6ebf0805fb70e2821cf00873531c63ed28239072f1307bc5428dacbbe92ec73f

Sharing

Copy URL

Twitter E-mail

General

Target

6ebf0805fb70e2821cf00873531c63ed28239072f1307bc5428dacbbe92ec73f
Size

986KB
MD5

4fc427f85af03f9c52fa00bab7fe8c76
SHA1

b17f0a027410103036002eec428d7a238f683efb
SHA256

6ebf0805fb70e2821cf00873531c63ed28239072f1307bc5428dacbbe92ec73f
SHA512

c374c6f0e1cdf4338917816b140d061f906b27b9e57f3d0e4a6e9f76b277d409fd31f2405db99d395e8246fa7082945084c2da0f558eac2e11f39a611f1e7886
SSDEEP

12288:q1UMk8qb1neCrQvX4g/QoiiYQ+D9K35cKYGJlOujFq0yPrEg5V28ku:qeMk8qbtUA0/YQ0+cnIlOYyzEsV28Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6ebf0805fb70e2821cf00873531c63ed28239072f1307bc5428dacbbe92ec73f

Files

6ebf0805fb70e2821cf00873531c63ed28239072f1307bc5428dacbbe92ec73f
.exe windows:6 windows x64

6d985873098c8d4ecb105cb7f0085b58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

SystemFunction036

kernel32

SwitchToThread
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetCommandLineW
SetLastError
GetModuleFileNameW
GetLastError
HeapFree
AddVectoredExceptionHandler
SetThreadStackGuarantee
HeapAlloc
GetProcessHeap
HeapReAlloc
CloseHandle
TryAcquireSRWLockExclusive
PostQueuedCompletionStatus
WakeConditionVariable
GetStdHandle
GetFileInformationByHandleEx
GetConsoleMode
WakeAllConditionVariable
LeaveCriticalSection
SleepConditionVariableSRW
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsSetValue
GetEnvironmentVariableW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
ReleaseMutex
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
WriteFile
WriteConsoleW
TlsAlloc
GetModuleHandleW
FormatMessageW
ReadFile
ReadConsoleW
InitializeCriticalSection
EnterCriticalSection
ExitProcess
TryEnterCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
SetHandleInformation
CreateThread
SetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetHandleInformation
CreateIoCompletionPort
GetQueuedCompletionStatusEx
InitializeSRWLock
DeleteCriticalSection
InitOnceExecuteOnce
GetTickCount64
SetFileCompletionNotificationModes
CreateFileW
SetFilePointerEx
GetFileSizeEx
HeapSize
GetConsoleOutputCP
FlushFileBuffers
LCMapStringW
CompareStringW
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
GetFileType
GetModuleHandleExW
GetCommandLineA
OutputDebugStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW

ws2_32

WSAIoctl
bind
WSACleanup
freeaddrinfo
getaddrinfo
WSAStartup
shutdown
send
closesocket
getsockname
getsockopt
connect
WSASocketW
WSAGetLastError
getpeername
ioctlsocket
recv

Sections

.text
Size: 763KB - Virtual size: 762KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d985873098c8d4ecb105cb7f0085b58

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ws2_32

Sections

.text Size: 763KB - Virtual size: 762KB

.rdata Size: 184KB - Virtual size: 183KB

.data Size: 3KB - Virtual size: 8KB

.pdata Size: 27KB - Virtual size: 27KB

_RDATA Size: 512B - Virtual size: 244B

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 763KB - Virtual size: 762KB

.rdata
Size: 184KB - Virtual size: 183KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 27KB - Virtual size: 27KB

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 7KB - Virtual size: 6KB