1eff21ae9ea4ad830ea0f7ad83552180N

Sharing

Copy URL Twitter E-mail

General

Target

1eff21ae9ea4ad830ea0f7ad83552180N
Size

134KB
MD5

1eff21ae9ea4ad830ea0f7ad83552180
SHA1

3d70ad8c7bf9c05bc30b2f9b23fd9ec05784410f
SHA256

f3278c36c733d6e05154f8f93f74a8cc9e81dcfcf1c4e0eb8f175ea3204a3a32
SHA512

760db28510a753423f1dc6a0585310200ddc7d2d617befcb5fcb333e1cbf6b5eba607859628f7e9c83697d55c96a3983b46b0b0ae2fd03af2c8ee4052e5c1cc9
SSDEEP

3072:WlWHLzlGgauiPEcQn6jpaBxKqQ4PlJlsWFakUgqpn2vw:W0HLAgNisH68dvkPRnqw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1eff21ae9ea4ad830ea0f7ad83552180N

Files

1eff21ae9ea4ad830ea0f7ad83552180N
.exe windows:4 windows x86 arch:x86

1b4388e08549223eedf0668aca7ba065

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\XLStartKankan\Release\XLStartKankan.pdb

Imports

kernel32

GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetCurrentProcess
MoveFileA
DeleteFileA
GetModuleFileNameA
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryA
VirtualFreeEx
GetExitCodeThread
WaitForSingleObject
CreateRemoteThread
GetThreadLocale
VirtualAllocEx
OpenProcess
CloseHandle
GetModuleHandleA
Process32Next
Process32First
CreateToolhelp32Snapshot
Module32Next
Module32First
GetLastError
FlushFileBuffers
SetStdHandle
SetFilePointer
GetSystemInfo
GetLocaleInfoA
GetACP
WriteProcessMemory
InterlockedExchange
VirtualProtect
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapFree
ExitProcess
RtlUnwind
GetCommandLineA
HeapAlloc
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
VirtualQuery
GetOEMCP
GetCPInfo
LCMapStringA
WideCharToMultiByte
LCMapStringW
TerminateProcess
HeapSize
WriteFile
GetStdHandle
UnhandledExceptionFilter

user32

FindWindowA
SendMessageTimeoutA
RegisterWindowMessageA
FindWindowExA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

shell32

ShellExecuteA

ole32

CoUninitialize
CoInitialize

oleaut32

SysAllocStringLen
SysFreeString

shlwapi

PathAppendA
PathFindFileNameA
PathFileExistsA
PathRemoveFileSpecA

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1b4388e08549223eedf0668aca7ba065

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 36KB - Virtual size: 32KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 76KB - Virtual size: 76KB

.text
Size: 36KB - Virtual size: 32KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 76KB - Virtual size: 76KB