1ba9d759ed8baa4a119f45345476b4fe257325826d1427b4144a146af28b6dc0

Sharing

Copy URL Twitter E-mail

General

Target

1ba9d759ed8baa4a119f45345476b4fe257325826d1427b4144a146af28b6dc0
Size

60KB
MD5

87c824c8f4c55d15ffd446ad92cb181e
SHA1

19ad6dcd9990ac88b5df129a534f475f463a7307
SHA256

1ba9d759ed8baa4a119f45345476b4fe257325826d1427b4144a146af28b6dc0
SHA512

006dc2c343fe88077bf25f669de39b3a4bc7af908aea370bd06909c5ff0b1a55c351b929adc8858f1397069c0993bbc11d38003da5c03facb20ad3bbc71eb02b
SSDEEP

768:L3971vBjONdlJ25ujaZXs6HbTEhmElVPhNcW53U4jW5KuSYpTyZpMhs48:b9Bpjs25dZXs6Hb1EzcWOAW3Ns48

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ba9d759ed8baa4a119f45345476b4fe257325826d1427b4144a146af28b6dc0

Files

1ba9d759ed8baa4a119f45345476b4fe257325826d1427b4144a146af28b6dc0
.exe windows:4 windows x86 arch:x86

6e53a1f1b768d13c123a853e84e12149

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetConsoleCtrlHandler
IsDebuggerPresent
InterlockedExchange
GetModuleHandleW
GetCommandLineW
SetEvent
CreateDirectoryW
Sleep
CopyFileW
GetTickCount
GetFileAttributesW
GetModuleFileNameW
CreateProcessW
CloseHandle
GetLocalTime
CreateEventW
GetACP
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringW
GetStartupInfoW
GetStdHandle
SetConsoleTitleW
SetConsoleTextAttribute
SetConsoleWindowInfo
LocalFree
LoadLibraryW
GetProcAddress
FreeLibrary
GetSystemTimeAsFileTime
CreateSemaphoreW
CreateFileMappingW
MapViewOfFile
GetLastError
FormatMessageW
UnmapViewOfFile
ResetEvent
GetFileAttributesExW
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedIncrement
WaitForSingleObject

mfc42u

ord6865
ord6868
ord5852
ord561
ord815
ord665
ord1971
ord6381
ord353
ord800
ord536
ord540
ord2606
ord668
ord1972
ord2810
ord3176
ord922
ord858
ord3313
ord3180
ord4053
ord2773
ord2762
ord356
ord942
ord538
ord861
ord1568
ord6006
ord825
ord823
ord5438
ord3658
ord5436
ord6379
ord5446
ord6390
ord801
ord541
ord535
ord941
ord940
ord5857
ord925
ord6055
ord690
ord2914
ord1980
ord5351
ord5804
ord1075
ord5198
ord3224
ord389
ord1225
ord6860
ord5352
ord5201
ord2385

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__p___winitenv
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
wcsncmp
wcstod
printf
srand
rand
_putws
wcslen
time
wcscat
wcschr
_iob
fputwc
setlocale
wcsrchr
wprintf
wcscmp
wcscpy
_wsplitpath
_wmakepath
_i64tow
swprintf
__CxxFrameHandler
_wtoi64
_i64toa
_snprintf
_wtoi

msvcp60

??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?wcout@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBG@Z
?endl@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@1@AAV21@@Z

advapi32

FreeSid
AllocateAndInitializeSid
OpenEventLogW
CloseEventLog
ReportEventW

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e53a1f1b768d13c123a853e84e12149

Headers

File Characteristics

Imports

kernel32

mfc42u

msvcrt

msvcp60

advapi32

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 8KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 160B

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 160B