0061a1551ef63e2d130148bf01cb12b2

Sharing

Copy URL

Twitter E-mail

General

Target

0061a1551ef63e2d130148bf01cb12b2
Size

517KB
MD5

0061a1551ef63e2d130148bf01cb12b2
SHA1

61c557b998189e1eb7c009ac6b82ac1d59c37e8f
SHA256

cff0ba7d0d7e13a478b65e3968fe7bfb5b826a29856d90c81d8f519622a8c7a1
SHA512

de1010680a739c7ee26118f8d5d12ba67265dfa73f19fbdf1dc838dd44e700a753c8b688166f00d226132291a49a0b1a882103469047f2ff7a83b6fb78fd6800
SSDEEP

12288:S9xJoNTT5XX8p5GNOc09ZXArdiRO3pVCxcNna7VaXC5:S9xsHZYuF09ZXAro43pVCq9aJd5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0061a1551ef63e2d130148bf01cb12b2

Files

0061a1551ef63e2d130148bf01cb12b2
.exe windows:4 windows x86 arch:x86

20a9732406af0f794ef0ff450682cef5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

StartServiceCtrlDispatcherW
RegEnumKeyExA
GetAuditedPermissionsFromAclA
RegGetKeySecurity
FreeSid
InitiateSystemShutdownA
CryptContextAddRef
SetNamedSecurityInfoExW
GetCurrentHwProfileW
LookupAccountSidA
LookupAccountNameW
RegLoadKeyW
RegisterEventSourceW
BuildTrusteeWithSidW
DuplicateTokenEx
RegSaveKeyW
QueryServiceConfigA
CryptCreateHash
LookupAccountNameA
GetMultipleTrusteeA
SetFileSecurityW
CloseServiceHandle
MakeAbsoluteSD
CryptAcquireContextA
AccessCheck
RegSetKeySecurity
AccessCheckAndAuditAlarmW
RegOpenKeyExW
GetSecurityDescriptorLength
LookupSecurityDescriptorPartsW
ConvertSecurityDescriptorToAccessA
RegConnectRegistryA
SetAclInformation
OpenEventLogW
GetFileSecurityA
RegCloseKey
RegQueryValueExA
RegQueryMultipleValuesW
RegDeleteKeyA
SetNamedSecurityInfoExA

kernel32

GetProcessHeap
GetDefaultCommConfigA
GetProcessShutdownParameters
Module32Next
Thread32Next
lstrcmp
GetTempPathW
LCMapStringW
ConvertDefaultLocale
GetThreadContext
ReadConsoleInputA
TransmitCommChar
GetCPInfoExW
LocalAlloc
SetTapeParameters
SetThreadPriorityBoost
SetThreadContext
GetFileAttributesA
WaitNamedPipeA
FillConsoleOutputCharacterW
SetComputerNameW
CreateIoCompletionPort
CompareFileTime
PeekNamedPipe
FindResourceExW
CreateWaitableTimerA
CreateFileA
MoveFileW
LocalFree
GetPrivateProfileStructA
FatalAppExitW
OpenWaitableTimerA
EraseTape
WaitForSingleObjectEx
WaitForSingleObject
WriteFile
EnumDateFormatsExW
FoldStringA
VirtualProtect
VirtualAlloc

shlwapi

PathIsUNCW
SHRegDuplicateHKey
SHDeleteEmptyKeyW
SHIsLowMemoryMachine
SHAutoComplete
StrStrA
UrlUnescapeW
PathCanonicalizeA
UrlGetLocationA
PathAddExtensionA
PathIsSameRootA
PathMatchSpecW
StrChrA
SHRegEnumUSKeyA
PathAddExtensionW
PathFindSuffixArrayW
SHGetThreadRef
PathFileExistsA
PathGetCharTypeA
PathGetCharTypeW
StrSpnA
PathFindExtensionA
PathUndecorateA
SHRegSetUSValueA
PathParseIconLocationW
UrlCombineA
wnsprintfA
PathIsUNCServerA
IntlStrEqWorkerA
SHRegQueryInfoUSKeyW
PathMakeSystemFolderW
PathRenameExtensionA
UrlUnescapeA
SHRegGetBoolUSValueA
SHCopyKeyW
PathCombineA
PathGetDriveNumberW
PathIsDirectoryW
SHRegEnumUSKeyW
SHRegEnumUSValueA
PathCommonPrefixA
SHRegDeleteUSValueA
StrRChrIW
PathGetArgsA
StrPBrkA
PathFindExtensionW
UrlEscapeW
PathIsUNCServerShareA
PathBuildRootA
PathIsDirectoryEmptyA
PathMakeSystemFolderA
PathIsContentTypeW
PathIsRelativeA

ole32

UtGetDvtd16Info
OleRegGetUserType
CoUnmarshalHresult
OleNoteObjectVisible
OleGetAutoConvert
OleQueryCreateFromData
OleMetafilePictFromIconAndLabel
OleConvertIStorageToOLESTREAM
CoInitialize
OleGetClipboard
StringFromIID
CoQueryReleaseObject
StgGetIFillLockBytesOnFile
CoQueryClientBlanket
OleIsCurrentClipboard
CoTaskMemFree
OleConvertOLESTREAMToIStorageEx
CoDosDateTimeToFileTime
CoFreeAllLibraries
OleCreateFromData
OleIsRunning
OleQueryLinkFromData
CreateDataCache
SetConvertStg
CoGetCurrentLogicalThreadId
CoMarshalHresult
OleSetClipboard
OleLoad
ProgIDFromCLSID
OleCreateLinkFromData
CoGetCurrentProcess
CoGetObject

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

20a9732406af0f794ef0ff450682cef5

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

shlwapi

ole32

Sections

.text Size: 59KB - Virtual size: 58KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 16KB

.text
Size: 59KB - Virtual size: 58KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 16KB