6cee6cbd142902af0c735a0b3c9e8dcc48a9ec2d63923dbd493322c0a3586c74

Sharing

Copy URL

Twitter E-mail

General

Target

6cee6cbd142902af0c735a0b3c9e8dcc48a9ec2d63923dbd493322c0a3586c74
Size

3.2MB
MD5

7ea6a6e307f4e878d0eee187e1409ed5
SHA1

7099ac36ce65b28b4648d799a6b69f739b8c9668
SHA256

6cee6cbd142902af0c735a0b3c9e8dcc48a9ec2d63923dbd493322c0a3586c74
SHA512

dd8449cf8f3e6754e1ff6a9a9d06a6a4104f6d56b99e48adf313482a111f479cb2f5129a842ed1e7e794eee3a9e4d96fc2eb31a809d6b535d29fefd8c03f3b35
SSDEEP

49152:4wPyfT5n+FjZCbBUZfAJKaDlSmUJlQ1PEqgYgf2T5dvagKXWZXKa8LFl:4wcTINCbBU1wMlQ1PEqg1c2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6cee6cbd142902af0c735a0b3c9e8dcc48a9ec2d63923dbd493322c0a3586c74

Files

6cee6cbd142902af0c735a0b3c9e8dcc48a9ec2d63923dbd493322c0a3586c74
.exe windows x86

e3a286ea355b8c930e601b15329cc500

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACleanup
WSAStartup
ioctlsocket

advapi32

GetSidSubAuthorityCount
RegisterEventSourceA
DeregisterEventSource
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SystemFunction036
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyExW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
GetSidSubAuthority
ReportEventA
BuildSecurityDescriptorW
BuildExplicitAccessWithNameW

setupapi

SetupDiEnumDeviceInfo
CM_Get_Device_IDW
SetupDiGetClassDevsW

ole32

CoInitializeEx
CoTaskMemFree
CoRevokeInitializeSpy
CoRegisterInitializeSpy
CoTaskMemAlloc
PropVariantClear
CoUninitialize

propsys

InitPropVariantFromCLSID

winmm

timeBeginPeriod
timeGetTime
timeEndPeriod

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeW

kernel32

GetLocaleInfoEx
EncodePointer
DecodePointer
LCMapStringEx
IsDBCSLeadByteEx
IsValidCodePage
AreFileApisANSI
CreateDirectoryExW
DeviceIoControl
GetFullPathNameW
FindFirstFileW
CreateWaitableTimerA
GetStringTypeW
CompareStringEx
GetCPInfo
GetStartupInfoW
ReleaseSemaphore
InitializeCriticalSectionEx
InitOnceBeginInitialize
MoveFileW
VirtualProtect
LoadLibraryExA
InitializeSListHead
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetLastError
FormatMessageA
FormatMessageW
WideCharToMultiByte
LocalFree
CreateEventA
SetEvent
GetCurrentThreadId
WaitForSingleObjectEx
WaitForSingleObject
WaitForMultipleObjects
CloseHandle
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueueUserAPC
TerminateThread
TlsAlloc
TlsGetValue
TlsFree
CreateEventW
SleepEx
GetProcessHeap
HeapAlloc
HeapFree
VerSetConditionMask
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
InitializeCriticalSectionAndSpinCount
SetWaitableTimer
TlsSetValue
VerifyVersionInfoW
Sleep
GetTickCount
GetVersionExW
VirtualQuery
FreeLibrary
GetModuleFileNameA
GetProcAddress
LoadLibraryA
CreateFileW
ConnectNamedPipe
CreateNamedPipeW
GetCurrentProcessId
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
DuplicateHandle
GetCurrentProcess
ReadFile
WriteFile
CancelIo
WaitNamedPipeW
GetCommandLineW
LoadLibraryExW
GetCurrentDirectoryW
DeleteFileW
OutputDebugStringA
GetLocalTime
GetModuleFileNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetModuleHandleW
GetModuleHandleExW
LoadLibraryW
ResetEvent
AcquireSRWLockExclusive
CreateFileMappingW
MapViewOfFile
TerminateProcess
GetProcessTimes
GetExitCodeProcess
SetPriorityClass
GetPriorityClass
OpenProcess
UnmapViewOfFile
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
GetProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetThreadId
SetInformationJobObject
IsDebuggerPresent
RaiseException
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
IsWow64Process
ProcessIdToSessionId
K32EnumProcessModules
SetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesW
GetFileAttributesExW
GetFinalPathNameByHandleW
GetLogicalDriveStringsW
GetLongPathNameW
GetVolumeInformationW
GetVolumePathNameW
QueryDosDeviceW
RemoveDirectoryW
SetFileAttributesW
GetTempPathW
GetModuleHandleA
CopyFileW
WaitForMultipleObjectsEx
MoveFileExW
ReplaceFileW
CreateHardLinkW
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
QueryThreadCycleTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
VirtualAlloc
VirtualFree
FlushViewOfFile
GetNativeSystemInfo
GetProductInfo
GetSystemInfo
GetProcessIoCounters
K32GetPerformanceInfo
MultiByteToWideChar
ExpandEnvironmentStringsW
FlushFileBuffers
GetFileInformationByHandle
GetFileSizeEx
LockFileEx
SetEndOfFile
SetFileInformationByHandle
SetFilePointerEx
SetFileTime
UnlockFileEx
FindClose
FindFirstFileExW
FindNextFileW
GetSystemDirectoryW
GetWindowsDirectoryW
GetUserDefaultLangID
UnregisterWaitEx
RegisterWaitForSingleObject
lstrcmpiA
GetModuleHandleExA
HeapSetInformation
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
LoadResource
LockResource
SizeofResource
FindResourceW
CreateThreadpool
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
CloseThreadpool
CallbackMayRunLong
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
WriteProcessMemory
GetStdHandle
GetVersion
GetExitCodeThread
WerRegisterRuntimeExceptionModule
VirtualProtectEx
AddVectoredExceptionHandler
VirtualAllocEx
CreateProcessW
FlushInstructionCache
GetFileType
TryEnterCriticalSection
OutputDebugStringW
SetNamedPipeHandleState
TransactNamedPipe
ReadProcessMemory
VirtualQueryEx
InitializeCriticalSection
GetNamedPipeInfo
GetFileTime
OpenEventA
GetLogicalProcessorInformation
ResumeThread
InitOnceComplete

dbghelp

SymGetLineFromAddr64
SymFunctionTableAccess64
SymGetModuleBase64
StackWalk64
SymSetOptions
SymGetSearchPathW
SymSetSearchPathW
SymFromAddr
SymCleanup
SymInitialize

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
_invalid_parameter_noinfo_noreturn
raise
_set_app_type
strerror
_invoke_watson
_seh_filter_exe
_set_new_handler
_beginthreadex
_initterm
_controlfp_s
_cexit
_crt_at_quick_exit
_crt_atexit
_initterm_e
_errno
exit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
abort
__p___argc
_register_thread_local_exe_atexit_callback
_exit
signal
_set_abort_behavior
_seh_filter_dll
_c_exit
_invalid_parameter_noinfo
terminate
__p___argv

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnwprintf_s
__stdio_common_vswprintf
__stdio_common_vsnprintf_s
__stdio_common_vfprintf
_write
__stdio_common_vsscanf
_set_fmode
__p__commode
_wfsopen
_close
_get_osfhandle
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fread
fputc
fgetpos
fgetc
fflush
fclose
_get_stream_buffer_pointers
_open_osfhandle
_fsopen
__acrt_iob_func
_wfopen
feof
ferror
_setmode
__stdio_common_vsprintf_s
fseek
ftell
_chsize
fopen
__stdio_common_vsprintf
fgets
_fileno

api-ms-win-crt-string-l1-1-0

isdigit
strcspn
wcsnlen
_strnicmp
strcmp
__strncnt
isxdigit
isalpha
islower
isspace
_wcsdup
_wcsicmp
iswspace
isupper
isalnum
_strdup
tolower
strncpy

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-math-l1-1-0

_dclass
_libm_sse2_pow_precise
_fdopen
ldexp
floor
ceil
_CIpow
frexp
__setusermatherr
_except1

api-ms-win-crt-heap-l1-1-0

_aligned_free
_set_new_mode
calloc
_aligned_malloc
realloc
_callnewh
malloc
free

api-ms-win-crt-locale-l1-1-0

___lc_locale_name_func
__pctype_func
setlocale
_unlock_locales
__initialize_lconv_for_unsigned_char
localeconv
___lc_collate_cp_func
_lock_locales
___mb_cur_max_func
___lc_codepage_func
_configthreadlocale

api-ms-win-crt-convert-l1-1-0

strtod
strtof
strtol
atoi
strtoull
strtoll
strtoul

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
_wfullpath
_wstat64

api-ms-win-crt-time-l1-1-0

_time64
_W_Gettnames
_Strftime
_Gettnames
_mktime64
_localtime64_s
_Wcsftime
_W_Getmonths
_W_Getdays
_Getmonths
_Getdays
_localtime64

shlwapi

PathMatchSpecW
ord437

user32

TranslateMessage
DispatchMessageW
PeekMessageW
PostMessageW
PostQuitMessage
MessageBoxA
GetProcessWindowStation
GetQueueStatus
MsgWaitForMultipleObjectsEx
CharUpperW
SetTimer
SetPropW
RemovePropW
SetProcessDPIAware
DefWindowProcW
UnregisterClassW
RegisterClassExW
CreateWindowExW
DestroyWindow
GetWindowLongW
SetWindowLongW
FindWindowExW
GetUserObjectInformationW
GetSystemMetrics
GetThreadDesktop
KillTimer

shell32

SHGetFolderPathW
SHGetKnownFolderPath
CommandLineToArgvW

vcruntime140

__std_exception_copy
__std_terminate
_purecall
_CxxThrowException
__CxxFrameHandler3
memmove
wcsstr
__std_exception_destroy
memset
__std_type_info_compare
__std_type_info_name
memchr
wcschr
__current_exception
__current_exception_context
_except_handler4_common
__std_type_info_destroy_list
__uncaught_exception
memcmp
memcpy
strchr

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 980KB - Virtual size: 979KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 46KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

minATL
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 173KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e3a286ea355b8c930e601b15329cc500

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

advapi32

setupapi

ole32

propsys

winmm

version

kernel32

dbghelp

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

shlwapi

user32

shell32

vcruntime140

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 980KB - Virtual size: 979KB

.data Size: 46KB - Virtual size: 62KB

minATL Size: 512B - Virtual size: 12B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 173KB - Virtual size: 176KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 980KB - Virtual size: 979KB

.data
Size: 46KB - Virtual size: 62KB

minATL
Size: 512B - Virtual size: 12B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 173KB - Virtual size: 176KB