61f0d6787e9ad5c74e12be477e32555f

Sharing

Copy URL Twitter E-mail

General

Target

61f0d6787e9ad5c74e12be477e32555f
Size

1.7MB
MD5

61f0d6787e9ad5c74e12be477e32555f
SHA1

21060842b3f511bc962749343f36b31bd8a5c77e
SHA256

e6ee9641b2cb61d79791df3800e6f3938601f053cfbbe537646326c1b65b3582
SHA512

12c051b3ef696baeb9454c6100152ceddb8780276940ad15d1d7e0a739fe0715ca36d5b2acf1e7a94214ceb942c1bddc7c363ab55605ff222daea191bf991ead
SSDEEP

49152:Lqm3dht7wKUBsoGwvwiJtEEKahSl51My8HaHs/VJzS:LqmntU+x6jJz6lr+aHuS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61f0d6787e9ad5c74e12be477e32555f

Files

61f0d6787e9ad5c74e12be477e32555f
.exe windows:4 windows x86 arch:x86

a4b3aeb864ee0c5069522dc8cc3f73da

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetLocalTime
MoveFileExA
GlobalAlloc
FindClose
GetModuleFileNameA
GetStringTypeW
GetACP
GetVersion
FindResourceA
GetThreadLocale
WideCharToMultiByte
GlobalDeleteAtom
LoadLibraryExA
IsBadReadPtr
GetCommandLineA
GetLastError
GetStdHandle
lstrcmpiA
LoadResource
VirtualAlloc
GlobalFindAtomA
InitializeCriticalSection
SetLastError
SetEndOfFile
MulDiv
VirtualQuery
GetStringTypeA
ExitThread
GetCurrentThread
GetProcessHeap
lstrcpynA
WaitForSingleObject
IsBadHugeReadPtr
VirtualAllocEx
ExitProcess
Sleep
CreateThread
LocalReAlloc
GetCurrentThreadId
EnumCalendarInfoA
CreateEventA
LoadLibraryA
GetFullPathNameA
WriteFile
lstrcatA
FindFirstFileA
FreeLibrary
GetTickCount
ResetEvent
lstrlenA
SetErrorMode

shlwapi

PathIsDirectoryA
PathFileExistsA

user32

PostQuitMessage
GetCapture
GetMenu
GetWindowTextLengthA
IsIconic

Exports

Exports

MeW@24
_Mf@20
Q@12
in@20
cdB
_o7A@20
_5K@8
GC
_vA_@16
4TB@20
X@12
OD@4
_1K
_6u@24
__z

Sections

.text
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 512B - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

bbs
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4b3aeb864ee0c5069522dc8cc3f73da

Headers

File Characteristics

Imports

kernel32

shlwapi

user32

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 20KB

DATA Size: 1.6MB - Virtual size: 1.6MB

.bss Size: 512B - Virtual size: 4.3MB

.tls Size: 2KB - Virtual size: 4KB

rdata Size: 512B - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 1KB - Virtual size: 4KB

bbs Size: 1KB - Virtual size: 4KB

.rsrc Size: 15KB - Virtual size: 16KB

.text
Size: 17KB - Virtual size: 20KB

DATA
Size: 1.6MB - Virtual size: 1.6MB

.bss
Size: 512B - Virtual size: 4.3MB

.tls
Size: 2KB - Virtual size: 4KB

rdata
Size: 512B - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 1KB - Virtual size: 4KB

bbs
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 15KB - Virtual size: 16KB