce977c93738e04e652b032d931
SHA1

6ba998ffba1b95089b4d5a41c2b0b8adf93c4664
SHA256

1bf6cbbefb2a2f181877acf32efb14a591939c0764da6d272756d1bec34c3f79
SHA512

1085673d63a329d7c7837d9204c4fb44f98d3ee2367b581f8e4391e0aa3c681930f187a9f7a764ccdbe3ef72823ef2cad0249a233ecfd3c78d2f81e47164f8e7
SSDEEP

12288:t6/1A6HCFb2DOLZrWUyx5qgMN0fWwyrLt6kST4FOrOsCebsI3IS+jilXpXw:t6/uR2DMZru5qCp4jST44psI3IS+jO+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1bf6cbbefb2a2f181877acf32efb14a591939c0764da6d272756d1bec34c3f79

Files

1bf6cbbefb2a2f181877acf32efb14a591939c0764da6d272756d1bec34c3f79
.exe windows:5 windows x86 arch:x86

8dfb1fdf16637eee99735fba2679ae5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wintrust

WinVerifyTrust

crypt32

CertCloseStore
CertGetNameStringA
CryptMsgGetParam
CertFindCertificateInStore
CertFreeCertificateContext
CryptMsgClose
CryptQueryObject

kernel32

WriteFile
CreateProcessA
GetStdHandle
CreateMutexA
OutputDebugStringA
ReleaseMutex
FreeLibrary
GetProcAddress
LoadLibraryA
FormatMessageA
LocalSize
lstrcpynA
QueryPerformanceCounter
lstrcpyA
GetCommandLineW
TerminateProcess
lstrcatA
GetEnvironmentVariableA
GetShortPathNameA
Process32First
GetCurrentThread
OpenProcess
Process32Next
ProcessIdToSessionId
CreateToolhelp32Snapshot
GlobalAlloc
GlobalFree
GetModuleHandleW
SetEnvironmentVariableA
SetFilePointer
SetLastError
GetFileType
GetCurrentThreadId
SetEndOfFile
SetStdHandle
WaitForSingleObject
GetFileSizeEx
CreateDirectoryW
GetTimeZoneInformation
GetOEMCP
GetACP
IsValidCodePage
SetFilePointerEx
GetConsoleCP
ReadConsoleW
GetConsoleMode
CreateFileW
GetCurrentDirectoryW
lstrlenW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameW
HeapSize
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
AreFileApisANSI
GetModuleHandleExW
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
GetCPInfo
HeapAlloc
IsProcessorFeaturePresent
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
WideCharToMultiByte
FlushFileBuffers
DeleteFileW
OutputDebugStringW
lstrlenA
CreateDirectoryA
ReadFile
GetCurrentProcess
CreateFileA
GetTickCount64
CreateThread
DeleteFileA
GetCurrentProcessId
CloseHandle
FindNextFileA
GetModuleFileNameA
FindClose
lstrcmpiA
FindFirstFileA
CopyFileA
MoveFileExA
DeleteCriticalSection
GetModuleHandleA
DecodePointer
GetLastError
SetCurrentDirectoryA
RaiseException
InitializeCriticalSectionEx
CreateEventA
Sleep
GetTickCount
SetEvent
MultiByteToWideChar
LocalFree
GetCurrentDirectoryA
LocalAlloc
GetFullPathNameW
FindFirstFileExW
GetCommandLineA
HeapReAlloc
HeapFree
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
EncodePointer
GetStringTypeW
WriteConsoleW
LoadLibraryExW

user32

FillRect
PostThreadMessageA
ClientToScreen
EndPaint
GetSysColor
CreatePopupMenu
FrameRect
RegisterClassA
SetDlgItemTextA
GetDlgItemTextA
LoadCursorA
EnableWindow
GetClientRect
PostMessageA
IsWindow
GetClassInfoA
ShowWindow
GetDlgItem
PeekMessageA
MessageBoxA
TranslateMessage
IsDialogMessageA
LoadIconA
RegisterClassExA
CreateDialogParamA
SetTimer
GetMessageA
DestroyMenu
MapWindowPoints
LoadImageA
GetSystemMetrics
SendMessageA
BeginPaint
TrackPopupMenuEx
SetWindowLongA
GetWindowLongA
CreateWindowExA
DispatchMessageA
DefWindowProcA
GetUserObjectInformationW
GetProcessWindowStation
SetFocus
EndDialog
DialogBoxParamA
AppendMenuA

gdi32

CreateSolidBrush
CreateFontA
DeleteObject
GetStockObject

comdlg32

GetSaveFileNameA

advapi32

InitializeSecurityDescriptor
RegSetValueExA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExA
AdjustTokenPrivileges
ImpersonateSelf
LookupPrivilegeValueA
OpenThreadToken
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
SetSecurityDescriptorDacl
RegQueryValueExA
OpenProcessToken

shell32

SHGetFolderPathA
CommandLineToArgvW
ShellExecuteA
SHChangeNotify
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHFileOperationA

ole32

CoTaskMemFree

shlwapi

PathFileExistsA
PathAppendA
PathFindFileNameA
StrStrIW

userenv

GetUserProfileDirectoryA

winhttp

WinHttpCreateUrl
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpConnect
WinHttpGetIEProxyConfigForCurrentUser
WinHttpQueryAuthSchemes
WinHttpAddRequestHeaders
WinHttpSetCredentials
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpSetStatusCallback
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpSendRequest
WinHttpSetOption
WinHttpReceiveResponse
WinHttpReadData

comctl32

InitCommonControlsEx

Sections

.text
Size: 561KB - Virtual size: 561KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8dfb1fdf16637eee99735fba2679ae5b

Headers

DLL Characteristics

File Characteristics

Imports

wintrust

crypt32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

userenv

winhttp

comctl32

Sections

.text Size: 561KB - Virtual size: 561KB

.rdata Size: 206KB - Virtual size: 205KB

.data Size: 19KB - Virtual size: 40KB

.rsrc Size: 25KB - Virtual size: 24KB

.reloc Size: 35KB - Virtual size: 34KB

.text
Size: 561KB - Virtual size: 561KB

.rdata
Size: 206KB - Virtual size: 205KB

.data
Size: 19KB - Virtual size: 40KB

.rsrc
Size: 25KB - Virtual size: 24KB

.reloc
Size: 35KB - Virtual size: 34KB