6198158ab3aa4dd99bcc1fe230ff7539

Sharing

Copy URL

Twitter E-mail

General

Target

6198158ab3aa4dd99bcc1fe230ff7539
Size

465KB
MD5

6198158ab3aa4dd99bcc1fe230ff7539
SHA1

af80ebc9ed1102f91a9601d35a92a342331b9be1
SHA256

df5e1feaf7fe114c30d33a01af6d9e70f89a33d6384158a58d026a7c13908915
SHA512

da6f52245dbeb31cbf56e461b59cada5ecef1aef4feee8f27a131118cef05092700be806338666c7285e0805fe8a855871143b73739cb0378be8d99a5b5e6ff7
SSDEEP

12288:QggkmrTGAkZsQ8Rg6I/F4l0EbO0/lAFeFMy2:QggkGTGbZBCg6I/F808OWlu7f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

6198158ab3aa4dd99bcc1fe230ff7539

resource
6198158ab3aa4dd99bcc1fe230ff7539

Files

6198158ab3aa4dd99bcc1fe230ff7539
.exe windows:5 windows x86 arch:x86

4214b8cb9db1b65020151730b5b76b8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
GetEnvironmentStringsW
GetModuleHandleW
GetTickCount
GlobalAlloc
SetConsoleCP
GetGeoInfoA
lstrcatA
GetACP
SetLastError
BuildCommDCBW
ResetEvent
WaitForMultipleObjects
VirtualProtect
SetFileShortNameA
DeleteFileW
lstrcpyA
lstrlenW
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
HeapSize
SetFilePointer
CloseHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleHandleA
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA

advapi32

DeregisterEventSource

winhttp

WinHttpCloseHandle

Sections

.text
Size: 410KB - Virtual size: 410KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 8.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4214b8cb9db1b65020151730b5b76b8b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

winhttp

Sections

.text Size: 410KB - Virtual size: 410KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 21KB - Virtual size: 8.3MB

.rsrc Size: 14KB - Virtual size: 14KB

.text
Size: 410KB - Virtual size: 410KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 21KB - Virtual size: 8.3MB

.rsrc
Size: 14KB - Virtual size: 14KB