6d45a73f2c9d2f90c39cfa2840e5fcf5

Sharing

Copy URL Twitter E-mail

General

Target

6d45a73f2c9d2f90c39cfa2840e5fcf5
Size

308KB
MD5

6d45a73f2c9d2f90c39cfa2840e5fcf5
SHA1

f7efb81e3b86136f8a74521c44b1393f2077a039
SHA256

7dffae0b4943710e735d59f53130904f873cefab1f90ff90535486d66086572f
SHA512

dc7fab6811758f0feac171b17a0b41f4a708d8c51104093ad82d7823c0fcd5165b63bbed35bdf56a74bcea3ca8d401db7daaf94c625400704387d3d439fc60f8
SSDEEP

6144:9CHrxsk38OkRHzrV64MBEdopobvupMI1wzYf8oI4fdKJxvcqpddz0kqDdfe:9CLxs5OeMEddbvRI1cYBI412vcqnJ0k7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6d45a73f2c9d2f90c39cfa2840e5fcf5

Files

6d45a73f2c9d2f90c39cfa2840e5fcf5
.exe windows:5 windows x86 arch:x86

296b5611645e5a01c1d01d572c2fb191

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetSidIdentifierAuthority
RegQueryValueExW
RegOpenKeyW
LookupAccountSidA
OpenServiceW
RegCloseKey
GetSidSubAuthorityCount
CreateServiceW
QueryServiceStatus
StartServiceW
GetSidSubAuthority
IsValidSid
OpenSCManagerW
CloseServiceHandle

user32

LoadStringW

kernel32

TlsAlloc
SetStdHandle
SizeofResource
GetCurrentThreadId
SetEnvironmentVariableA
GetFileType
VirtualAlloc
FreeEnvironmentStringsW
VirtualFree
CloseHandle
LockResource
GetSystemDirectoryW
HeapAlloc
FatalAppExitA
OpenEventW
GetUserDefaultLCID
GetSystemInfo
TlsFree
CreateThread
EnumSystemLocalesA
SetLastError
TlsSetValue
GetStdHandle
LeaveCriticalSection
HeapReAlloc
GetTimeFormatA
CompareStringW
IsValidLocale
WaitForSingleObject
LCMapStringW
GetSystemTimeAsFileTime
GetDateFormatA
FindResourceW
VirtualQuery
WideCharToMultiByte
FreeEnvironmentStringsA
HeapFree
GetOEMCP
TlsGetValue
EnterCriticalSection
GetModuleHandleA
MapViewOfFile
GetTimeZoneInformation
IsValidCodePage
SetHandleCount
CreateFileW
WriteFile
LCMapStringA
UnhandledExceptionFilter
FlushFileBuffers
VirtualProtect
DeleteFileW
RtlUnwind
LoadResource
GetCommandLineA
GetComputerNameA
GetACP
HeapDestroy
CompareStringA
SetFilePointer
DeleteCriticalSection
DeviceIoControl
OpenFileMappingW
HeapSize
LoadLibraryA

esent

JetCreateIndex
JetDupCursor
JetDefragment2
JetCreateInstance
JetGetLogInfo
JetGetCursorInfo
JetGetLogInfoInstance
JetExternalRestore2
JetStopServiceInstance
JetOpenFileSectionInstance
JetSetLS
JetGotoBookmark
JetCreateTableColumnIndex

odbccp32

SQLCreateDataSourceW
SQLValidDSNW
SQLRemoveDriverW
SQLInstallerErrorW
SQLManageDataSources
SQLPostInstallerError
SQLInstallDriverManager
SQLCreateDataSourceExW

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 281KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

296b5611645e5a01c1d01d572c2fb191

Headers

File Characteristics

Imports

advapi32

user32

kernel32

esent

odbccp32

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 281KB - Virtual size: 1.1MB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 281KB - Virtual size: 1.1MB

.rsrc
Size: 3KB - Virtual size: 2KB