6fa6145408532e32672c1a9667e0e9588161f3931ac7382f5271d48ee5bb1caf

Sharing

Copy URL

Twitter E-mail

General

Target

6fa6145408532e32672c1a9667e0e9588161f3931ac7382f5271d48ee5bb1caf
Size

630KB
MD5

24681cb300626dbdb79bdc19962bdd97
SHA1

f1a81204889cd78de1ba433adc2649383e0ddaf4
SHA256

6fa6145408532e32672c1a9667e0e9588161f3931ac7382f5271d48ee5bb1caf
SHA512

418e37459446905808a46687abcccdd9a5b572794d65e90979f9e1d95c0b29b13292d4524206fa3fbb14fc5f5d373a3d051833fb56dd70906bfd328b934db738
SSDEEP

12288:LxBIEJ1X6JE9EA0ssGQ3VaPJJim2FmrhBe++uC7Kv4/g/J/vQ:LxBIEJ1IaEVsCVaPX+ohBef/g/J/4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fa6145408532e32672c1a9667e0e9588161f3931ac7382f5271d48ee5bb1caf

Files

6fa6145408532e32672c1a9667e0e9588161f3931ac7382f5271d48ee5bb1caf
.exe windows:5 windows x86 arch:x86

6c612c89697dbecd6d7926fd480fc3d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileInformationByHandle
GetDriveTypeA
WriteFile
SetFileTime
GetCurrentDirectoryA
GetFileAttributesA
CreateDirectoryA
LocalFileTimeToFileTime
lstrcpyA
SystemTimeToFileTime
ReadFile
SetFilePointer
CreateFileA
MulDiv
MultiByteToWideChar
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
FreeResource
GetVersionExA
lstrcmpW
CompareStringA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
lstrcmpA
InterlockedExchange
GetLocaleInfoA
GetModuleFileNameA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
WaitForSingleObject
GetCurrentProcessId
GetFullPathNameA
GetModuleFileNameW
FileTimeToSystemTime
GetModuleHandleW
InterlockedIncrement
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
WritePrivateProfileStringA
FlushFileBuffers
SetEndOfFile
GetCurrentProcess
FileTimeToLocalFileTime
SetErrorMode
Sleep
ExitProcess
RtlUnwind
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetCommandLineA
GetStartupInfoA
VirtualAlloc
HeapReAlloc
ExitThread
CreateThread
HeapSize
GetConsoleCP
GetConsoleMode
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetACP
IsValidCodePage
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
SleepEx
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
CloseHandle
FindFirstFileA
FindClose
FormatMessageA
lstrlenA
LocalAlloc
FreeLibrary
GetLastError
SetLastError
GetProcAddress
GetModuleHandleA
LoadLibraryA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
InterlockedDecrement
GetPrivateProfileStringA
GetTempPathA
GetTickCount
lstrcatA
LocalFree
DeleteFileA

user32

ShowWindow
PostQuitMessage
ValidateRect
GetCursorPos
TranslateMessage
GetMessageA
SetCursor
GetWindowThreadProcessId
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ClientToScreen
BeginPaint
EndPaint
LoadCursorA
DestroyMenu
GetSysColorBrush
UnregisterClassA
RegisterClipboardFormatA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
PtInRect
GetMenu
SetWindowPos
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetMenuState
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
EnableWindow
wsprintfA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
PeekMessageA
MapWindowPoints
GetMessagePos
GetKeyState
SetMenu
SetForegroundWindow
MessageBoxA
LoadBitmapA
GetWindowRect
GetClientRect
GetDC
SendMessageA
UpdateWindow
SetWindowTextA
IsDialogMessageA
SystemParametersInfoA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
LoadIconA
GetSysColor
IsWindowVisible
GetFocus
SetWindowLongA
GetWindowLongA
GetDesktopWindow
ReleaseDC
ModifyMenuA
GetSubMenu
GetMenuItemID
GetMenuItemCount
CopyRect
GetParent
PostMessageA

gdi32

DeleteObject
SetMapMode
RestoreDC
SaveDC
DeleteDC
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

shell32

ShellExecuteA

oleaut32

VariantChangeType
VariantInit
VariantClear

shlwapi

PathFindExtensionA
PathFindFileNameA

wldap32

ord211
ord143
ord60
ord50
ord46
ord41
ord27
ord301
ord33
ord79
ord35
ord32
ord26
ord30
ord200
ord22

ws2_32

htonl
ioctlsocket
listen
accept
recvfrom
sendto
getaddrinfo
freeaddrinfo
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
ntohl
gethostname

crypt32

CertFreeCertificateContext

oleacc

LresultFromObject
CreateStdAccessibleObject

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA
RegQueryValueA
RegCreateKeyExA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptDestroyKey
CryptEncrypt
CryptImportKey

Sections

.text
Size: 414KB - Virtual size: 413KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 119KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c612c89697dbecd6d7926fd480fc3d6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

oleaut32

shlwapi

wldap32

ws2_32

crypt32

oleacc

winspool.drv

advapi32

Sections

.text Size: 414KB - Virtual size: 413KB

.rdata Size: 87KB - Virtual size: 86KB

.data Size: 9KB - Virtual size: 25KB

.rsrc Size: 119KB - Virtual size: 120KB

.text
Size: 414KB - Virtual size: 413KB

.rdata
Size: 87KB - Virtual size: 86KB

.data
Size: 9KB - Virtual size: 25KB

.rsrc
Size: 119KB - Virtual size: 120KB