6222ffcaf5584aa081003321bcec9ab7

Sharing

Copy URL Twitter E-mail

General

Target

6222ffcaf5584aa081003321bcec9ab7
Size

92KB
MD5

6222ffcaf5584aa081003321bcec9ab7
SHA1

8ab0f7ac2667e07cbdc4839fe458b1938744d828
SHA256

6b2db458dda5dc04bcbf6dc37cca2551ab845afa45fb2492115b98a6dd3b8e29
SHA512

0ad51837acf282bf93c321c2d2cda5fe29f4f2f1286b1cbb4c2e98f601fc7567ab94d968591161b20ffdae4dc4e60da1e6fbe8210b925a39af09965e3ab3b974
SSDEEP

1536:e2mxPcHJ38R+MatRWhofbp00V/pQKTbl0hFa71GrVo0aOwmMHAsbOEDFcy:PiAJsRwRDmZ588O0aOwmTsHxJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6222ffcaf5584aa081003321bcec9ab7

Files

6222ffcaf5584aa081003321bcec9ab7
.exe windows:5 windows x86 arch:x86

e60d08a5221759ad19d63f5ffebd8a20

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlCreateAcl
RtlCreateHeap
RtlEnterCriticalSection
NtCreatePort
RtlLeaveCriticalSection
RtlInitializeSid
RtlUnwind
RtlExitUserThread
NtQueryVirtualMemory
NtReadRequestData
NtWaitForMultipleObjects
NtCreateFile
NtQueryValueKey
NtQuerySystemInformation
NtSetInformationThread
NtResetEvent
NtDelayExecution
NtOpenProcess
RtlSetDaclSecurityDescriptor
RtlAllocateAndInitializeSid
RtlFreeHeap
NtImpersonateThread
NtClose
NtCreateEvent
NtAcceptConnectPort
RtlLengthRequiredSid
RtlSubAuthoritySid
RtlCreateSecurityDescriptor
NtRequestWaitReplyPort
NtOpenThread
NtDuplicateObject
RtlRegisterWait
RtlLengthSid
NtOpenKey
NtResumeThread
RtlCreateUserThread
_vsnprintf
NtSetEvent
RtlInitUnicodeString
RtlInitializeCriticalSection
RtlDeleteCriticalSection
NtReplyPort
NtCompleteConnectPort
RtlAllocateHeap
NtTerminateThread
RtlAddAccessAllowedAce
NtReplyWaitReceivePort
NtWriteRequestData
RtlDestroyHeap

advapi32

ReportEventW
DeregisterEventSource
RegisterEventSourceW
SetServiceStatus
RegisterServiceCtrlHandlerExW

kernel32

GetLastError
GetSystemInfo
QueryPerformanceCounter
GetTickCount
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
DisableThreadLibraryCalls
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
VirtualAlloc

cmdial32

AutoDialFunc

atmlib

ATMEnumFonts

apphelp

ApphelpCheckRunApp
ApphelpQueryModuleData

crypt32

RegCreateHKCUKeyExU

Sections

.textbss
Size: - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e60d08a5221759ad19d63f5ffebd8a20

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

advapi32

kernel32

cmdial32

atmlib

apphelp

crypt32

Sections

.textbss Size: - Virtual size: 432KB

.text Size: 512B - Virtual size: 460B

.idata Size: 88KB - Virtual size: 88KB

.rdata Size: 512B - Virtual size: 32B

.data Size: 1024B - Virtual size: 892B

.reloc Size: 512B - Virtual size: 32B

.textbss
Size: - Virtual size: 432KB

.text
Size: 512B - Virtual size: 460B

.idata
Size: 88KB - Virtual size: 88KB

.rdata
Size: 512B - Virtual size: 32B

.data
Size: 1024B - Virtual size: 892B

.reloc
Size: 512B - Virtual size: 32B