6b8f5e1a7812b33c0c4fc01dc38ab4f38f751c85b4c27756b10eff4e580be9e2

Sharing

Copy URL

Twitter E-mail

General

Target

6b8f5e1a7812b33c0c4fc01dc38ab4f38f751c85b4c27756b10eff4e580be9e2
Size

380KB
MD5

2bb94de1c52ab05bce710ebf9cdde616
SHA1

1885a417d8949ee537d41e64d96f0ec32764e250
SHA256

6b8f5e1a7812b33c0c4fc01dc38ab4f38f751c85b4c27756b10eff4e580be9e2
SHA512

a668a3754b4476649d8a0e52d2441899df87bd7122a2efb36bcb88a3e44b1c8699bd281a5ad2c19b0fe4e38a35974f7954c70411b4e4668cefe8f2f2d39e8736
SSDEEP

3072:vZVPvDMr/nDJKJ721P7I/gH71wUBJFcx39igHgjtakKRDxVH97lTB:vZ1QLDYMjIYb1lftjtNSx59x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6b8f5e1a7812b33c0c4fc01dc38ab4f38f751c85b4c27756b10eff4e580be9e2

Files

6b8f5e1a7812b33c0c4fc01dc38ab4f38f751c85b4c27756b10eff4e580be9e2
.exe windows x86

1bfb75ff24c0cf1cbea3e632463ead91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
GetTokenInformation
OpenProcessToken
GetSidSubAuthorityCount
GetSidSubAuthority
IsValidSid
ConvertSidToStringSidW

kernel32

LoadResource
FindResourceExW
LocalFree
LockResource
GetUserDefaultUILanguage
CreateThread
GetExitCodeThread
WaitForSingleObject
Sleep
GetCommandLineW
CreateMutexW
InterlockedIncrement
GetProcAddress
FreeLibrary
InterlockedDecrement
LoadLibraryW
ExpandEnvironmentStringsW
lstrlenW
CloseHandle
UnhandledExceptionFilter
GetCurrentThreadId
lstrcmpW
GetLastError
FormatMessageW
ReadFile
WriteFile
GetCurrentProcess
CreateFileW
CreateProcessW
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess

gdi32

GetLayout
SetPixel
GetDeviceCaps
DeleteObject
CreateFontIndirectW
LineDDA
LineTo
MoveToEx
CreatePen
SetBkColor
SetTextColor
SelectObject
ExtTextOutW

user32

SetForegroundWindow
GetLastActivePopup
FindWindowW
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
PostMessageW
SetWindowPos
CreateWindowExW
SystemParametersInfoW
ScreenToClient
DialogBoxIndirectParamW
ReleaseDC
GetDC
PeekMessageW
TranslateMessage
DispatchMessageW
IsWindow
SetDlgItemTextW
FindWindowExW
LoadImageW
GetSysColorBrush
FillRect
GetSysColor
GetMessagePos
CharLowerW
SetTimer
KillTimer
MessageBoxW
GetWindowLongW
SetWindowLongW
InvalidateRect
UpdateWindow
ShowWindow
ReleaseCapture
SetCapture
SetFocus
IsWindowEnabled
ChildWindowFromPointEx
GetWindowRect
PtInRect
LoadCursorW
SetCursor
GetSystemMetrics
CreatePopupMenu
GetWindowTextW
InsertMenuW
ClientToScreen
TrackPopupMenu
DestroyMenu
GetParent
GetDlgItem
SendMessageW
EnableWindow
GetDlgItemTextW
SetWindowTextW
EndDialog
GetClientRect

msvcrt

_controlfp
_except_handler4_common
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_vsnwprintf
memset
__CxxFrameHandler3
_purecall
memcpy
memcpy_s
_XcptFilter
_exit
_cexit
__getmainargs
malloc
_callnewh
free
strstr
wcsstr
_wtoi
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
memmove_s

imm32

ImmDisableIME

shell32

ShellExecuteW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

comctl32

ImageList_Destroy
ImageList_GetImageInfo
ord17
PropertySheetW
ImageList_Draw
ImageList_EndDrag
ImageList_DragLeave
ImageList_DragShowNolock
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragMove

oleaut32

SysFreeString

ole32

CoUninitialize
StringFromCLSID
CoTaskMemFree
CLSIDFromString
CoCreateInstance
CoInitialize

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tcfyctt
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1bfb75ff24c0cf1cbea3e632463ead91

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

imm32

shell32

comdlg32

comctl32

oleaut32

ole32

Sections

.text Size: 59KB - Virtual size: 59KB

.data Size: 20KB - Virtual size: 24KB

.rsrc Size: 268KB - Virtual size: 267KB

.reloc Size: 31KB - Virtual size: 33KB

tcfyctt Size: - Virtual size: 4KB

.text
Size: 59KB - Virtual size: 59KB

.data
Size: 20KB - Virtual size: 24KB

.rsrc
Size: 268KB - Virtual size: 267KB

.reloc
Size: 31KB - Virtual size: 33KB

tcfyctt
Size: - Virtual size: 4KB