1f8806869616c18cbae9ffcf581c0428915d32fb70119df16d08078d92d1a5e3[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

1f8806869616c18cbae9ffcf581c0428915d32fb70119df16d08078d92d1a5e3.exe
Size

177KB
MD5

fd2d00b51e140543cfb5dc7a6e6197ab
SHA1

4f13c3b9602da4c86230df3dda0cd008d0a8a503
SHA256

1f8806869616c18cbae9ffcf581c0428915d32fb70119df16d08078d92d1a5e3
SHA512

5f13d8a1b8ab86f933d93204a11994fc5c6d76225881a055e2952d19e69a36ba6d476ea427524df265726a8c8ecca9e5de95d789ae63d174b530c4779aa515fb
SSDEEP

3072:DGE6xMl7e33J09W88647LgQC3PRYSnNFKh2:C9xA63un8bgXRB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f8806869616c18cbae9ffcf581c0428915d32fb70119df16d08078d92d1a5e3.exe

Files

1f8806869616c18cbae9ffcf581c0428915d32fb70119df16d08078d92d1a5e3.exe
.exe windows:5 windows x86 arch:x86

6b6a58ed6f8692391c8a2472bba4b336

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\HeldBaby\RopePart\Createsurface\upopen\Threealways\Irontest\dealyouReal.pdb

Imports

kernel32

CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
DeleteFileA
GetCurrentProcessId
ReleaseMutex
DuplicateHandle
GetFileTime
GetCurrentDirectoryA
CreateMutexA
FindFirstChangeNotificationA
GetModuleFileNameA
GetModuleHandleA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
OpenMutexA
ResetEvent
VirtualProtectEx
GetEnvironmentVariableA
GetSystemDirectoryA
Sleep
GetWindowsDirectoryA
GetCurrentThread
MoveFileExA
PeekNamedPipe
GetLocaleInfoW
lstrcmpA
HeapSize
CloseHandle
SetFilePointer
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapReAlloc
VirtualAlloc
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
WriteFile
ExitProcess
HeapAlloc
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
GetCPInfo
RaiseException
GetLastError
HeapFree
RtlUnwind
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId

user32

DrawIcon
IsWindowEnabled
GetWindowTextLengthA
GetClassNameA
ClientToScreen
CheckMenuRadioItem
FrameRect
DispatchMessageA
RegisterClassExA
LoadImageA
SystemParametersInfoA

comctl32

_TrackMouseEvent
ImageList_DragLeave
ImageList_BeginDrag
ord17

comdlg32

GetOpenFileNameA
ChooseColorA
GetSaveFileNameA

shlwapi

PathAppendA
SHRegWriteUSValueA
SHRegCloseUSKey
SHRegCreateUSKeyA

crypt32

CertDeleteCertificateFromStore
CertStrToNameA
CertOpenStore
CertAddEncodedCertificateToStore
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertCreateSelfSignCertificate
CertFreeCertificateContext
CertGetCertificateChain
CertCreateCertificateContext
CryptHashCertificate

pdh

PdhLookupPerfIndexByNameA
PdhSetDefaultRealTimeDataSource
PdhParseCounterPathA
PdhGetRawCounterValue
PdhMakeCounterPathA
PdhSetLogSetRunID
PdhGetDataSourceTimeRangeH
PdhGetFormattedCounterValue
PdhSelectDataSourceA
PdhSetQueryTimeRange
PdhRemoveCounter
PdhGetDefaultPerfCounterHA
PdhGetLogSetGUID
PdhFormatFromRawValue
PdhGetDefaultPerfCounterA
PdhOpenLogA
PdhGetDataSourceTimeRangeA
PdhOpenQueryA
PdhGetCounterTimeBase
PdhReadRawLogRecord
PdhGetRawCounterArrayA
PdhGetDefaultPerfObjectA
PdhGetFormattedCounterArrayA
PdhLookupPerfNameByIndexA
PdhSetCounterScaleFactor
PdhGetDefaultPerfObjectHA
PdhGetDllVersion
PdhGetLogFileSize
PdhOpenQueryH
PdhParseInstanceNameA
PdhGetCounterInfoA

Sections

.text
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 1012KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b6a58ed6f8692391c8a2472bba4b336

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

comctl32

comdlg32

shlwapi

crypt32

pdh

Sections

.text Size: 155KB - Virtual size: 154KB

.data Size: 6KB - Virtual size: 1012KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 155KB - Virtual size: 154KB

.data
Size: 6KB - Virtual size: 1012KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 12KB - Virtual size: 12KB