6f2ae313eab8674c6a6e4e12278aaf2d1889c98a02cdd2bc5cfbbd3d8a770c9b

Sharing

Copy URL Twitter E-mail

General

Target

6f2ae313eab8674c6a6e4e12278aaf2d1889c98a02cdd2bc5cfbbd3d8a770c9b
Size

231KB
MD5

92e0f9c8df938efa0a8c0f05c650a199
SHA1

000dfdf4a3757d298e27c2bb8be67c0e1c8f6ef6
SHA256

6f2ae313eab8674c6a6e4e12278aaf2d1889c98a02cdd2bc5cfbbd3d8a770c9b
SHA512

b8b22fd1b096572cb312953ec6ffd9f92d9ea7e3200cc1463420df3106333e13f0824f127b1b43baa13b3b8428c59dfa7aef8574aa0e2aa0f5d3d9fb3cf5e481
SSDEEP

6144:Ni3XsZ+0ioC9ciInfmxH7/ebCMQ2LzQtjW1IZ:No0isfWH7/aCf2HQH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f2ae313eab8674c6a6e4e12278aaf2d1889c98a02cdd2bc5cfbbd3d8a770c9b

Files

6f2ae313eab8674c6a6e4e12278aaf2d1889c98a02cdd2bc5cfbbd3d8a770c9b
.exe windows:5 windows x86

c665401d7ac632913a779da04c9fafeb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libintlp

libintl_textdomain
libintl_bind_textdomain_codeset
libintl_gettext
libintl_bindtextdomain

kernel32

MulDiv
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
GetModuleHandleW
lstrlenW
InitializeCriticalSection
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
WinExec
WaitForSingleObject
CreateProcessW
GlobalAlloc
GlobalFree
GetVersionExW
GetSystemInfo
GetSystemDefaultLangID
DeleteFileW
TerminateProcess
OpenProcess
Process32NextW
CloseHandle
Process32FirstW
CreateToolhelp32Snapshot
LocalFree
LocalAlloc
FindNextFileW
FindFirstFileW
LocalSize
FormatMessageW
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
FlushInstructionCache
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetDefaultCommConfigW
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointer
HeapCreate
HeapSize
HeapReAlloc
GetStdHandle
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
GetCPInfo
TlsFree
TlsSetValue
RaiseException
DeleteCriticalSection
GetModuleFileNameA
CreateFileA
GetCurrentThreadId
TlsAlloc
TlsGetValue
ReadFile
GetConsoleMode
GetConsoleCP
WriteFile
GetStartupInfoW
IsDebuggerPresent
SetEndOfFile
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetFileAttributesA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
CommConfigDialogW
SetDefaultCommConfigW
CreateFileW
SetCommState
WideCharToMultiByte
FreeLibrary
GetSystemDirectoryW
GetModuleFileNameW
SetLastError
CopyFileW
InterlockedDecrement
LoadLibraryW
GetProcAddress
GetLastError
GetCurrentProcess
Sleep
GetLocaleInfoW
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetStartupInfoA
GetModuleHandleA

user32

UnregisterClassA
SetWindowLongW
GetDlgItem
SendMessageW
MessageBoxW
wsprintfW
DialogBoxParamW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
ShowWindow
IsDialogMessageW
SetWindowTextW
GetActiveWindow
GetDlgItemInt
SetDlgItemInt
EndDialog
SetForegroundWindow
SendDlgItemMessageW
CharNextW
GetDC
ReleaseDC
CreateDialogParamW
DestroyWindow
DefWindowProcW
PostQuitMessage
GetWindowTextW
SetDlgItemTextW
GetDlgItemTextW
LoadImageW
GetParent
GetWindow
GetWindowRect
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
GetClientRect
MapWindowPoints
SetWindowPos
GetSystemMetrics
EnableWindow

gdi32

GetDeviceCaps
DPtoLP
DeleteObject
CreateFontIndirectW

winspool.drv

ord204
AddMonitorW
AddPrinterDriverW
EnumPrintersW
ClosePrinter
AddPrinterW
XcvDataW
AddPortW
GetPrinterDriverDirectoryW
EnumMonitorsW
DeletePrinter
OpenPrinterW
DeleteMonitorW
EnumJobsW
GetPrinterW
SetJobW
EnumPortsW

advapi32

AdjustTokenPrivileges
OpenServiceW
OpenSCManagerW
EnumServicesStatusW
CloseServiceHandle
StartServiceW
QueryServiceStatus
ControlService
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

SHFileOperationW

ole32

CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VarUI4FromStr
VariantClear

shlwapi

StrStrIA
StrStrIW
PathFileExistsW
PathIsDirectoryW

comctl32

InitCommonControlsEx

Exports

Exports

_AddDoubleQuotations3Str@8
_SpoolServiceIsStar@0
_enumLocalPrinters@8
_restartSpooler@0

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c665401d7ac632913a779da04c9fafeb

Headers

DLL Characteristics

File Characteristics

Imports

libintlp

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Exports

Exports

Sections

.text Size: 160KB - Virtual size: 160KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 7KB - Virtual size: 18KB

.rsrc Size: 14KB - Virtual size: 14KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 160KB - Virtual size: 160KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 7KB - Virtual size: 18KB

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 10KB - Virtual size: 10KB