6c9c0669a9802448565e58360541cc53 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6c9c0669a9802448565e58360541cc53
Size

175KB
MD5

6c9c0669a9802448565e58360541cc53
SHA1

b64e4e0e9dd351a805241a2cb99df263313179a8
SHA256

3e853fdcd72946b9e4a1fe0eb269513fe6745c2316dedd75ea2a5db179789862
SHA512

26ac1eef94b995588b09f9005bf4628953c573255572656f0bbf849ba61c3f823c959fe7ef2f064dc1b8bd9e3d7649a78889657de81fd0ffd484b5f03615afe7
SSDEEP

3072:or3aGpikoMDAHnjU8gNPMDeejx+Hn86Otx6HMKDz+H24IyOpwzox3C5J30t:LSiJMMHnjU8ggx+HR6x65z824IHwEx3L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6c9c0669a9802448565e58360541cc53

Files

6c9c0669a9802448565e58360541cc53
.dll windows:5 windows x86 arch:x86

f717fd47764a7e34b63681a25b93899e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

PolyDraw
ArcTo

kernel32

GetModuleHandleA
GetProcAddress
InterlockedExchange
SetUnhandledExceptionFilter
Sleep
TerminateProcess
UnhandledExceptionFilter
GetCurrentProcessId
VirtualFree
VirtualProtect
lstrlenW
ExitProcess
FindFirstFileW
FindNextFileW
VirtualAlloc

msvcrt

_initterm
_ismbblead
_wcsdup
_wcslwr
exit
free
memset
printf
wcsstr
wprintf
_exit
_controlfp
_cexit
__setusermatherr
__set_app_type
__p__fmode
__p__commode
__getmainargs
_XcptFilter
_amsg_exit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetSpecialFolderLocation
CommandLineToArgvW
SHCreateDirectoryExW

user32

IsWindow

Exports

Exports

ASet
BeginTransaction
DupCursor
HrGetBodyElement
PszFromANSIStreamA
PszSkipWhiteW
ReplaceChars
UpdateTexturePriority

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 417B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ