6cf6ec5cfafc9a792ad68ab3649ccbb1

General

Target

6cf6ec5cfafc9a792ad68ab3649ccbb1
Size

136KB
MD5

6cf6ec5cfafc9a792ad68ab3649ccbb1
SHA1

d6d950683289ec16985f4ff194c8b4f1a4ae7848
SHA256

79f876fe992b0a7cd1b34c2931b1cc41485fd7ecb241585ba711b1362cbb5938
SHA512

1c8e1a8e46261c50fdeccde7c05b9500386a0764c029f26e40c2cd7b9a363702fc83d74f12ce059aa1d327598f636aebdb58847f91731d8e5b97a601bd506315
SSDEEP

3072:Ym5uvSbGqevf6ZFINFBkfzPB0XUI2YyoYBMM:z5Abrvf6ANFCzmXUI2YkT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6cf6ec5cfafc9a792ad68ab3649ccbb1

Files

6cf6ec5cfafc9a792ad68ab3649ccbb1
.exe windows:1 windows x86 arch:x86

5919af516fd1efdb0f763f4db81f551f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DuplicateConsoleHandle
GetModuleFileNameA
ZombifyActCtx
GetWindowsDirectoryA
WriteFile
GetModuleHandleA
SetVolumeMountPointA
CopyFileA
lstrcpyW
FindClose
VirtualFree
Module32Next
VirtualAlloc
CreateFileA
EnterCriticalSection
DeleteFiber
Sleep
FindFirstFileA
LeaveCriticalSection
GetFileSizeEx
TlsGetValue
GetCurrentProcess
CloseHandle
DeleteFileA
GetLastError
ReadFile
lstrcatA
DnsHostnameToComputerNameW
IsProcessInJob
lstrcpynA
OpenProcess
DuplicateHandle
MultiByteToWideChar
UnlockFile
Toolhelp32ReadProcessMemory
InitializeCriticalSection
lstrcpyA
FindFirstVolumeMountPointA
GetSystemDirectoryW

advapi32

DeregisterEventSource
CloseServiceHandle
EnumServicesStatusA
RegCloseKey
GetAuditedPermissionsFromAclA
RegisterTraceGuidsW
OpenProcessToken
BuildTrusteeWithNameW
RegOpenKeyA
SetPrivateObjectSecurityEx
RegQueryValueExA
AdjustTokenPrivileges
RegSetValueExA
LookupPrivilegeValueA
OpenSCManagerA

ntdll

RtlAnsiStringToUnicodeString
NtQuerySystemInformation
strlen
wcsstr
ZwLoadDriver
strstr
memcpy
RtlFreeUnicodeString
vsprintf
NtQueryObject
RtlInitAnsiString

ole32

CoCreateGuid

ws2_32

send
WSAStartup
socket
closesocket
htonl
closesocket
WSAGetOverlappedResult
htons
connect
WSADuplicateSocketW

psapi

EnumProcesses
GetProcessImageFileNameA

user32

CharLowerW

Sections

.data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 399B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5919af516fd1efdb0f763f4db81f551f

Headers

File Characteristics

Imports

kernel32

advapi32

ntdll

ole32

ws2_32

psapi

user32

Sections

.data Size: 10KB - Virtual size: 9KB

.text Size: 512B - Virtual size: 399B

.idata Size: 2KB - Virtual size: 2KB

.data
Size: 10KB - Virtual size: 9KB

.text
Size: 512B - Virtual size: 399B

.idata
Size: 2KB - Virtual size: 2KB