6ab576399ef95e3f54670e533564e5f3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6ab576399ef95e3f54670e533564e5f3
Size

199KB
MD5

6ab576399ef95e3f54670e533564e5f3
SHA1

0ce0354f8ae8cc744e1424a4310d027af18b0eb1
SHA256

6d49bde87de1f9b994d1e40a21e5ca41776b2e49e84fc651edd773b04e46f435
SHA512

d7c86309a0528373c0990d2710108b6dad3080905acf2395ca83faeb44a3246077b92f760c498800fbb839f5e9dcf6ee8bafe356294eeffd65b9649c89b10288
SSDEEP

3072:Pn6/HBq3qAdGhS4k5p5pU4T4B+jca8Wz/9DMFIW925pOLA/hmqVvTVLC4HTkweoD:P+Bq3qnop535+Wzmw5pSqpheLweK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6ab576399ef95e3f54670e533564e5f3

Files

6ab576399ef95e3f54670e533564e5f3
.exe windows:5 windows x86 arch:x86

4339be9dc214142236cd8b64725a90df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ClearCommBreak
HeapCreate
SetVolumeLabelA
AddAtomA
GetCommandLineA
FindClose
GetFileType
FindAtomA
CreatePipe
GetProcessHeap
DeleteAtom
IsBadWritePtr
GetModuleFileNameA
SetEndOfFile
CreateDirectoryA
HeapFree
CloseHandle
RemoveDirectoryA
GetDriveTypeW
WriteFile
ExitThread
GetModuleHandleA
WaitForMultipleObjects
RemoveDirectoryA
CreateSemaphoreW

clbcatq

CoRegCleanup
CoRegCleanup
CoRegCleanup
CoRegCleanup
CoRegCleanup
CoRegCleanup
CoRegCleanup
CoRegCleanup
CoRegCleanup
CoRegCleanup
CoRegCleanup
CoRegCleanup
CoRegCleanup

msvidc32

DriverProc
DriverProc
DriverProc
DriverProc

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE