1bfef7e99221a4583a8333bcd1dcd796290d379f920348facf63709a94aba74bN

Sharing

Copy URL Twitter E-mail

General

Target

1bfef7e99221a4583a8333bcd1dcd796290d379f920348facf63709a94aba74bN
Size

316KB
MD5

f7856fc99b05d6f55c9763caf8886280
SHA1

b76403d5dd708c8c8e6847675e89cffc394a08ae
SHA256

1bfef7e99221a4583a8333bcd1dcd796290d379f920348facf63709a94aba74b
SHA512

77a5ca25448fa97d3cfd3f1292122229b19390d48688c3fd2fa08a975005697b1dec0859c24ccf2d166151f307aa73f284ea8cad77bf355e16aa06f18b96e27c
SSDEEP

6144:QgMdxELT74WguP7eJ85VlGerWGFSb8p6M3CxQuYZTbPQnodj519ZEA:QgKxEv741uPCc+Gob8VZvPLD5EA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1bfef7e99221a4583a8333bcd1dcd796290d379f920348facf63709a94aba74bN

Files

1bfef7e99221a4583a8333bcd1dcd796290d379f920348facf63709a94aba74bN
.exe windows:4 windows x86 arch:x86

fe4ab11e3273c82943f97651c423d004

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetAtomNameA
GetEnvironmentVariableA
GetVersion
GetModuleHandleW
Sleep
SetCommMask
lstrcmpA
ExitProcess
GetLongPathNameW
ExpandEnvironmentStringsW
SetSystemTime
GetModuleHandleA
GetCurrentThread
GetProcessAffinityMask
GetCurrentProcess
VirtualAlloc
WideCharToMultiByte
GetTempPathW
GetProcessHeap
GetLastError
SetThreadAffinityMask
GetCurrentThreadId
GetACP
Process32FirstW
Module32First
GetCommandLineA
GetModuleFileNameA
GetCurrentProcessId
OpenFileMappingA
GetCommandLineW
SetConsoleCP

iashlpr

ShutdownIas
DoRequest
AllocateAttributes
MemFreeIas
FreeAttributes

msvcrt

_setjmp
_lseeki64
iswcntrl
__p__iob
fgetpos
??0exception@@QAE@XZ
_execl
__p__osver
_wpopen
_access
rand
towlower
_chdir
exit

user32

ShowOwnedPopups
CharToOemA
WaitMessage
GetDC
GetMessageTime
GrayStringW
GetWindowTextA
DialogBoxIndirectParamAorW
GetSystemMetrics
PrivateExtractIconsW

msi

ord173
ord145
ord32
ord121
ord51
ord92
ord66
ord19
ord17
ord175
ord228
ord103
ord81

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.textbs
Size: 155KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 134KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe4ab11e3273c82943f97651c423d004

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

iashlpr

msvcrt

user32

msi

Sections

.text Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 33KB

.textbs Size: 155KB - Virtual size: 225KB

DATA Size: 134KB - Virtual size: 209KB

.rsrc Size: 18KB - Virtual size: 17KB

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 33KB

.textbs
Size: 155KB - Virtual size: 225KB

DATA
Size: 134KB - Virtual size: 209KB

.rsrc
Size: 18KB - Virtual size: 17KB