6889adc5ad025fd7d87df2471b0af649

Sharing

Copy URL

Twitter E-mail

General

Target

6889adc5ad025fd7d87df2471b0af649
Size

184KB
MD5

6889adc5ad025fd7d87df2471b0af649
SHA1

cdd5b28d6e11a467648a723dc493384ee28d2186
SHA256

46f6f3d642c24915a198afc854c75b61fdd502af2a8719224efbb6eb18fdb335
SHA512

6e9938cf27bc21be4b30e2339545ef715cb4091d4d60ea2f033e01b552294cd8f6e8289391f81f0c70bad533d0fa6dcf5bae3631ff6fca9f8650cdb951b5fc40
SSDEEP

3072:EwHlOS2xtVutM0DGHZpvs7VBUrmVv+uhulMCs2haEp:EwFItpzHTY6rmVv9UGHy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6889adc5ad025fd7d87df2471b0af649

Files

6889adc5ad025fd7d87df2471b0af649
.dll windows:4 windows x86 arch:x86

06380e1ef8fecc3f23030b95cb525179

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

QueryDosDeviceA
GetVersionExA
InitializeCriticalSection
LoadLibraryA
GetModuleHandleA
GetProcAddress
GetCurrentProcess
lstrcpyA
lstrcmpiA
lstrlenA
lstrcpynA
GetLastError
RtlUnwind
GetCurrentThreadId
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
ExitProcess
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
WriteFile
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

wsprintfA

setupapi

CM_Get_Child
CM_Get_DevNode_Registry_PropertyA
CM_Get_Device_IDA
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo

advapi32

RegQueryValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

GetDeviceStorageDeviceName
GetDeviceStorageDeviceNameEx
Search_DeviceDrive
Search_DeviceDrive_2kXP

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

06380e1ef8fecc3f23030b95cb525179

Headers

File Characteristics

Imports

kernel32

user32

setupapi

advapi32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 5KB

.text Size: 112KB - Virtual size: 112KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 112KB - Virtual size: 112KB