6b15f7525da0aa28eed5316a9ca99af3

Sharing

Copy URL

Twitter E-mail

General

Target

6b15f7525da0aa28eed5316a9ca99af3
Size

205KB
MD5

6b15f7525da0aa28eed5316a9ca99af3
SHA1

abf00e087b8474b85e172ed257738a0ea008cdbe
SHA256

671b8553f41641e9d72ef472f239fca4f8d9d1ceb395f277b11935c6f7ac319c
SHA512

982df863bb59a5fc3f516cc49264e3be796897992a90768207bbfe395e562dd4e45974d63ea23fa6547e06ae8e0f3f931659aaef31fe04daed935b589d2e463d
SSDEEP

6144:g3qqDLwQXw/jSbaQm/2YBWs6RaIpL/tL2YoKPpthlWV0J6:gaqnwQujSbaQmF9IpL/Rf5la0s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6b15f7525da0aa28eed5316a9ca99af3

Files

6b15f7525da0aa28eed5316a9ca99af3
.exe windows:5 windows x86 arch:x86

7152393271411ddd5794d11ce2d4b7f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetThreadContext
SetThreadContext
GetProcessId
GetFileAttributesExW
GetNativeSystemInfo
GetVersionExW
GlobalLock
GlobalUnlock
GetEnvironmentVariableW
FileTimeToDosDateTime
GetTempFileNameW
HeapReAlloc
FindFirstFileW
SetEndOfFile
HeapAlloc
SystemTimeToFileTime
SetFilePointerEx
GetLogicalDriveStringsW
HeapFree
GetProcessHeap
SetFileTime
VirtualQueryEx
Thread32First
WideCharToMultiByte
ReadProcessMemory
HeapDestroy
HeapCreate
FlushFileBuffers
Thread32Next
GetTimeZoneInformation
GetLastError
lstrlenW
GetTempPathW
GetFileSizeEx
OpenMutexW
VirtualProtectEx
VirtualAllocEx
FindClose
RemoveDirectoryW
QueryDosDeviceW
FindNextFileW
VirtualProtect
GetFileTime
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
GetFileInformationByHandle
WriteProcessMemory
GetCommandLineW
SetErrorMode
GetComputerNameW
OpenEventW
DuplicateHandle
GetCurrentProcessId
CreateFileW
LeaveCriticalSection
InitializeCriticalSection
GetPrivateProfileStringW
GetModuleHandleW
lstrcmpiA
WaitForMultipleObjects
GetLocalTime
ResetEvent
TlsSetValue
LocalFree
ReleaseMutex
SetLastError
CreateThread
GetCurrentProcess
SetFileAttributesW
WTSGetActiveConsoleSessionId
LoadLibraryW
CreateDirectoryW
ExitProcess
GetSystemTime
ExpandEnvironmentStringsW
EnterCriticalSection
MultiByteToWideChar
GetPrivateProfileIntW
TlsGetValue
GetUserDefaultUILanguage
GetModuleFileNameW
GetTickCount
TlsFree
TlsAlloc
GetCurrentThreadId
CreateEventW
CreateFileMappingW
SetThreadPriority
GetCurrentThread
SetEvent
UnmapViewOfFile
MapViewOfFile
CreateMutexW
GetModuleHandleA
VirtualAlloc
IsBadReadPtr
VirtualFree
CreatePipe
FreeLibrary
ReadFile
WriteFile
SetHandleInformation
CreateProcessW
DeleteFileW
TerminateProcess
Sleep
MoveFileExW
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
VirtualFreeEx
OpenProcess
CreateRemoteThread
ExitThread
GetFileAttributesW
WaitForSingleObject
lstrcmpiW
LoadLibraryA
GetProcAddress
lstrcpynW

user32

CharToOemW
MapVirtualKeyW
CharLowerW
ExitWindowsEx
CharLowerBuffA
EndPaint
GetUpdateRgn
GetMessageW
GetWindowDC
FillRect
PostMessageW
GetWindowInfo
DrawEdge
BeginPaint
GetUpdateRect
IntersectRect
GetMessagePos
PrintWindow
IsRectEmpty
RegisterClassExA
RegisterWindowMessageW
GetThreadDesktop
GetMenuItemID
SetKeyboardState
GetSubMenu
DefDlgProcW
SetCapture
OpenInputDesktop
OpenDesktopW
MenuItemFromPoint
GetDC
GetMenu
RegisterClassExW
MapWindowPoints
ReleaseCapture
IsWindow
SendMessageTimeoutW
SetWindowPos
GetKeyboardLayoutList
GetTopWindow
LoadImageW
MsgWaitForMultipleObjects
WindowFromPoint
CharLowerA
CharUpperW
SetWindowLongW
GetWindow
DispatchMessageW
GetKeyboardState
ToUnicode
TranslateMessage
GetClipboardData
GetSystemMetrics
CreateDesktopW
SetProcessWindowStation
CloseWindowStation
CreateWindowStationW
GetProcessWindowStation
SetThreadDesktop
CloseDesktop
OpenWindowStationW
GetMessageA
EqualRect
GetWindowRect
GetMenuItemRect
TrackPopupMenuEx
SystemParametersInfoW
GetParent
GetClassLongW
GetCapture
SetCursorPos
GetWindowLongW
GetAncestor
GetClassNameW
ReleaseDC
GetMenuState
DefWindowProcA
DefMDIChildProcW
SwitchDesktop
GetMenuItemCount
DefDlgProcA
PostThreadMessageW
DefMDIChildProcA
HiliteMenuItem
RegisterClassW
GetUserObjectInformationW
SendMessageW
CallWindowProcA
EndMenu
CallWindowProcW
DefWindowProcW
PeekMessageW
DefFrameProcA
PeekMessageA
DefFrameProcW
GetWindowThreadProcessId
RegisterClassA
GetShellWindow
MessageBoxA
DrawIcon
GetIconInfo
GetCursorPos
GetDCEx

advapi32

GetLengthSid
RegCreateKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumValueW
RegCloseKey
RegEnumKeyW
RegQueryValueExW
InitiateSystemShutdownExW
EqualSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetSecurityDescriptorSacl
RegOpenKeyExW
RegEnumKeyExW
CreateProcessAsUserA
CreateProcessAsUserW
ConvertSidToStringSidW
CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
CryptCreateHash
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegSetValueExW
CryptHashData
IsWellKnownSid

shlwapi

PathAddBackslashW
wvnsprintfA
StrCmpNIA
PathMatchSpecW
PathAddExtensionW
PathCombineW
SHDeleteKeyW
PathSkipRootW
SHDeleteValueW
PathUnquoteSpacesW
PathFindFileNameW
PathIsDirectoryW
wvnsprintfW
UrlUnescapeA
StrStrIW
StrStrIA
PathQuoteSpacesW
StrCmpNIW
PathIsURLW
PathRenameExtensionW
PathRemoveFileSpecW
PathRemoveBackslashW

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW

secur32

GetUserNameExW

ole32

CoSetProxyBlanket
CoUninitialize
CLSIDFromString
StringFromGUID2
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoCreateInstance

gdi32

CreateCompatibleBitmap
SelectObject
DeleteObject
GetDeviceCaps
DeleteDC
RestoreDC
SaveDC
SetRectRgn
GdiFlush
SetViewportOrgEx
GetDIBits
CreateDIBSection
CreateCompatibleDC

ws2_32

send
gethostbyname
closesocket
WSASend
getaddrinfo
inet_addr
getpeername
WSAGetLastError
freeaddrinfo
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
shutdown
setsockopt
WSAEventSelect
getsockname
accept
sendto
select
recvfrom
listen
WSASetLastError
socket
bind
recv

crypt32

CryptUnprotectData
PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
PFXImportCertStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore

wininet

HttpOpenRequestA
HttpAddRequestHeadersA
InternetOpenA
HttpSendRequestExA
InternetQueryDataAvailable
InternetSetOptionA
InternetQueryOptionW
InternetQueryOptionA
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpEndRequestW
HttpSendRequestA
HttpEndRequestA
InternetSetFilePointer
HttpOpenRequestW
HttpSendRequestW
InternetReadFile
InternetReadFileExA
InternetCrackUrlA
HttpSendRequestExW
InternetCloseHandle
InternetConnectA
InternetSetStatusCallbackA
HttpQueryInfoA

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

waveOutGetVolume
PlaySoundA
PlaySoundW
waveOutSetVolume

Sections

.text
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7152393271411ddd5794d11ce2d4b7f3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

version

winmm

Sections

.text Size: 193KB - Virtual size: 193KB

.data Size: 2KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 193KB - Virtual size: 193KB

.data
Size: 2KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 7KB