6b9606a001294818dbe016e33ebd4a5d426fb9ba478f5e9d0f7d62666865a317

Sharing

Copy URL Twitter E-mail

General

Target

6b9606a001294818dbe016e33ebd4a5d426fb9ba478f5e9d0f7d62666865a317
Size

2.7MB
MD5

0862e5fa7189ba5b42274be3801ab563
SHA1

043d196608b9eaf3805b9eef43268fe6881f8082
SHA256

6b9606a001294818dbe016e33ebd4a5d426fb9ba478f5e9d0f7d62666865a317
SHA512

efbb6e22306df6304d4743de99878be10b0d6b9783b5f7c0860cb95a6080aaef2ec52185b9207fbc3e0627954aaf9ef47a6081a5851875a815f487574fc089fb
SSDEEP

49152:JFP7ESwQcQQAgtZFwbZC0rHiiVpWl7AWkj1gXWwOX8x7N6ayKOV:j7ETRP6bbrCirP6XWwOXc74ayfV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6b9606a001294818dbe016e33ebd4a5d426fb9ba478f5e9d0f7d62666865a317

Files

6b9606a001294818dbe016e33ebd4a5d426fb9ba478f5e9d0f7d62666865a317
.exe windows:5 windows x86

32f63bfd90a8155a7fac23279ae728ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime

imagehlp

StackWalk

shlwapi

SHDeleteKeyA

ws2_32

inet_ntoa

version

GetFileVersionInfoSizeA

d3d9

Direct3DCreate9

stlport.5.0

?_S_next_size@?$_Stl_prime@_N@priv@stlp_std@@SAII@Z

mfc80

ord3931

msvcr80

fprintf

kernel32

GetVersionExA
LoadLibraryA
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA

user32

GetClientRect
CharUpperBuffW

gdi32

GetObjectA

advapi32

RegOpenKeyExA
RegCloseKey
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

shell32

ShellExecuteA

comctl32

_TrackMouseEvent

dbghelp

MiniDumpWriteDump

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 353KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx0
Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.upx1
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32f63bfd90a8155a7fac23279ae728ab

Headers

File Characteristics

Imports

winmm

imagehlp

shlwapi

ws2_32

version

d3d9

stlport.5.0

mfc80

msvcr80

kernel32

user32

gdi32

advapi32

shell32

comctl32

dbghelp

wtsapi32

Sections

.text Size: - Virtual size: 353KB

.rdata Size: - Virtual size: 83KB

.data Size: - Virtual size: 154KB

.tls Size: 4KB - Virtual size: 9B

.upx0 Size: - Virtual size: 2.7MB

.upx1 Size: 2.7MB - Virtual size: 2.7MB

.reloc Size: 4KB - Virtual size: 240B

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: - Virtual size: 353KB

.rdata
Size: - Virtual size: 83KB

.data
Size: - Virtual size: 154KB

.tls
Size: 4KB - Virtual size: 9B

.upx0
Size: - Virtual size: 2.7MB

.upx1
Size: 2.7MB - Virtual size: 2.7MB

.reloc
Size: 4KB - Virtual size: 240B

.rsrc
Size: 8KB - Virtual size: 7KB