6b9f8317d234489c79c9c50f809f673e

Sharing

Copy URL Twitter E-mail

General

Target

6b9f8317d234489c79c9c50f809f673e
Size

305KB
MD5

6b9f8317d234489c79c9c50f809f673e
SHA1

fd457dd60cc377b60450b60b1640bb653ac36705
SHA256

75e80867c9d66a5aa0003c87a3295a2798c5d683b902cc76f508257033f11670
SHA512

a9e6fa8946d05e8af46c3d9ffb57b77ba9ea99a9e698d47995ac61fc4f562fbd04dbb9598c7f1e8a8159fed76b21404c23f45fcc8e47ebd5c2d723294e8db84c
SSDEEP

6144:vlXllJRliSqgKuCReSaAG7qFAyhk6y6Lh5foNsiFXdsxnjI:vlliVQEji6y8SFXdsxj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6b9f8317d234489c79c9c50f809f673e

Files

6b9f8317d234489c79c9c50f809f673e
.exe windows:4 windows x86 arch:x86

ad06a7ed0cc00c9eb33269de3742f463

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetHangUp
InternetGetLastResponseInfoA
InternetWriteFileExA
FtpGetFileW
FtpCreateDirectoryW
CreateUrlCacheGroup
InternetConfirmZoneCrossing
GetUrlCacheConfigInfoA
GetUrlCacheEntryInfoA
ShowSecurityInfo
RetrieveUrlCacheEntryFileW
InternetConnectW
FindFirstUrlCacheEntryExW
HttpSendRequestW
ReadUrlCacheEntryStream
InternetQueryOptionA
FindNextUrlCacheEntryExW

advapi32

CryptContextAddRef
ReportEventW
RegSetValueA
RegEnumValueW
InitiateSystemShutdownW
RegQueryInfoKeyW
CryptGetUserKey
CryptSetProviderExW
RegOpenKeyExW
StartServiceW

comdlg32

ChooseColorW
PrintDlgW
GetFileTitleW
GetFileTitleA
GetOpenFileNameW
ReplaceTextW
PrintDlgA
ReplaceTextA
ChooseFontA
ChooseColorA

user32

SetClipboardViewer
InsertMenuA
EnumDisplayDevicesA
LoadImageW
SetDlgItemTextW
SetClassLongW

kernel32

ExitProcess
GetACP
HeapReAlloc
TlsFree
GetCurrentThread
GetCompressedFileSizeA
TerminateProcess
SetLastError
LCMapStringW
InterlockedExchange
IsValidCodePage
GetCPInfo
IsValidLocale
HeapFree
GetLocaleInfoW
TlsSetValue
SetEnvironmentVariableA
WriteFile
GetTickCount
VirtualAlloc
GetProcessHeap
EnumSystemLocalesA
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcessId
EnumCalendarInfoW
GlobalAddAtomW
CompareStringW
GetFileType
VirtualQuery
EnterCriticalSection
GetStringTypeW
GetUserDefaultLCID
GetStartupInfoA
InitializeCriticalSection
DeleteCriticalSection
SetUnhandledExceptionFilter
HeapCreate
GetModuleFileNameA
LoadLibraryA
FreeLibrary
VirtualFree
LCMapStringA
GetProcAddress
SetHandleCount
GetCommandLineA
HeapDestroy
GetTimeFormatA
GetVersionExA
HeapAlloc
GetDateFormatA
GetCurrentThreadId
GetEnvironmentStrings
UnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
TlsAlloc
GetEnvironmentStringsW
GetSystemTimeAsFileTime
TlsGetValue
GetCurrentProcess
InterlockedDecrement
SetConsoleCtrlHandler
GetOEMCP
GetStringTypeA
GetLastError
HeapSize
CompareStringA
FreeEnvironmentStringsA
GetLocaleInfoA
InterlockedIncrement
RtlUnwind
CreateDirectoryExA
GetTimeZoneInformation
FreeEnvironmentStringsW
Sleep
LeaveCriticalSection
IsDebuggerPresent
GetStdHandle

Sections

.text
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad06a7ed0cc00c9eb33269de3742f463

Headers

File Characteristics

Imports

wininet

advapi32

comdlg32

user32

kernel32

Sections

.text Size: 175KB - Virtual size: 174KB

.data Size: 116KB - Virtual size: 116KB

.rsrc Size: 13KB - Virtual size: 12KB

.text
Size: 175KB - Virtual size: 174KB

.data
Size: 116KB - Virtual size: 116KB

.rsrc
Size: 13KB - Virtual size: 12KB