6c0fa60002db190b5f803856cbf5f9c522ccb328faed38c3bfef24b21eafa6ef

Sharing

Copy URL

Twitter E-mail

General

Target

6c0fa60002db190b5f803856cbf5f9c522ccb328faed38c3bfef24b21eafa6ef
Size

3.0MB
MD5

874e4e2750217ca4b060bdf83bc13ee7
SHA1

3762643b982e80d5169112864e10a15d98c8eec9
SHA256

6c0fa60002db190b5f803856cbf5f9c522ccb328faed38c3bfef24b21eafa6ef
SHA512

48f854b813a9017d1534f474b704da781277af4b40675c97d827c216eeb0f7c915e6a9f1f715d665034383aa233cc5c10b4b0eb982b49c82c0f051fb0d958713
SSDEEP

49152:WhdHjR6tKU8sRrW+SsDIjK7MQPygP6AUaVtUTH69EXPhPwS:SkKU8sfSEMkSAUt1wS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6c0fa60002db190b5f803856cbf5f9c522ccb328faed38c3bfef24b21eafa6ef

Files

6c0fa60002db190b5f803856cbf5f9c522ccb328faed38c3bfef24b21eafa6ef
.exe windows:5 windows x64 arch:x64

89fc557f925f579f70988c400eee5dbf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

lstrcmpiW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
IsBadStringPtrW
MultiByteToWideChar
VirtualAllocEx
VirtualFreeEx
OpenProcess
CreateRemoteThread
WriteProcessMemory
SetEvent
ResetEvent
WaitForSingleObject
OpenMutexW
CreateEventW
LoadLibraryA
QueryDosDeviceW
GetEnvironmentVariableW
GetLogicalDriveStringsW
VirtualQuery
WriteFile
CreateFileW
GetModuleHandleExW
CreateMutexW
ReleaseMutex
SizeofResource
HeapAlloc
LocalFree
GetProcessHeap
CreateDirectoryW
GetWindowsDirectoryW
ReadFile
SetFilePointer
SetEndOfFile
Sleep
DeleteFileW
GetFileSize
GetTickCount
SetLastError
lstrlenW
GetPrivateProfileStringW
LoadLibraryW
GlobalMemoryStatusEx
ExpandEnvironmentStringsW
GetVersionExW
GetCurrentProcess
GetFileAttributesW
WriteConsoleW
SetStdHandle
WaitForSingleObjectEx
OutputDebugStringA
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
LoadResource
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetProcAddress
FreeLibrary
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetErrorMode
GetLastError
RaiseException
DecodePointer
GetCurrentProcessId
GetShortPathNameW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetTimeZoneInformation
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
SearchPathW
LockResource
GetSystemInfo
ResumeThread
OpenEventW
OpenFileMappingW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetACP
WideCharToMultiByte
GetVolumeInformationW
GetDiskFreeSpaceW
GetDriveTypeW
FindFirstFileW
GetLongPathNameW
RtlUnwind
GetFileAttributesExW
TryEnterCriticalSection
InitializeCriticalSection
FindNextFileW
FindClose
LocalFileTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetSystemTime
DosDateTimeToFileTime
FileTimeToDosDateTime
HeapFree
GetComputerNameExW
GlobalAlloc
GlobalFree
SetFileTime
GetFileTime
GetFullPathNameW
RemoveDirectoryW
GetTempPathW
GetSystemDirectoryW
SetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
MoveFileExW
CopyFileW
GetTempFileNameW
MoveFileW
DeviceIoControl
lstrcatW
lstrcpyW
GetFileSizeEx
CreateProcessW
GetExitCodeProcess
FormatMessageW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
GetLocalTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
VirtualQueryEx
CreateThread
GetProcessId
OpenThread
TerminateThread
GetThreadContext
SuspendThread
ReleaseSemaphore
CreateSemaphoreW
DuplicateHandle
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
GetStdHandle
GetFileType
RtlUnwindEx
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
ExitThread
FreeLibraryAndExitThread
ExitProcess
GetModuleFileNameA
SetConsoleCtrlHandler
GetCurrentThread
HeapSize
HeapReAlloc
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP

user32

GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW
UnregisterClassW
GetMessageW
CharNextW
PostThreadMessageW
PeekMessageW
DispatchMessageW
TranslateMessage

advapi32

SetSecurityDescriptorDacl
ReportEventW
RegisterEventSourceW
DeregisterEventSource
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AddAccessAllowedAce
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString
VarUI4FromStr

shlwapi

PathFileExistsW

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 630KB - Virtual size: 629KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

89fc557f925f579f70988c400eee5dbf

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 630KB - Virtual size: 629KB

.data Size: 11KB - Virtual size: 22KB

.pdata Size: 113KB - Virtual size: 113KB

.rsrc Size: 75KB - Virtual size: 75KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 630KB - Virtual size: 629KB

.data
Size: 11KB - Virtual size: 22KB

.pdata
Size: 113KB - Virtual size: 113KB

.rsrc
Size: 75KB - Virtual size: 75KB

.reloc
Size: 6KB - Virtual size: 6KB