6f83add3a37cf88c7839acf6524155be70dbf1d89a1d6c8a8e97826f3b0a1364

Sharing

Copy URL Twitter E-mail

General

Target

6f83add3a37cf88c7839acf6524155be70dbf1d89a1d6c8a8e97826f3b0a1364
Size

2.0MB
MD5

40c722d6656b6a4f6e40d99e1e31f07e
SHA1

dc1014ac11ca3b8611514c27e2e9e3f0a024e383
SHA256

6f83add3a37cf88c7839acf6524155be70dbf1d89a1d6c8a8e97826f3b0a1364
SHA512

522b4a99edb62134afda9bf02e8317ea3930b22775f95258ac15dec01ac284f9faaeab78bde18682fa8d86741897af0e09b39ebe38f65a59a0e3b206d1ca6664
SSDEEP

49152:ZfT6z9Tk4cDCxg/Mnj4YtZNuYNqHuh5tjgK8BKN0/1p:Zo9Tk4cDMg/Mj5tzuYphcOmT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f83add3a37cf88c7839acf6524155be70dbf1d89a1d6c8a8e97826f3b0a1364

Files

6f83add3a37cf88c7839acf6524155be70dbf1d89a1d6c8a8e97826f3b0a1364
.exe windows x86

ffa6a1a0eac7e6d721e505488432e71d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcessModules

crypt32

CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose

advapi32

ImpersonateLoggedOnUser
DuplicateTokenEx
RegQueryValueExA
RegDeleteValueW
RegFlushKey
StartServiceW
OpenProcessToken
GetTokenInformation
LookupAccountSidW
RegCloseKey
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RevertToSelf
EqualSid
GetLengthSid
InitializeAcl
GetAclInformation
AddAce
GetAce
AddAccessAllowedAce
InitializeSecurityDescriptor
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
SetFileSecurityW
GetFileSecurityW
LookupAccountNameW
RegEnumKeyW
RegOpenKeyW
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
SHChangeNotify
SHGetFolderPathW

shlwapi

SHGetValueW
SHSetValueW
PathFileExistsW
SHDeleteValueW
SHDeleteKeyW
PathIsDirectoryW

user32

wsprintfA
wsprintfW

kernel32

SleepEx
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
DeviceIoControl
CloseHandle
GetSystemDirectoryW
CreateFileW
FreeLibrary
GetProcAddress
LocalAlloc
LocalFree
GetCurrentProcess
Sleep
LoadLibraryW
GetModuleFileNameW
OutputDebugStringW
GetVersionExW
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
WideCharToMultiByte
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
GetFileSize
LockFileEx
CreateFileMappingA
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
GetSystemInfo
HeapReAlloc
DeleteFileW
DeleteFileA
GetVersionExA
GetSystemDirectoryA
LoadLibraryA
CreateFileA
FlushViewOfFile
GetFileAttributesExW
GetFileAttributesA
GetLastError
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
WaitForMultipleObjects
InterlockedCompareExchange
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
GetCurrentThreadId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
CreateThread
SetEvent
CreateEventW
WritePrivateProfileStringW
lstrlenW
VirtualAlloc
VirtualFree
OpenProcess
GetLogicalDriveStringsW
GetModuleHandleW
QueryDosDeviceW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentDirectoryW
FindFirstFileW
FindNextFileW
lstrcpyW
CreateDirectoryW
CopyFileW
MoveFileExW
GetLocalTime
GetFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
OpenFileMappingW
GetPrivateProfileStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
ResetEvent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
FindFirstFileA
FindNextFileA
ExpandEnvironmentStringsA
VerSetConditionMask
VerifyVersionInfoW
ReleaseMutex
GetPrivateProfileIntW
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
GetLongPathNameW
GlobalAlloc
GlobalFree
ReadProcessMemory
CreateProcessW
GetVolumeInformationW
SetFileAttributesW
RemoveDirectoryW
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
VirtualProtect
SetLastError
GetNativeSystemInfo
IsBadReadPtr
GetWindowsDirectoryW
SetErrorMode
SetPriorityClass
PeekNamedPipe
GetDiskFreeSpaceW
ExpandEnvironmentStringsW
GetDriveTypeW
WaitForSingleObjectEx
FindClose
FindFirstFileExW
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStringTypeW
WriteConsoleW
GetFileType
GetACP
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
EncodePointer

iphlpapi

GetAdaptersInfo

urlmon

URLDownloadToFileW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

getservbyport
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
WSASetLastError
gethostbyname
inet_addr
inet_ntoa
gethostname
ioctlsocket
listen
accept
sendto
recvfrom
select
getservbyname
connect
bind
socket
__WSAFDIsSet
WSAStartup
WSACleanup
recv
send
WSAGetLastError
htonl
closesocket
gethostbyaddr

Exports

Exports

AddProtectFile
AddProtectReg
AddTrustProcess
ClearProtectFile
ClearProtectReg
ClearTrustProcess
SHDeleteSelfProtectService
SHGetDumpPath
SHStartSelfProtectService

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 605KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ffa6a1a0eac7e6d721e505488432e71d

Headers

DLL Characteristics

File Characteristics

Imports

psapi

crypt32

advapi32

ole32

shell32

shlwapi

user32

kernel32

iphlpapi

urlmon

version

ws2_32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 187KB - Virtual size: 186KB

.data Size: 9KB - Virtual size: 25KB

.gfids Size: 512B - Virtual size: 432B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 605KB - Virtual size: 608KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 187KB - Virtual size: 186KB

.data
Size: 9KB - Virtual size: 25KB

.gfids
Size: 512B - Virtual size: 432B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 605KB - Virtual size: 608KB