1ecd6a1ab642bae43dc6f3cd6d1c9a8adc363d064eed6dbf2b8d7b4334172281

Sharing

Copy URL

Twitter E-mail

General

Target

1ecd6a1ab642bae43dc6f3cd6d1c9a8adc363d064eed6dbf2b8d7b4334172281
Size

4.8MB
MD5

8dc8ac0a536235c5516c0e4ce8d36c39
SHA1

e26fbef0db640e0c4889f51ca3632410c3e5c941
SHA256

1ecd6a1ab642bae43dc6f3cd6d1c9a8adc363d064eed6dbf2b8d7b4334172281
SHA512

5936e8065e62f7619e30659f5b66bf578b6d31fa64170429592f6553edd76f23e9214d37b8a4a1dc237361590dc6d5f98f19b7c47c3746e9f5bc359a2a969451
SSDEEP

98304:wuph1v9N7Cydxh0JmNzHgwlg6Zu4ZWmIybfRvJ:rph1v9dCydxhDlg6hZ3f5J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ecd6a1ab642bae43dc6f3cd6d1c9a8adc363d064eed6dbf2b8d7b4334172281

Files

1ecd6a1ab642bae43dc6f3cd6d1c9a8adc363d064eed6dbf2b8d7b4334172281
.exe windows:6 windows x86 arch:x86

dfc9a4fc8c7391c0677168c18abf6d83

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\Desktop\channel_gen\9\temp_build\temp_target.pdb

Imports

rpcrt4

UuidCreateSequential

shlwapi

PathFindFileNameA
PathStripPathA
SHCreateStreamOnFileEx
PathFileExistsA

kernel32

FreeLibrary
GetModuleHandleW
LoadLibraryW
QueryPerformanceCounter
WaitForSingleObjectEx
CompareFileTime
GetEnvironmentVariableA
GetStdHandle
PeekNamedPipe
WaitForMultipleObjects
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetSystemDirectoryA
GetSystemInfo
VirtualAlloc
VirtualFree
GetCurrentThreadId
SwitchToFiber
DeleteFiber
CreateFiberEx
ConvertFiberToThread
ConvertThreadToFiberEx
FindClose
FindFirstFileW
FindNextFileW
GetSystemTime
GetVersionExW
GetCurrentProcess
GlobalMemoryStatus
GetProcessAffinityMask
FileTimeToDosDateTime
DosDateTimeToFileTime
FileTimeToLocalFileTime
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
SetEndOfFile
GetCurrentDirectoryW
CreateDirectoryW
GetTempPathW
LeaveCriticalSection
QueryPerformanceFrequency
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
lstrcpyA
EnterCriticalSection
SetStdHandle
HeapReAlloc
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
GetConsoleOutputCP
GetModuleFileNameW
SetConsoleCtrlHandler
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
GetCommandLineA
GetTimeZoneInformation
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
OutputDebugStringW
GetCPInfo
CompareStringEx
GetStringTypeW
GetLocaleInfoEx
LCMapStringEx
EncodePointer
InitOnceBeginInitialize
InitOnceComplete
GetCPInfoExW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemDirectoryW
SleepEx
FreeEnvironmentStringsW
lstrcpynA
lstrcmpiA
GetLocalTime
IsDBCSLeadByte
VerifyVersionInfoW
GetCurrentProcessId
VerSetConditionMask
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
InitializeCriticalSectionEx
FormatMessageW
GetFullPathNameW
SetLastError
FormatMessageA
SystemTimeToFileTime
SetFileTime
LocalFileTimeToFileTime
WriteConsoleW
HeapSize
GetProcessHeap
SetEnvironmentVariableW
GetCommandLineW
GetModuleFileNameA
MoveFileA
Process32First
GetFileAttributesA
MulDiv
GetACP
GlobalLock
GlobalUnlock
GetFileSize
GetCurrentDirectoryA
SetFilePointerEx
GetFileTime
GetFileSizeEx
LocalFree
GetTickCount
WriteFile
GetFileType
CreateFileW
GetFileAttributesW
SetFileAttributesW
GetFileAttributesExW
DeleteFileW
MoveFileExW
VirtualQuery
WideCharToMultiByte
GlobalFree
GlobalAlloc
CreateFileA
MultiByteToWideChar
SetFilePointer
ReadFile
CreateDirectoryA
DeleteFileA
CopyFileA
GetSystemTimeAsFileTime
InitializeCriticalSection
LoadResource
LockResource
LoadLibraryA
GetLastError
FreeResource
CreateMutexA
FindResourceA
SizeofResource
lstrlenA
AllocConsole
CreateProcessA
ExitProcess
GetProcAddress
CreateThread
CloseHandle
Process32Next
GetTempPathA
Sleep
CreateToolhelp32Snapshot
OpenProcess
GetModuleHandleA
TerminateProcess
FindFirstFileExW

user32

ClientToScreen
GetCaretPos
SetCaretPos
ShowCaret
InvalidateRgn
GetGUIThreadInfo
IsWindowEnabled
GetKeyNameTextA
MapVirtualKeyExA
CharPrevExA
GetProcessWindowStation
GetUserObjectInformationW
UpdateWindow
MessageBoxW
CreateAcceleratorTableA
EqualRect
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
GetKeyboardLayout
FindWindowA
PostQuitMessage
KillTimer
SendMessageA
MessageBoxA
SetTimer
ShowWindow
HideCaret
GetCaretBlinkTime
CreateCaret
TrackPopupMenu
AppendMenuA
EnableMenuItem
DestroyMenu
CreatePopupMenu
CharUpperW
SetRect
FillRect
DrawTextW
DrawTextA
SetForegroundWindow
GetMessageA
TranslateMessage
DispatchMessageA
PostMessageA
CreateWindowExA
IsWindow
DestroyWindow
SetWindowPos
IsWindowVisible
IsIconic
IsZoomed
CharNextA
SetFocus
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
GetDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetWindowRect
GetCursorPos
ScreenToClient
MapWindowPoints
GetSysColor
IntersectRect
UnionRect
OffsetRect
IsRectEmpty
PtInRect
GetWindowLongA
SetWindowLongA
GetParent
GetWindow
LoadImageA
MonitorFromWindow
GetMonitorInfoA
SetWindowRgn
SetCursor
InflateRect
LoadCursorA
wsprintfA
DefWindowProcA
CallWindowProcA
RegisterClassA
CharPrevA
GetWindowRgn
RegisterClassExA
RegisterClassExW
GetClassInfoExA
GetClassInfoExW
CreateWindowExW
EnableWindow
SetPropA
GetPropA
UpdateLayeredWindow
MoveWindow

gdi32

AddFontMemResourceEx
GetStockObject
GetDeviceCaps
DeleteObject
RemoveFontMemResourceEx
CreatePen
CreateFontIndirectA
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
Rectangle
RestoreDC
SaveDC
SelectObject
CloseEnhMetaFile
CreateEnhMetaFileA
GetEnhMetaFileHeader
PlayEnhMetaFile
GetTextMetricsA
GetObjectA
SetWindowOrgEx
CreateRoundRectRgn
CreateRectRgn
PtInRegion
CreateDIBSection
CombineRgn
CreatePenIndirect
CreateSolidBrush
GetCharABCWidthsA
GetClipBox
GetTextExtentPoint32A
LineTo
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
MoveToEx
TextOutA
GdiFlush
CreatePatternBrush
GetTextExtentPointA
GetBitmapBits
SetBitmapBits
DeleteDC
CreateRectRgnIndirect

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
GetSecurityInfo
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
RegCloseKey

shell32

SHFileOperationW
SHCreateDirectoryExW
DragQueryFileA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA
ShellExecuteA
CommandLineToArgvW

ole32

OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
DoDragDrop
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

SysAllocStringLen
SysFreeString
VariantInit
VariantClear
SysAllocString
VariantCopy

comctl32

InitCommonControlsEx
ord17
_TrackMouseEvent

gdiplus

GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFillPath
GdipFillRectangleI
GdipDrawPath
GdipDrawRectangleI
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipAddPathArc
GdipAddPathLine
GdipDeletePath
GdipCreatePath
GdipFree
GdipAlloc
GdiplusShutdown
GdiplusStartup

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

ws2_32

getaddrinfo
freeaddrinfo
recvfrom
sendto
ioctlsocket
listen
gethostbyaddr
getservbyport
getservbyname
shutdown
htons
htonl
accept
select
__WSAFDIsSet
WSACleanup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
WSAGetLastError
getsockopt
getsockname
getpeername
connect
bind
inet_ntoa
recv
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
WSAStartup
gethostname
gethostbyname
inet_addr

wldap32

ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord117
ord41
ord208
ord216
ord14
ord46
ord219
ord145

crypt32

CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertGetIntendedKeyUsage
CertOpenSystemStoreW
CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertGetEnhancedKeyUsage

iphlpapi

SendARP
GetAdaptersInfo

bcrypt

BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptEncrypt
BCryptDestroyKey
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDestroyHash
BCryptGenRandom
BCryptDeriveKeyPBKDF2

Exports

Exports

zip_close
zip_compression_method_supported
zip_delete
zip_dir_add
zip_discard
zip_encryption_method_supported
zip_error_code_system
zip_error_code_zip
zip_error_fini
zip_error_init
zip_error_init_with_code
zip_error_set
zip_error_strerror
zip_error_system_type
zip_error_to_data
zip_error_to_str
zip_fclose
zip_file_add
zip_file_attributes_init
zip_file_get_comment
zip_file_rename
zip_file_replace
zip_file_set_comment
zip_file_set_external_attributes
zip_fopen_index
zip_fopen_index_encrypted
zip_fread
zip_get_archive_comment
zip_get_name
zip_get_num_entries
zip_name_locate
zip_open
zip_open_from_source
zip_register_cancel_callback_with_state
zip_register_progress_callback
zip_register_progress_callback_with_state
zip_secure_random
zip_set_archive_comment
zip_set_file_compression
zip_source_begin_write
zip_source_begin_write_cloning
zip_source_buffer
zip_source_buffer_create
zip_source_buffer_fragment
zip_source_buffer_fragment_create
zip_source_close
zip_source_commit_write
zip_source_error
zip_source_file
zip_source_file_create
zip_source_free
zip_source_function
zip_source_function_create
zip_source_get_file_attributes
zip_source_keep
zip_source_make_command_bitmap
zip_source_open
zip_source_read
zip_source_rollback_write
zip_source_seek
zip_source_seek_compute_offset
zip_source_seek_write
zip_source_stat
zip_source_tell
zip_source_tell_write
zip_source_win32handle
zip_source_win32handle_create
zip_source_win32w
zip_source_win32w_create
zip_source_window_create
zip_source_write
zip_stat_index
zip_stat_init
zip_unchange

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 923KB - Virtual size: 923KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dfc9a4fc8c7391c0677168c18abf6d83

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

gdiplus

imm32

ws2_32

wldap32

crypt32

iphlpapi

bcrypt

Exports

Exports

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 923KB - Virtual size: 923KB

.data Size: 35KB - Virtual size: 91KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 168KB - Virtual size: 167KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 923KB - Virtual size: 923KB

.data
Size: 35KB - Virtual size: 91KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 168KB - Virtual size: 167KB