6f11dad27bed8ca3238daccf5ac8ae8bbdb7cce55bbd27670ded99f5ca5500ef

Sharing

Copy URL

Twitter E-mail

General

Target

6f11dad27bed8ca3238daccf5ac8ae8bbdb7cce55bbd27670ded99f5ca5500ef
Size

921KB
MD5

d373bfd5df4684271b2811937154c4c5
SHA1

5ad3c0e44b045f8c0588724cd5cdfbd8c74bafc0
SHA256

6f11dad27bed8ca3238daccf5ac8ae8bbdb7cce55bbd27670ded99f5ca5500ef
SHA512

6726a0c6c6c0777b2c69549af906d048fbe8947c7f885c94a40a0ce887c126ebb109efb7004e850596dd0e25a5bfbf39b7315f59a17f9aba049e5c847b64ebf5
SSDEEP

24576:8SZj8yuaA7kHfa0dnFU17R43AUwhoS4fXH7+UBha:Zj8Kfa096rOXwWfXH7nha

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f11dad27bed8ca3238daccf5ac8ae8bbdb7cce55bbd27670ded99f5ca5500ef

Files

6f11dad27bed8ca3238daccf5ac8ae8bbdb7cce55bbd27670ded99f5ca5500ef
.exe windows:5 windows x86

d6ea05433b238673485afe899023b339

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
QueueUserAPC
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
WaitForSingleObject
WaitForMultipleObjects
CloseHandle
FormatMessageA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SleepEx
CreateEventW
SetWaitableTimer
VerifyVersionInfoA
LockResource
OpenProcess
GetCurrentProcess
GetCurrentProcessId
ExitProcess
TerminateProcess
SetUnhandledExceptionFilter
GetCurrentThread
SetThreadPriority
LoadResource
SizeofResource
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
GetModuleFileNameA
GetModuleHandleA
FindResourceA
SetCurrentDirectoryA
GetLastError
CreateFileA
SetPriorityClass
K32EnumProcesses
K32GetModuleFileNameExA
InterlockedDecrement
CreateWaitableTimerA
MultiByteToWideChar
WideCharToMultiByte
ReadFile
CreatePipe
CreateProcessA
GetStartupInfoA
SetEndOfFile
HeapSize
WriteConsoleW
GetProcessHeap
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetTimeZoneInformation
HeapReAlloc
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
HeapFree
HeapAlloc
GetACP
TerminateThread
GetCurrentThreadId
LocalFree
InterlockedCompareExchange
InterlockedExchangeAdd
GetCurrentDirectoryA
InterlockedExchange
WriteFile
GetStdHandle
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
ExitThread
RtlUnwind
RaiseException
LoadLibraryW
InterlockedIncrement
Sleep
VerSetConditionMask
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
LoadLibraryExW
GetModuleFileNameW
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
FormatMessageW
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetExitCodeThread
GetNativeSystemInfo
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
FindClose
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
RemoveDirectoryW
AreFileApisANSI
GetModuleHandleW
GetProcAddress
CopyFileW
TryEnterCriticalSection
GetSystemTimeAsFileTime
GetTickCount
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
ResetEvent

user32

SetLayeredWindowAttributes
SetTimer
KillTimer
CreatePopupMenu
AppendMenuA
TrackPopupMenu
DrawTextA
ShowWindow
SetForegroundWindow
BeginPaint
EndPaint
InvalidateRect
GetClientRect
MessageBoxA
GetCursorPos
GetSysColorBrush
LoadCursorA
SystemParametersInfoA
CreateWindowExA
RegisterClassA
PostQuitMessage
DefWindowProcA
PostMessageA
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
RegisterWindowMessageA

gdi32

SetBkMode
SelectObject
DeleteDC
CreateCompatibleDC
CreateBitmap
SetTextColor

shell32

SHChangeNotify
SHGetFolderPathA
Shell_NotifyIconA
ShellExecuteExA
ExtractIconA
ShellExecuteA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

advapi32

OpenProcessToken
GetTokenInformation

ws2_32

htons
ntohl
ntohs
closesocket
htonl
WSARecv
connect
ioctlsocket
getsockopt
select
setsockopt
WSAStartup
WSACleanup
WSASetLastError
WSAGetLastError
bind
WSASend
WSASocketW
getaddrinfo
freeaddrinfo
__WSAFDIsSet
accept
getpeername
getsockname
inet_addr
listen
WSAIoctl
WSAAddressToStringW
WSAStringToAddressW

mswsock

GetAcceptExSockaddrs
AcceptEx

msimg32

AlphaBlend

dbghelp

MiniDumpWriteDump

Sections

.text
Size: 675KB - Virtual size: 675KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d6ea05433b238673485afe899023b339

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

advapi32

ws2_32

mswsock

msimg32

dbghelp

Sections

.text Size: 675KB - Virtual size: 675KB

.rdata Size: 156KB - Virtual size: 155KB

.data Size: 23KB - Virtual size: 44KB

.rsrc Size: 25KB - Virtual size: 25KB

.reloc Size: 39KB - Virtual size: 39KB

.text
Size: 675KB - Virtual size: 675KB

.rdata
Size: 156KB - Virtual size: 155KB

.data
Size: 23KB - Virtual size: 44KB

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 39KB - Virtual size: 39KB