c6ced925e4633e2d6dd30c976561ade77592ab2139c223abf3970e0affc8c657

Sharing

Copy URL

Twitter E-mail

General

Target

c6ced925e4633e2d6dd30c976561ade77592ab2139c223abf3970e0affc8c657
Size

447KB
MD5

21adac496baa7e9df96398f71e6bc4ce
SHA1

28b6f095f0148371c4faf6887cc5c424d0143b2e
SHA256

c6ced925e4633e2d6dd30c976561ade77592ab2139c223abf3970e0affc8c657
SHA512

f10fd711cef3353c7fc5462b825d76f6cc69b82520d63c58de34638a93c59ff49ba344eea1803fa3f19859c8ebd81280771aa31159f40c8d09ccee15fa9b5fb7
SSDEEP

6144:+OtcOLCjCtJHp0vXr0ezxZoVNuviT59oOzQ69y4ONHddJhlF2TyrMjlrYHn7EZm:+cbLS20v71oV1T5aOzP961b2OrMjmHn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
c6ced925e4633e2d6dd30c976561ade77592ab2139c223abf3970e0affc8c657

Files

c6ced925e4633e2d6dd30c976561ade77592ab2139c223abf3970e0affc8c657
.exe windows x86

c1947b9846baf229e0c776cadd6d408b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SearchPathW
AllocConsole
ConvertThreadToFiber
GetConsoleAliasExesLengthA
InterlockedDecrement
GetCurrentProcess
SetComputerNameW
FreeEnvironmentStringsA
GetModuleHandleW
GetTickCount
EnumCalendarInfoExW
SetFileTime
WaitNamedPipeW
EnumTimeFormatsW
GetCommandLineA
GetVolumePathNameW
GlobalAlloc
GetPrivateProfileIntA
GetSystemDirectoryW
SetFileShortNameW
GetSystemPowerStatus
GetCalendarInfoA
GetFileAttributesA
WriteConsoleW
SetSystemPowerState
TerminateProcess
CompareStringW
FindNextVolumeMountPointW
GetShortPathNameA
EnumSystemLocalesA
GetLastError
GetCurrentDirectoryW
GetProcAddress
MoveFileW
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
OpenThread
GetProcessId
InterlockedExchangeAdd
OpenWaitableTimerW
DeleteTimerQueue
GetNumberFormatW
AddAtomW
SetFileApisToANSI
BeginUpdateResourceA
OpenJobObjectW
GetPrivateProfileStructA
GetModuleHandleA
OpenFileMappingW
GetProcessAffinityMask
FindNextFileW
GetShortPathNameW
SetCalendarInfoA
GetVolumeNameForVolumeMountPointW
DeleteFileW
SetFileAttributesW
MoveFileA
MultiByteToWideChar
HeapSetInformation
GetStartupInfoW
RaiseException
HeapAlloc
HeapFree
IsProcessorFeaturePresent
EncodePointer
DecodePointer
GetCPInfo
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LeaveCriticalSection
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
CloseHandle
ExitProcess
WriteFile
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
GetStringTypeW
Sleep
SetFilePointer
GetConsoleCP
GetConsoleMode
RtlUnwind
SetStdHandle
FlushFileBuffers
HeapSize
LoadLibraryW
HeapReAlloc
CreateFileW
DeleteFileA

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 298KB - Virtual size: 23.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.giwem
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1947b9846baf229e0c776cadd6d408b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 79KB - Virtual size: 79KB

.data Size: 298KB - Virtual size: 23.3MB

.giwem Size: 6KB - Virtual size: 5KB

.rsrc Size: 63KB - Virtual size: 62KB

.text
Size: 79KB - Virtual size: 79KB

.data
Size: 298KB - Virtual size: 23.3MB

.giwem
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 63KB - Virtual size: 62KB