b6e651cd6509389950507c07843a027529a46c4faa0190bcc8b6ae293bc33607

Sharing

Copy URL Twitter E-mail

General

Target

b6e651cd6509389950507c07843a027529a46c4faa0190bcc8b6ae293bc33607
Size

10.0MB
MD5

bc6806ece254f8842d30ad8bbcb69fa5
SHA1

057d56a07985387c02a0bd16bc21d4fdbe33d855
SHA256

b6e651cd6509389950507c07843a027529a46c4faa0190bcc8b6ae293bc33607
SHA512

441acce4e337aeb074bb8c3418d2199ea547c424ed455fe855e73cd68d1f318caa3d8b62e1a7bc9179d202d04d3d323d1b0af10689728c50fe39fe9c7392f066
SSDEEP

196608:b0GLRObavOBED8/jh1/QrYdPueu3563XFbUCdIc1Q3+yMMh:b0aROmvOBEIjhiqp8kLuc1olMMh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6e651cd6509389950507c07843a027529a46c4faa0190bcc8b6ae293bc33607

Files

b6e651cd6509389950507c07843a027529a46c4faa0190bcc8b6ae293bc33607
.exe windows:5 windows x86 arch:x86

6006faf245645827122208ea0b239734

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

kernel32

GetStringTypeW
SetHandleCount
CreateThread
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetLastError
GetEnvironmentVariableW
GetVersion
GetFileAttributesA
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
SetEvent
WaitForMultipleObjects
TerminateThread
SetThreadPriority
GetCurrentThreadId
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
QueryPerformanceCounter
GetSystemTimeAsFileTime
FileTimeToSystemTime
QueryPerformanceFrequency
FileTimeToLocalFileTime
HeapCreate
IsValidCodePage
GetOEMCP
GetLocaleInfoW
GetSystemDirectoryW
WriteConsoleW
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
SleepEx
GetCPInfo
GetFileInformationByHandle
GetModuleHandleExW
FindFirstFileExA
GetDriveTypeA
SetConsoleCtrlHandler
GetConsoleCP
HeapReAlloc
HeapAlloc
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
HeapFree
ExitThread
DecodePointer
EncodePointer
InterlockedDecrement
InterlockedIncrement
RaiseException
SetStdHandle
GetFullPathNameA
FlushFileBuffers
PeekNamedPipe
GetUserDefaultLCID
GetLocaleInfoA
ExpandEnvironmentStringsA
EnumSystemLocalesA
IsValidLocale
SetEndOfFile
InterlockedExchangeAdd
InterlockedExchange
FormatMessageA
InterlockedCompareExchange
InitializeCriticalSectionAndSpinCount
GetLocalTime
DeleteFiber
GlobalAlloc
GlobalLock
GlobalUnlock
GetFileSize
SetFileTime
GetFileSizeEx
DosDateTimeToFileTime
SystemTimeToFileTime
ReadFile
CreateFileW
DuplicateHandle
GetFileType
SetFilePointer
ConvertFiberToThread
FormatMessageW
LocalFree
GetACP
ExitProcess
LoadLibraryA
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetCurrentDirectoryW
GetCurrentProcessId
LoadLibraryW
FreeLibrary
GetDiskFreeSpaceExW
OpenMutexW
CreateMutexW
WriteFile
CreateFileA
GetFileAttributesW
CreateProcessW
GetStdHandle
GetVersionExW
GetModuleFileNameW
MulDiv
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
VerifyVersionInfoW
VerSetConditionMask
OutputDebugStringW
TerminateProcess
Sleep
Process32NextW
OpenProcess
lstrcmpiW
Process32FirstW
CreateToolhelp32Snapshot
FindClose
FindNextFileW
FindFirstFileW
CreateDirectoryW
DeleteFileW
GetTempFileNameW
SetEnvironmentVariableA
GetTempPathW
GetTickCount
MoveFileExW
CopyFileW
WinExec
GetExitCodeProcess
ResetEvent
InitializeCriticalSection
CreateEventW
WaitForSingleObject
GetProcAddress
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetLastError
GetModuleHandleW
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceW
GetProcessHeap
GetDriveTypeW
GetTimeZoneInformation
CompareStringW
IsProcessorFeaturePresent

ws2_32

accept
bind
htons
WSAGetLastError
WSASetEvent
recv
send
WSASetLastError
__WSAFDIsSet
select
socket
WSACleanup
WSAStartup
WSAIoctl
setsockopt
getsockname
ntohs
getsockopt
getpeername
connect
sendto
recvfrom
gethostname
closesocket
ntohl
ioctlsocket
getaddrinfo
freeaddrinfo
htonl
listen

wldap32

ord46
ord41
ord27
ord301
ord216
ord79
ord142
ord127
ord147
ord133
ord26
ord208
ord145
ord73
ord167
ord219
ord14
ord118

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CryptStringToBinaryW
CertOpenStore
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertAddCertificateContextToStore
CryptQueryObject
CertGetNameStringW
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertGetCertificateChain
CertCreateCertificateChainEngine
CertCloseStore

user32

SetCaretPos
GetSysColor
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
InvalidateRgn
CreateAcceleratorTableW
CloseWindow
GetUserObjectInformationW
GetProcessWindowStation
MsgWaitForMultipleObjectsEx
PeekMessageW
CallMsgFilterW
GetQueueStatus
WaitMessage
UnregisterClassW
wvsprintfW
SetCursor
OffsetRect
MessageBoxW
SetWindowRgn
GetClassInfoExW
RegisterClassExW
LoadCursorW
RegisterClassW
SetPropW
GetPropW
CallWindowProcW
MonitorFromWindow
EnableWindow
ShowWindow
DefWindowProcW
GetMessageW
ShowCaret
DispatchMessageW
GetParent
GetWindow
BeginPaint
UpdateLayeredWindow
EndPaint
GetUpdateRect
MapWindowPoints
CreateWindowExW
SetFocus
GetFocus
DestroyWindow
LoadStringW
SetWindowPos
PostMessageW
ReleaseCapture
SetCapture
InvalidateRect
GetWindowLongW
SetWindowLongW
GetDC
IsWindow
PostQuitMessage
KillTimer
SetTimer
PtInRect
LoadImageW
SendMessageW
IsZoomed
GetClientRect
ScreenToClient
ReleaseDC
EnumDisplaySettingsW
GetMonitorInfoW
EnumDisplayMonitors
GetCursorPos
GetKeyState
GetWindowRect
IsIconic
HideCaret
CreateCaret
ClientToScreen
SetRect
CharPrevW
DrawTextW
FillRect
IntersectRect
CharNextW
MoveWindow
GetWindowRgn
TranslateMessage
IsRectEmpty

gdi32

CombineRgn
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
SelectClipRgn
CreateRectRgn
PtInRegion
CreateRoundRectRgn
CreateCompatibleDC
CreateDIBSection
StretchBlt
BitBlt
SetStretchBltMode
RestoreDC
Rectangle
SetWindowOrgEx
DeleteDC
CreatePen
ExtTextOutW
SetBkColor
CreateSolidBrush
LineTo
MoveToEx
CreatePenIndirect
RoundRect
GetTextMetricsW
SetTextColor
GetTextExtentPoint32W
GetObjectW
GetStockObject
DeleteObject
GetObjectA
GetCharABCWidthsW
TextOutW
SaveDC
SetBkMode
SelectObject
CreateFontIndirectW
GetDeviceCaps
CreateDCW

advapi32

DeleteService
CreateServiceW
CloseServiceHandle
CryptImportKey
CryptEncrypt
CryptDecrypt
CryptSetHashParam
CryptSignHashW
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptDestroyKey
CryptEnumProvidersW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
OpenServiceW
ControlService
OpenSCManagerW

shell32

SHBrowseForFolderW
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHGetFolderPathW

ole32

CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CLSIDFromProgID
CLSIDFromString
OleLockRunning
CoInitialize

gdiplus

GdipDeleteBrush
GdiplusStartup
GdipFree
GdipAlloc
GdipCreateStringFormat
GdipDeleteStringFormat
GdipDeleteGraphics
GdipDeleteFont
GdipCloneImage
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipSetImageAttributesColorMatrix
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateLineBrushI
GdiplusShutdown

comctl32

_TrackMouseEvent
ord17

msimg32

AlphaBlend

winmm

timeGetTime

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 495KB - Virtual size: 494KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51.6MB - Virtual size: 51.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6006faf245645827122208ea0b239734

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

version

kernel32

ws2_32

wldap32

crypt32

user32

gdi32

advapi32

shell32

ole32

gdiplus

comctl32

msimg32

winmm

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 495KB - Virtual size: 494KB

.data Size: 21KB - Virtual size: 48KB

.rsrc Size: 51.6MB - Virtual size: 51.6MB

.reloc Size: 227KB - Virtual size: 226KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 495KB - Virtual size: 494KB

.data
Size: 21KB - Virtual size: 48KB

.rsrc
Size: 51.6MB - Virtual size: 51.6MB

.reloc
Size: 227KB - Virtual size: 226KB