6dcce825c476e5329299ac78c8d10e5f01a4ca034d3c1474d54f2fdf74457df5

Sharing

Copy URL Twitter E-mail

General

Target

6dcce825c476e5329299ac78c8d10e5f01a4ca034d3c1474d54f2fdf74457df5
Size

1.2MB
MD5

03d5a0d3f0b25b77b4fc17ed52345083
SHA1

bb4f6515c51daed125a20ce0a6520603cd745087
SHA256

6dcce825c476e5329299ac78c8d10e5f01a4ca034d3c1474d54f2fdf74457df5
SHA512

15bf516fbb4451a6637538b8fb281c2381a720c37fa05ee9992091b98e5f4477395891d531aa1b5147080f1136528802c8c0dbfe26315f3d707a1edda8085271
SSDEEP

24576:sodLs/HI52UTJes5OGLEh2UwlZI1ncWB4fGHTL9EB:sodwaRF75GoI1ncJfGHTJEB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6dcce825c476e5329299ac78c8d10e5f01a4ca034d3c1474d54f2fdf74457df5

Files

6dcce825c476e5329299ac78c8d10e5f01a4ca034d3c1474d54f2fdf74457df5
.dll windows x86

a00d1d5227ca74e2e83b6639d408cf4c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32Next
GetCurrentProcess
OpenProcess
TerminateProcess
GetLocaleInfoA
GetDateFormatA
GetTimeFormatA
LocalAlloc
LocalFree
LocalSize
CreateWaitableTimerA
SetWaitableTimer
lstrcpynA
QueryDosDeviceW
GetTickCount
lstrlenA
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
WaitForSingleObject
CloseHandle
GetStartupInfoA
GetPrivateProfileStringA
GetUserDefaultLCID
WriteFile
CreateFileA
WritePrivateProfileStringA
Sleep
ReadFile
GetFileSize
GetLocalTime
CreateDirectoryA
DeleteFileA
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
LCMapStringA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Process32First
CreateToolhelp32Snapshot
GlobalFree
RtlMoveMemory
GlobalSize
GlobalUnlock
GlobalLock
GlobalAlloc
FindClose
FindFirstFileW
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
CreateProcessA
lstrcpyn

user32

MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
MessageBeep
GetSystemMetrics
GetDoubleClickTime
GetDesktopWindow
GetDC
CloseClipboard
mouse_event
SetCursorPos
FindWindowExA
SendMessageA
ExitWindowsEx
EnumChildWindows
GetClassNameA
MsgWaitForMultipleObjects
ReleaseDC
SetClipboardData
SetForegroundWindow
keybd_event
IsWindowVisible
GetWindowThreadProcessId
GetParent
GetWindowTextLengthW
GetWindowTextW
GetWindowRect
OpenClipboard
EmptyClipboard
ClientToScreen

gdi32

StretchBlt
SetStretchBltMode
SelectObject
GetObjectA
CreateCompatibleDC
GetDIBits
DeleteDC
CreateCompatibleBitmap
DeleteObject

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

ole32

CLSIDFromString
CLSIDFromProgID
CoCreateInstance
GetHGlobalFromStream
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
OleRun

oleaut32

SafeArrayGetElemsize
SafeArrayUnaccessData
SafeArrayAccessData
SysFreeString
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantInit
VarR8FromCy
VarR8FromBool
VariantChangeType
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
VariantCopy
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
VariantTimeToSystemTime
SafeArrayGetUBound

gdiplus

GdipCreateBitmapFromHBITMAP
GdipCreateHBITMAPFromBitmap
GdipSaveImageToStream
GdipDisposeImage
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStream

psapi

GetProcessImageFileNameW

winhttp

WinHttpCheckPlatform
WinHttpCrackUrl
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpOpenRequest
WinHttpSetCredentials
WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpCloseHandle

odbc32

ord9
ord55
ord36
ord32
ord75
ord41
ord31
ord11
ord20
ord19
ord72
ord12
ord76
ord30
ord43
ord8
ord18
ord39
ord29
ord24

msvcrt

realloc
strrchr
strncmp
strncpy
atof
__CxxFrameHandler
strtod
floor
_ftol
atoi
_CIfmod
malloc
free
memmove
modf
sprintf
strchr
??2@YAPAXI@Z
??3@YAXPAX@Z
_stricmp

shlwapi

PathFileExistsA

Sections

.text
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 916KB - Virtual size: 976KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a00d1d5227ca74e2e83b6639d408cf4c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

gdiplus

psapi

winhttp

odbc32

msvcrt

shlwapi

Sections

.text Size: 260KB - Virtual size: 259KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 916KB - Virtual size: 976KB

.rsrc Size: 4KB - Virtual size: 688B

.data Size: 16KB - Virtual size: 13KB

.text
Size: 260KB - Virtual size: 259KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 916KB - Virtual size: 976KB

.rsrc
Size: 4KB - Virtual size: 688B

.data
Size: 16KB - Virtual size: 13KB