6fb5f77cf4da3da1157066f701ef4946d15ad16642ca2ff9b2bf4d86d15230c5

Sharing

Copy URL

Twitter E-mail

General

Target

6fb5f77cf4da3da1157066f701ef4946d15ad16642ca2ff9b2bf4d86d15230c5
Size

46KB
MD5

3376534c8eb5db961c49883015ac868c
SHA1

86c4761f12145fe681eed5cd7bfd721bd9e624f0
SHA256

6fb5f77cf4da3da1157066f701ef4946d15ad16642ca2ff9b2bf4d86d15230c5
SHA512

3f1841f1e68e2f6647c471a2d647f8c0b793dcc46f38f57bb6e226881e67757ff703db5f42ec5c5be9c3a96b5d55c70d3fba0efffc238ba3e901469d6ff3e231
SSDEEP

768:N1qu47b4gc5h0ZV9rcBR+0hlPYr4neXSifRawuLltJc5iV6TJUPp7:H47b3c5y/rcBshrDCifRa1xty5PJ67

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fb5f77cf4da3da1157066f701ef4946d15ad16642ca2ff9b2bf4d86d15230c5

Files

6fb5f77cf4da3da1157066f701ef4946d15ad16642ca2ff9b2bf4d86d15230c5
.exe windows:5 windows x86

2bc016535b0fe864affce6d9044f1639

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit

advapi32

RegCloseKey
OpenProcessToken
GetUserNameW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RevertToSelf
CreateProcessAsUserW
ImpersonateLoggedOnUser

kernel32

WritePrivateProfileStringW
FreeLibrary
GetProcAddress
GetTickCount
CloseHandle
GetExitCodeProcess
SetProcessWorkingSetSize
lstrcmpiW
OpenProcess
HeapFree
GetProcessHeap
LoadLibraryW
lstrlenW
SetCurrentDirectoryW
Sleep
CreateThread
GetCurrentThreadId
DeviceIoControl
LoadLibraryExA
SetEvent
MapViewOfFile
ExitProcess
GetModuleHandleA
lstrlenA
WaitForSingleObject
LockResource
LoadResource
LocalFree
LocalAlloc
GetLastError
CreateEventA
OpenEventA
GetNumberFormatA
GetLocaleInfoA
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
GetCurrentProcessId
UnmapViewOfFile
SearchPathW
OpenFileMappingW
OpenEventW
lstrcpynW
GetProfileStringW
lstrcmpW
lstrcatW
LoadLibraryExW
GetVersionExW
GetTimeFormatW
GetTempPathW
GetTempFileNameW
GetSystemDirectoryW
GetStringTypeExW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetModuleHandleW
GetModuleFileNameW
GetFileAttributesW
lstrcpyW
GetDateFormatW
FindResourceExW
ExpandEnvironmentStringsW
DeleteFileW
CreateProcessW
CreateMutexW
CreateFileMappingW
CreateFileW
CreateEventW
CreateDirectoryW
GetVersionExA

gdi32

DeleteObject

user32

EnumThreadWindows
GetWindowThreadProcessId
DestroyMenu
GetMenuItemCount
GetSubMenu
wsprintfA
LoadCursorW
LoadIconW
LoadImageW
LoadMenuW
IsDialogMessageW
LoadStringW
PeekMessageW
PostMessageW
PostThreadMessageW
RegisterClassExW
RegisterWindowMessageW
SendDlgItemMessageW
SendMessageW
SetDlgItemTextW
SetWindowLongW
SetWindowTextW
UnregisterClassW
WinHelpW
wsprintfW
wvsprintfW
SendMessageA
GetParent
SetDlgItemTextA
SendDlgItemMessageA
GetDlgItem
RegisterWindowMessageA
PostMessageA
MessageBoxW
GetProcessWindowStation
GetThreadDesktop
GetUserObjectInformationW
ScreenToClient
ChildWindowFromPointEx
GetDlgCtrlID
MsgWaitForMultipleObjects
TranslateMessage
IsWindow
IsWindowVisible
GetWindowRect
SystemParametersInfoA
SetWindowPos
GetCursorPos
DestroyWindow
SetMenuDefaultItem
TrackPopupMenu
ShowWindow
EnableWindow
GetLastActivePopup
SetForegroundWindow
EndDialog
InsertMenuW
GetWindowTextLengthW
GetWindowTextW
GetWindowLongW
GetMessageW
GetDlgItemTextW
GetClassLongW
FindWindowExW
DispatchMessageW
DialogBoxParamW
DefWindowProcW
CreateWindowExW
CreateDialogParamW
CharUpperW
CharNextW
CharPrevW
CharLowerW
PostQuitMessage
CallWindowProcW

cmutil

CmAtolA
CmIsDigitA
ReleaseBold
CmFmtMsgA
MakeBold
UpdateFont
GetOSBuildNumber
CmWinHelp
CmLoadStringW
CmStrCatAllocW
??0CmLogFile@@QAE@XZ
??0CIniW@@QAE@PAUHINSTANCE__@@PBG111@Z
?GetPrimaryRegPath@CIniW@@QBEPBGXZ
CmStrCpyAllocW
?SetPrimaryRegPath@CIniW@@QAEXPBG@Z
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBG@Z
?SetParams@CmLogFile@@QAEJHKPBG@Z
?Start@CmLogFile@@QAEJH@Z
?Stop@CmLogFile@@QAEJXZ
?Log@CmLogFile@@QAAXW4_CMLOG_ITEM@@ZZ
CmFmtMsgW
?GPPI@CIniW@@QBEKPBG0K@Z
?DeInit@CmLogFile@@QAEJXZ
??1CIniW@@QAE@XZ
??1CmLogFile@@QAE@XZ
CmLoadIconW
CmLoadSmallIconW
CmParsePathW
IsLogonAsSystem
?GPPB@CIniW@@QBEHPBG0H@Z
?Clear@CIniW@@QAEXXZ
?SetHInst@CIniW@@QAEXPAUHINSTANCE__@@@Z
?SetFile@CIniW@@QAEXPBG@Z
?GPPS@CIniW@@QBEPAGPBG00@Z
?GetFile@CIniW@@QBEPBGXZ
CmBuildFullPathFromRelativeW
?SetPrimaryFile@CIniW@@QAEXPBG@Z
SzToWz
GetOSMajorVersion
CmMalloc
CmFree
GetOSVersion

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2bc016535b0fe864affce6d9044f1639

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

gdi32

user32

cmutil

Sections

.text Size: 30KB - Virtual size: 30KB

.data Size: 512B - Virtual size: 400B

.rsrc Size: 14KB - Virtual size: 33KB

.text
Size: 30KB - Virtual size: 30KB

.data
Size: 512B - Virtual size: 400B

.rsrc
Size: 14KB - Virtual size: 33KB