6bd33ee17254fbbde3b63dd36a8e0c9f0d206fa33b19bbafa3850328038d3dff

Sharing

Copy URL Twitter E-mail

General

Target

6bd33ee17254fbbde3b63dd36a8e0c9f0d206fa33b19bbafa3850328038d3dff
Size

994KB
MD5

59aa24a3a0111990015b4136676c170c
SHA1

c9792633017dc3adf1e5098695ff0c3017f1b808
SHA256

6bd33ee17254fbbde3b63dd36a8e0c9f0d206fa33b19bbafa3850328038d3dff
SHA512

20371949452f1922b113ef77620321286a0b9eb308dc22444121cb273f20b21cafe04e7cb6fd259bed91346bfaebc6fea9de29d4abfb3b64daa6074193432b14
SSDEEP

12288:bpmIBbbPIcGTsIj0mM/MH9WY23RDuK7aFvlJhZ/U2SpAgh:bp1B39GTssaMN2hOJheU8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6bd33ee17254fbbde3b63dd36a8e0c9f0d206fa33b19bbafa3850328038d3dff

Files

6bd33ee17254fbbde3b63dd36a8e0c9f0d206fa33b19bbafa3850328038d3dff
.exe windows:5 windows x64

c62e133854a22e69491142b771732564

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFileAttributesA
SetFileTime
WriteFile
CreateDirectoryA
LocalFileTimeToFileTime
lstrcpyA
lstrlenA
WideCharToMultiByte
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
GetProcAddress
FreeLibrary
SetLastError
GetLastError
GetTickCount
SleepEx
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
LoadLibraryA
GetModuleHandleA
WaitForSingleObject
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
GetModuleHandleW
ExitProcess
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetCommandLineA
LCMapStringW
GetCPInfo
HeapReAlloc
ExitThread
GetCurrentThreadId
CreateThread
GetCurrentProcessId
lstrcatA
FileTimeToLocalFileTime
GetFileInformationByHandle
FindClose
GetDriveTypeA
FindFirstFileExA
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
TerminateProcess
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LoadLibraryW
GetLocaleInfoW
GetModuleFileNameW
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStartupInfoW
FlushFileBuffers
HeapSetInformation
GetVersion
HeapCreate
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
SetStdHandle
GetFullPathNameA
GetCurrentDirectoryW
WriteConsoleW
CreateFileW
GetTimeZoneInformation
CompareStringW
SetEnvironmentVariableA
GetDriveTypeW
SetEndOfFile
GetProcessHeap
GetCurrentDirectoryA
SystemTimeToFileTime
ReadFile
CloseHandle
CreateFileA
SetFilePointer
FreeConsole
FileTimeToSystemTime
DeleteFileA

user32

wsprintfA

shell32

ShellExecuteA

advapi32

CryptDestroyKey
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
CryptImportKey
CryptEncrypt

wldap32

ord27
ord301
ord33
ord79
ord35
ord32
ord200
ord41
ord26
ord50
ord60
ord143
ord211
ord22
ord46
ord30

ws2_32

WSASetLastError
__WSAFDIsSet
WSAGetLastError
select
WSAStartup
WSACleanup
WSAIoctl
setsockopt
getsockname
ntohs
bind
htons
getsockopt
getpeername
closesocket
socket
connect
freeaddrinfo
getaddrinfo
sendto
recvfrom
accept
listen
ioctlsocket
gethostname
htonl
ntohl
send
recv

crypt32

CertFreeCertificateContext

Sections

.text
Size: 487KB - Virtual size: 486KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c62e133854a22e69491142b771732564

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

advapi32

wldap32

ws2_32

crypt32

Sections

.text Size: 487KB - Virtual size: 486KB

.rdata Size: 113KB - Virtual size: 112KB

.data Size: 10KB - Virtual size: 20KB

.pdata Size: 26KB - Virtual size: 26KB

.rsrc Size: 356KB - Virtual size: 356KB

.text
Size: 487KB - Virtual size: 486KB

.rdata
Size: 113KB - Virtual size: 112KB

.data
Size: 10KB - Virtual size: 20KB

.pdata
Size: 26KB - Virtual size: 26KB

.rsrc
Size: 356KB - Virtual size: 356KB