6d1edece3967e4cd83b2d03993445b85

Sharing

Copy URL

Twitter E-mail

General

Target

6d1edece3967e4cd83b2d03993445b85
Size

329KB
MD5

6d1edece3967e4cd83b2d03993445b85
SHA1

f0692e92b96c4a2e9d4bf63ff82d321da0d1aee8
SHA256

7dfdd4d7f7663ccf3db6eb5557e9b177c19d1645bd3a20232b914d27fa959654
SHA512

f9c60d2ff81401a48553ed649a838436983e01e5c2e1d71b3555f45a3ac715bf66ab63be1cc218c40c0a0b8ce1262e6325fb562b55afb4500d0039799d805d97
SSDEEP

6144:kKoFWh6c9FJbBxb1Eh9N+tY6cwG2NS9o1GTwFWxS0g:SU66Vh1+9H4S9ocwwVg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6d1edece3967e4cd83b2d03993445b85

Files

6d1edece3967e4cd83b2d03993445b85
.exe windows:5 windows x86 arch:x86

e9d76637bce9c6cfff43a10e3b3ce243

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
RegOpenKeyW
RegQueryValueExW
RevertToSelf
CryptDestroyHash
CryptHashData
CryptSetProvParam
RegQueryInfoKeyW
RegConnectRegistryW
CloseServiceHandle
RegNotifyChangeKeyValue
ReportEventW
QueryServiceStatus
RegisterTraceGuidsW
AllocateAndInitializeSid
LookupAccountSidW
GetTraceLoggerHandle
CryptReleaseContext
CryptCreateHash
SetThreadToken
CredFree
DeregisterEventSource
TraceEvent
GetTokenInformation
RegSetValueExW
CryptAcquireContextW
OpenSCManagerW
RegEnumKeyExW
OpenProcessToken
RegDeleteValueW
CredUnmarshalCredentialW
OpenServiceW
RegCreateKeyExW
CryptGetProvParam
OpenThreadToken
CryptGetHashParam
RegCloseKey
SystemFunction007
RegisterEventSourceW
RegOpenKeyExW
SystemFunction006
QueryServiceConfigW

ntdll

RtlAcquireResourceShared
RtlSubAuthorityCountSid
RtlGetElementGenericTable
NtQuerySystemTime
NtOpenEvent
RtlAddAccessAllowedAce
RtlLengthRequiredSid
NtCreateEvent
RtlOemStringToUnicodeString
RtlAcquireResourceExclusive
RtlInitAnsiString
RtlRunDecodeUnicodeString
RtlCreateTimer
RtlFreeUnicodeString
NtWaitForSingleObject
RtlUnicodeStringToAnsiString
RtlCopySid
RtlValidSid
VerSetConditionMask
RtlTimeToTimeFields
RtlSetDaclSecurityDescriptor
RtlLookupElementGenericTable
RtlSystemTimeToLocalTime
RtlLeaveCriticalSection
RtlSubAuthoritySid
RtlInitializeGenericTableAvl
NtAllocateVirtualMemory
RtlFreeAnsiString
RtlRegisterWait
RtlIntegerToUnicodeString
RtlEqualDomainName
RtlAnsiStringToUnicodeString
RtlCreateAcl
RtlCopyLuid
RtlInitializeResource
RtlEraseUnicodeString
RtlInitializeCriticalSection
RtlInsertElementGenericTableAvl
RtlAllocateAndInitializeSid
RtlFreeSid
RtlVerifyVersionInfo
NtOpenThreadToken
RtlDeleteCriticalSection
RtlNtStatusToDosError
RtlTimeFieldsToTime
DbgPrint
RtlCopyUnicodeString
RtlCompareMemory
NtOpenProcessToken
NtQuerySystemInformation
NtDuplicateObject
RtlUpcaseUnicodeString
RtlInitializeGenericTable
RtlInitUnicodeString
RtlReleaseResource
RtlEqualSid
RtlCreateSecurityDescriptor
RtlInitializeSid
RtlInsertElementGenericTable
RtlCompareUnicodeString
NtClose
RtlLookupElementGenericTableAvl
RtlDeleteResource
RtlAppendUnicodeStringToString
NtSetSecurityObject
RtlDeleteElementGenericTable
RtlConvertSharedToExclusive
RtlConvertSidToUnicodeString
RtlDeleteTimerQueue
RtlCreateTimerQueue
RtlUniform
RtlDeregisterWait
RtlDowncaseUnicodeString
RtlEqualUnicodeString
NtAllocateLocallyUniqueId
RtlEnterCriticalSection
RtlPrefixUnicodeString
NtQueryInformationToken

msvcrt

_initterm
_strcmpi
wcsspn
wcstoul
qsort
_except_handler3
wcscat
_wcsnicmp
_stricmp
_wcsicmp
malloc
_adjust_fdiv
_strnicmp
wcscmp
free
swprintf
wcslen
wcscpy
_ultoa
sscanf
sprintf
strrchr
_vsnprintf
strchr
wcsrchr

secur32

CredMarshalTargetInfo
LsaFreeReturnBuffer
LsaGetLogonSessionData
FreeContextBuffer
CredUnmarshalTargetInfo

kernel32

InterlockedCompareExchange
GetLocalTime
Sleep
MultiByteToWideChar
lstrlenA
CreateEventW
FormatMessageW
OpenEventW
GetProcAddress
DeleteCriticalSection
CreateFileMappingW
LoadLibraryW
RegisterWaitForSingleObjectEx
GetModuleFileNameA
InterlockedDecrement
InitializeCriticalSection
lstrcmpW
GetModuleHandleW
GetComputerNameExW
FreeLibrary
CloseHandle
CreateFileW
GetProfileStringA
GetSystemInfo
CreateFileA
LocalAlloc
GetCurrentThreadId
SetEvent
GetCurrentThread
DebugBreak
lstrcpyW
OpenFileMappingW
FileTimeToSystemTime
DisableThreadLibraryCalls
UnhandledExceptionFilter
lstrlenW
TerminateProcess
VirtualAlloc
UnmapViewOfFile
InterlockedExchange
EnterCriticalSection
WideCharToMultiByte
OutputDebugStringA
LocalFree
GetLastError
QueryPerformanceCounter
LoadLibraryA
GetComputerNameW
InterlockedExchangeAdd
InterlockedIncrement
GetSystemTimeAsFileTime
GetACP
WriteFile
GetCurrentProcessId
UnregisterWait
GetEnvironmentVariableW
GetTickCount
ExpandEnvironmentStringsW
LeaveCriticalSection
GetModuleFileNameW
RaiseException
lstrcmpiA
MapViewOfFileEx
GetCurrentProcess
SetUnhandledExceptionFilter

cryptdll

CDGenerateRandomBits
CDFindCommonCSystemWithKey
CDBuildIntegrityVect
MD5Final
CDLocateCheckSum
MD5Init
MD5Update
CDLocateCSystem

user32

CharLowerBuffW
wsprintfW

msasn1

ASN1BEREncExplicitTag
ASN1BEREncOctetString
ASN1BERDecEndOfContents
ASN1_Encode
ASN1BERDecS32Val
ASN1_CreateModule
ASN1CEREncGeneralizedTime
ASN1BERDecCharString
ASN1DecAlloc
ASN1BERDecGeneralizedTime
ASN1bitstring_free
ASN1_CreateDecoder
ASN1BERDecNotEndOfContents
ASN1_CreateEncoder
ASN1ztcharstring_free
ASN1intx_setuint32
ASN1BEREncObjectIdentifier
ASN1BERDecSXVal
ASN1octetstring_free
ASN1BERDecPeekTag
ASN1BERDecZeroCharString
ASN1BEREncEndOfContents
ASN1BERDecExplicitTag
ASN1BEREncCharString
ASN1BERDecBitString
ASN1BERDecOctetString
ASN1intx_free
ASN1intx2int32
ASN1intxisuint32
ASN1_FreeEncoded
ASN1_FreeDecoded
ASN1BERDecSkip
ASN1_CloseEncoder
ASN1BERDecU32Val
ASN1BERDecObjectIdentifier
ASN1BEREncOpenType
ASN1BERDecOpenType2
ASN1BEREncS32
ASN1intx2uint32
ASN1charstring_free
ASN1BEREncSX
ASN1_Decode
ASN1_CloseDecoder
ASN1DecSetError
ASN1Free
ASN1EncSetError
ASN1BEREncU32
ASN1objectidentifier_free
ASN1BEREncBitString
ASN1BEREncBool
ASN1BERDecBool

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e9d76637bce9c6cfff43a10e3b3ce243

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ntdll

msvcrt

secur32

kernel32

cryptdll

user32

msasn1

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 9KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 36KB

.rdata Size: 264KB - Virtual size: 263KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 9KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 36KB

.rdata
Size: 264KB - Virtual size: 263KB