b1ff1451c947311f7841f5958213d65a5b33423d7bc751202cb1fcd0bc61cfc1

Sharing

Copy URL

Twitter E-mail

General

Target

b1ff1451c947311f7841f5958213d65a5b33423d7bc751202cb1fcd0bc61cfc1
Size

226KB
MD5

f61c7b1a264cec5ccdf9df00ab136b05
SHA1

3aa84e4727bec8bb3c26c6b0fbdc55c25ddfcdf8
SHA256

b1ff1451c947311f7841f5958213d65a5b33423d7bc751202cb1fcd0bc61cfc1
SHA512

e8e29bb4118e061f49d0d27c178e3d01edf880fdf18fd39f9341e499196e0929cc4845578742d7da5ba4fd42d72487fa81fe826e3b2b746910d4698b9929f10a
SSDEEP

3072:HybKG/Rtu5I0f9fy/XZ8ptYKA1gyJ/7sz+X7iAVCXopM5gYK:HkRtu5nfmOpCXT/hUQIi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

b1ff1451c947311f7841f5958213d65a5b33423d7bc751202cb1fcd0bc61cfc1

resource
b1ff1451c947311f7841f5958213d65a5b33423d7bc751202cb1fcd0bc61cfc1

Files

b1ff1451c947311f7841f5958213d65a5b33423d7bc751202cb1fcd0bc61cfc1
.exe windows:5 windows x86 arch:x86

cc8544457f715a34dc50ce2ce59c3fdc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadStringPtrW
TlsGetValue
OpenJobObjectA
CreateDirectoryW
InterlockedCompareExchange
CreateHardLinkA
GetSystemDefaultLCID
GetWindowsDirectoryA
EnumResourceTypesA
GlobalFindAtomA
LoadLibraryW
GetConsoleAliasW
IsBadWritePtr
GetLastError
SetLastError
FindResourceA
SetFileAttributesA
GetDiskFreeSpaceW
LoadLibraryA
LocalAlloc
GlobalHandle
GetOEMCP
FindFirstVolumeMountPointA
LoadLibraryExA
OpenFileMappingA
CommConfigDialogW
SetStdHandle
GetComputerNameA
GetProcAddress
GetSystemDefaultLangID
MultiByteToWideChar
DecodePointer
EncodePointer
HeapReAlloc
GetModuleHandleW
ExitProcess
GetCommandLineA
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
IsValidCodePage
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
HeapCreate
HeapFree
HeapAlloc
WriteFile
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
LCMapStringW
GetStringTypeW
RtlUnwind
HeapSize
RaiseException
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
CloseHandle
WriteConsoleW
CreateFileW

user32

GetCaretPos
CloseWindow
GetKeyboardLayoutNameA
DdeCmpStringHandles

advapi32

ClearEventLogA
BackupEventLogW

Sections

.text
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc8544457f715a34dc50ce2ce59c3fdc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 135KB - Virtual size: 135KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 45KB - Virtual size: 76KB

.rsrc Size: 25KB - Virtual size: 24KB

.text
Size: 135KB - Virtual size: 135KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 45KB - Virtual size: 76KB

.rsrc
Size: 25KB - Virtual size: 24KB