edd6d96d946ff9a7dd212193b9b6c391859522ff8314d22758b64dec0c4744f6

Sharing

Copy URL Twitter E-mail

General

Target

edd6d96d946ff9a7dd212193b9b6c391859522ff8314d22758b64dec0c4744f6
Size

392KB
MD5

6647fd34f02c0d5bf510c8661cd99da6
SHA1

ee4e892a7b861fb989e284b3eaebaa60e35aab36
SHA256

edd6d96d946ff9a7dd212193b9b6c391859522ff8314d22758b64dec0c4744f6
SHA512

c67ec1296219021b2af52332ac8c62f4d6a18906f32aeede714c2f99003c99afcb025690933b5503f63819a4dea9659392459f157fc844db3b5efedf026e2998
SSDEEP

6144:L+gIfxU2JsZbOeX469fAViAcdHXeT/1QQytS6HkagmhK3eu3wnLYAdbtDny6Qza5:axsdO569fom+QQytrHY3eKILyFza5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
edd6d96d946ff9a7dd212193b9b6c391859522ff8314d22758b64dec0c4744f6

Files

edd6d96d946ff9a7dd212193b9b6c391859522ff8314d22758b64dec0c4744f6
.exe windows:6 windows x86

9f2869a9278529d16cee6a701b2c0c0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
GetLocalTime
ReadDirectoryChangesW
DeleteCriticalSection
lstrcmpW
Process32First
GetCurrentProcess
GetModuleFileNameW
OpenProcess
CreateToolhelp32Snapshot
K32GetModuleFileNameExA
GetCurrentThread
LoadLibraryA
Process32Next
GetProcAddress
GetFileSize
GetComputerNameW
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
GetModuleFileNameA
GetCommandLineW
K32EnumProcesses
GetCurrentProcessId
CreateProcessA
IsWow64Process
GlobalFree
CreateNamedPipeA
DisconnectNamedPipe
ResetEvent
GetOverlappedResult
GetTickCount
ConnectNamedPipe
FlushFileBuffers
K32GetProcessImageFileNameW
ProcessIdToSessionId
Process32NextW
Process32FirstW
GetLogicalDriveStringsA
SetConsoleCtrlHandler
GetConsoleScreenBufferInfo
SetConsoleScreenBufferSize
GetConsoleOutputCP
GetConsoleCP
SetConsoleWindowInfo
CreateFileW
GetConsoleDisplayMode
ReadConsoleOutputW
FreeConsole
WriteConsoleInputW
GetConsoleWindow
AllocConsole
GenerateConsoleCtrlEvent
SetEvent
LocalLock
LocalAlloc
PostQueuedCompletionStatus
LocalReAlloc
LocalUnlock
QueueUserAPC
GetCurrentThreadId
CreateEventW
CreateIoCompletionPort
QueryPerformanceFrequency
QueryPerformanceCounter
GetQueuedCompletionStatus
TerminateThread
GetSystemInfo
WriteConsoleW
SetEndOfFile
HeapSize
GetProcessHeap
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetACP
IsValidCodePage
FindFirstFileExW
LCMapStringW
CompareStringW
SetFilePointer
GetLastError
InitializeCriticalSection
lstrcmpiW
GetDiskFreeSpaceExA
lstrcmpiA
FileTimeToSystemTime
FindClose
CreateFileA
QueryDosDeviceA
GetDriveTypeA
FindNextFileW
FindFirstFileW
CreateDirectoryW
GetProcessId
ExitProcess
CreateThread
GetTempPathA
CreateMutexA
ExpandEnvironmentStringsA
WideCharToMultiByte
CreateProcessW
Wow64RevertWow64FsRedirection
Sleep
MultiByteToWideChar
PeekNamedPipe
GetEnvironmentVariableW
CreatePipe
TerminateProcess
Wow64DisableWow64FsRedirection
WriteFile
SetHandleInformation
GetOEMCP
ReadFile
CreateEventA
CloseHandle
WaitForSingleObject
WaitForMultipleObjects
GetConsoleMode
GetFileType
ReadConsoleW
GetFileAttributesExW
GetExitCodeProcess
SetFilePointerEx
HeapReAlloc
HeapAlloc
HeapFree
GetModuleHandleExW
GetStdHandle
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
SetLastError
RaiseException
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DecodePointer

user32

GetWindowTextW
SetWindowsHookExW
TranslateMessage
GetForegroundWindow
SetTimer
DispatchMessageW
GetAsyncKeyState
CallNextHookEx
CreateWindowExW
GetKeyState
GetMessageW
wsprintfA
ReleaseDC
GetDesktopWindow
GetWindowDC
GetSystemMetrics
ShowWindow
wsprintfW

gdi32

BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject
DeleteDC

advapi32

OpenSCManagerA
GetUserNameA
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RevertToSelf
ImpersonateLoggedOnUser
CreateProcessAsUserA
DuplicateTokenEx
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateServiceA
CloseServiceHandle
RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
DeleteService
StartServiceA
RegSetValueExA
OpenProcessToken
GetUserNameW
ChangeServiceConfig2A
LookupAccountSidW
OpenServiceA
GetTokenInformation
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA

shell32

ShellExecuteA
ShellExecuteW
SHFileOperationW
SHFileOperationA
CommandLineToArgvW
SHCreateDirectoryExA

shlwapi

PathCombineA
StrToIntW
PathRemoveFileSpecA
StrToIntA

ws2_32

ntohl
WSASendTo
WSASocketA
WSARecvFrom
getsockname
recv
WSAStartup
WSAIoctl
gethostbyname
send
socket
WSAGetLastError
WSAGetOverlappedResult
WSARecv
WSASend
closesocket
htons
htonl
ntohs
setsockopt
gethostname
inet_ntoa
WSACleanup
connect
bind

Sections

.text
Size: 298KB - Virtual size: 297KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f2869a9278529d16cee6a701b2c0c0c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

ws2_32

Sections

.text Size: 298KB - Virtual size: 297KB

.rdata Size: 73KB - Virtual size: 73KB

.data Size: 7KB - Virtual size: 87KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 298KB - Virtual size: 297KB

.rdata
Size: 73KB - Virtual size: 73KB

.data
Size: 7KB - Virtual size: 87KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 12KB - Virtual size: 11KB