6946f7085b93ab5c4367012519617805

Sharing

Copy URL Twitter E-mail

General

Target

6946f7085b93ab5c4367012519617805
Size

863KB
MD5

6946f7085b93ab5c4367012519617805
SHA1

271c9eaa6c4bd0c5186d04f615f0906e89813b4f
SHA256

e29cf42818797fc1ed023f42246d19fd4c2d972769b7e2431e43c281b63901f4
SHA512

f00f147b4e853dfdf17f21a7556f4bd05c674938310b1714cad5e2d2cfb854d3928e09e587c0a1d5d50090724f9c912868cd4a8e936ed1aeb41e1fcf71b31d09
SSDEEP

24576:bijV3NcAeRQ5o05BzYi2hq3vPdnpDOvJnWqz5kq/u:cNNfhBsi2hAvRYvTf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6946f7085b93ab5c4367012519617805

Files

6946f7085b93ab5c4367012519617805
.exe windows:5 windows x86 arch:x86

efb5408a4951e413a05bb3f59d1c32e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetBrushAttributes
GdiEntry3
GetCharWidth32A
SetWindowExtEx
SetArcDirection
EngUnlockSurface
FONTOBJ_pQueryGlyphAttrs
DdEntry6
SelectFontLocal
SelectBrushLocal
GdiEntry4
GdiEntry1
HT_Get8BPPFormatPalette
ResizePalette
GdiSetLastError
SelectObject
EnableEUDC
LineDDA
CreateBitmapIndirect
CreateDiscardableBitmap
GetClipBox
GdiGetCodePage
EudcUnloadLinkW
DeleteEnhMetaFile
CLIPOBJ_cEnumStart
SetROP2
CreateHatchBrush
DdEntry12
FONTOBJ_pfdg
GetTextExtentExPointI
GdiEntry8
GetGlyphOutlineA
GetObjectW
GdiPlayScript
GetCharABCWidthsA
DdEntry17
EngGetPrinterDataFileName
GetBkColor
StartPage
SetMetaRgn
GdiStartDocEMF
ClearBitmapAttributes
GdiAddGlsBounds

winmm

midiStreamPosition
mixerGetID
auxSetVolume
waveOutBreakLoop
waveInGetDevCapsW
wid32Message
mixerGetLineInfoW
OpenDriver
midiOutClose
mmioStringToFOURCCA
midiInPrepareHeader
timeGetSystemTime
waveOutOpen
mciGetErrorStringW
midiOutOpen
mmTaskSignal
midiInReset
PlaySoundA
mciGetDeviceIDFromElementIDW
mixerMessage
timeKillEvent
waveOutGetErrorTextA
tid32Message
waveOutReset
waveOutPrepareHeader
joySetThreshold
DrvGetModuleHandle
PlaySound
waveOutGetDevCapsA
midiInGetNumDevs
mciSendCommandA
waveInStart
mmioCreateChunk
waveInClose
midiInStart
timeBeginPeriod
waveInAddBuffer
midiInUnprepareHeader
mixerSetControlDetails
sndPlaySoundA
auxGetDevCapsA
mmTaskBlock

mscms

GetColorDirectoryA
SetStandardColorSpaceProfileW
IsColorProfileValid
DisassociateColorProfileFromDeviceA
GetPS2ColorSpaceArray
SelectCMM
GetCountColorProfileElements
CreateColorTransformA
AssociateColorProfileWithDeviceA
EnumColorProfilesA
SetColorProfileElement
TranslateColors
CreateProfileFromLogColorSpaceW
GetStandardColorSpaceProfileW
GetColorProfileElement
SpoolerCopyFileEvent
InternalGetDeviceConfig
SetColorProfileElementReference
InternalGetPS2CSAFromLCS
IsColorProfileTagPresent
GetColorDirectoryW
RegisterCMMW
GetPS2ColorRenderingIntent
EnumColorProfilesW
RegisterCMMA
UninstallColorProfileW
InstallColorProfileW
TranslateBitmapBits
SetStandardColorSpaceProfileA
SetColorProfileElementSize
CheckColors
DeleteColorTransform
InternalSetDeviceConfig
CreateDeviceLinkProfile
UnregisterCMMW
GetNamedProfileInfo
GetColorProfileHeader
OpenColorProfileW
CreateProfileFromLogColorSpaceA
CreateColorTransformW
InternalGetPS2ColorRenderingDictionary
UnregisterCMMA

lz32

LZOpenFileW
LZSeek
LZClose
LZCreateFileW
CopyLZFile
LZStart
LZDone
GetExpandedNameA
LZCloseFile
LZInit
GetExpandedNameW
LZRead
LZOpenFileA
LZCopy

crtdll

ftell
_strupr
mktime
free
_strnicmp
_getdllprocaddr
_lseek
_spawnlpe
strncat
swscanf
_fmode_dll
iswupper
_mbscpy
_creat
wcscat
_findnext
system
strerror
rewind
_ultoa
iswprint
_ismbstrail
_ltow
wctomb
strspn
_tzname
wcsftime
__threadid
_lrotr
_unloaddll
isalpha
fgetwc
_heapwalk
_CIexp
_swab
_pwctype_dll

esent

JetTruncateLogInstance
JetIndexRecordCount
JetSetLS
JetStopService
JetBackup
JetAttachDatabaseWithStreaming
JetResetSessionContext
JetSnapshotStart
JetRestore
JetSetColumnDefaultValue
JetCloseDatabase
JetBeginTransaction@4
JetSetColumns
JetPrepareUpdate@12
JetSetSessionContext
JetSetCurrentIndex
JetMakeKey@20
JetInit3
JetTerm
JetGetTruncateLogInfoInstance
JetSetColumn@28
JetOpenTempTable3
JetGetTableColumnInfo
JetStopBackup
JetGetLogInfoInstance
JetOpenFileInstance
JetOpenTempTable2
JetSeek
JetDupSession
JetTerm2
JetStopServiceInstance
JetGotoSecondaryIndexBookmark
JetDupCursor
JetDelete
JetGetLogInfoInstance2
JetSeek@12
JetCreateInstance
JetOSSnapshotFreeze
JetGetIndexInfo

sqlunirl

_LookupPrivilegeDisplayName_@20
_CreateFileMapping_@24
_MAKEINTRESOURCE@4
_SetProp@12
_NDdeSetShareSecurity_@16
_LoadMenuIndirect_@4
_OpenService_@12
_ChooseFont_@4
ConvertMultiSZNameToW
_GlobalGetAtomName_@12
_GetUserName@8
_ReadEventLog_@28
_GetFileSecurity_@20
_IsCharAlpha_@4
_RegOpenKey_@12
_FindText_@4
_CompareString_@24
_PropertySheet_@4
_ModifyMenu_@20
_RegReplaceKey_@16
_CopyFile_@12
_LoadCursor@8
_RegisterClass_@4
_SendDlgItemMessage@20
_CopyEnhMetaFile_@8
_UpdateResource_@24
wsprintf_
_GetWindowTextLength@4
_CreateEnhMetaFile_@16
_ttof

kernel32

IsValidLocale
SetCalendarInfoA
GetConsoleKeyboardLayoutNameW
GetConsoleSelectionInfo
GetConsoleCommandHistoryW
EnumSystemLocalesA
FreeUserPhysicalPages
GetCurrentDirectoryW
FindFirstFileW
LocalShrink
SetVolumeMountPointW
GetSystemWindowsDirectoryW
GetNumberFormatA
GetPrivateProfileSectionNamesA
SetErrorMode
GetConsoleInputExeNameW
GetLongPathNameW
SetSystemPowerState
DnsHostnameToComputerNameA
VerifyVersionInfoA
GetProfileSectionA
UTUnRegister
MoveFileExA
LeaveCriticalSection
ResumeThread
VirtualAlloc
WritePrivateProfileStructW
GlobalUnWire
OpenJobObjectW
GetDiskFreeSpaceExW
LoadLibraryA
IsBadStringPtrA
DuplicateConsoleHandle
DeleteTimerQueueEx
GetConsoleProcessList
FindVolumeMountPointClose
EnterCriticalSection

msvcrt

__set_app_type
exit
__p__commode
__getmainargs

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 609KB - Virtual size: 609KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

efb5408a4951e413a05bb3f59d1c32e4

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

winmm

mscms

lz32

crtdll

esent

sqlunirl

kernel32

msvcrt

Sections

.text Size: 169KB - Virtual size: 169KB

.rdata Size: 609KB - Virtual size: 609KB

.data Size: 82KB - Virtual size: 1.5MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 169KB - Virtual size: 169KB

.rdata
Size: 609KB - Virtual size: 609KB

.data
Size: 82KB - Virtual size: 1.5MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B