6de7dbc5295fafe4fe252887146cdfe0

Sharing

Copy URL Twitter E-mail

General

Target

6de7dbc5295fafe4fe252887146cdfe0
Size

861KB
MD5

6de7dbc5295fafe4fe252887146cdfe0
SHA1

82b620244ff2f7ba3f34755ba310f43f83a67009
SHA256

45cd38dae0eb539728fd600debcf648a0731b8c7fa6fb557391457f87f0618bf
SHA512

d33357bdc66e5fbc067908d635b2ce1b8fe9e3c82e16a6a1accab4e60a3ce1987aa9d749e80e799bffa8c00d44a75b4a1e05a9eb98595819bbe5c75d7e05a1d2
SSDEEP

24576:ivL8cyQFpK5DkO8meBfDMQk9Wk/GCzfo2:iFTgYO8zLMhX/XJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6de7dbc5295fafe4fe252887146cdfe0

Files

6de7dbc5295fafe4fe252887146cdfe0
.exe windows:5 windows x86 arch:x86

4fdadaaf7910a5a938da80cb805e0d44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFirmwareEnvironmentVariableA
SetConsoleOutputCP
SetHandleContext
WriteConsoleOutputCharacterA
GetOEMCP
EnumLanguageGroupLocalesW
GetPrivateProfileStructW
GetACP
WriteConsoleInputA
GlobalAlloc
VDMOperationStarted
CreateMutexW
ReadConsoleInputA
SetFileTime
SetMessageWaitingIndicator
GetEnvironmentStrings
HeapFree
AssignProcessToJobObject
WaitNamedPipeW
AllocateUserPhysicalPages
BaseFlushAppcompatCache
DeleteAtom
GetEnvironmentVariableA
WideCharToMultiByte
GetFileSize
MapViewOfFile
GetComPlusPackageInstallStatus
LocalCompact
EnumCalendarInfoExW
WriteConsoleA
PurgeComm
LoadLibraryA
GetCurrentActCtx
SetSystemPowerState
GetLocaleInfoW
EnumUILanguagesA
AddLocalAlternateComputerNameA
UpdateResourceA
GetConsoleTitleA
VirtualAlloc
Module32Next
QueueUserAPC
GetConsoleDisplayMode
IsBadWritePtr
PeekNamedPipe
GetCurrentDirectoryA
RemoveDirectoryA
UnmapViewOfFile
WriteFileGather
EnumResourceLanguagesA
IsBadStringPtrW
DeleteFileA
GetModuleHandleExA
GetThreadContext
FreeConsole
SetConsolePalette
NlsGetCacheUpdateCount

schannel

ApplyControlToken
QueryContextAttributesA
AcquireCredentialsHandleA
RevertSecurityContext
CompleteAuthToken
MakeSignature
SpLsaModeInitialize
SslCrackCertificate
InitSecurityInterfaceW
InitializeSecurityContextA
DeleteSecurityContext
AcceptSecurityContext
EnumerateSecurityPackagesA
QuerySecurityPackageInfoW
SpUserModeInitialize
InitializeSecurityContextW
QueryContextAttributesW
EnumerateSecurityPackagesW
SslEmptyCacheA
AcquireCredentialsHandleW
InitSecurityInterfaceA
SslEmptyCacheW
VerifySignature
SslFreeCertificate
FreeCredentialsHandle
SealMessage
FreeContextBuffer
SslLoadCertificate

wintrust

WVTAsn1CatNameValueDecode
WVTAsn1SpcIndirectDataContentDecode
WTHelperGetAgencyInfo
WVTAsn1SpcPeImageDataEncode
WVTAsn1SpcStatementTypeDecode
GenericChainFinalProv
CryptSIPGetSignedDataMsg
CryptCATPutMemberInfo
WTHelperGetProvPrivateDataFromChain
WVTAsn1CatMemberInfoEncode
FindCertsByIssuer
mssip32DllUnregisterServer
CryptCATClose
SoftpubCheckCert
DriverFinalPolicy
WVTAsn1SpcMinimalCriteriaInfoDecode
WVTAsn1SpcStatementTypeEncode
WTHelperGetKnownUsages
WintrustSetRegPolicyFlags
CatalogCompactHashDatabase
CryptCATAdminCalcHashFromFileHandle
SoftpubInitialize
SoftpubLoadMessage
CryptSIPGetInfo
OpenPersonalTrustDBDialogEx
CryptCATAdminAcquireContext

odbctrac

TraceSQLDriverConnectW
TraceSQLSetStmtOption
TraceSQLAllocConnect
TraceSQLDataSources
TraceSQLTablePrivileges
TraceSQLCancel
FireVSDebugEvent
TraceSQLCopyDesc
TraceSQLProcedureColumnsW
TraceSQLGetDiagRec
TraceSQLTablePrivilegesW
TraceSQLColumns
TraceSQLEndTran
TraceSQLGetCursorName
TraceSQLColumnPrivilegesW
TraceSQLGetTypeInfoW
TraceSQLGetConnectOption
TraceOpenLogFile
TraceSQLExecDirect
TraceSQLGetDiagFieldW
TraceSQLBrowseConnectW
TraceSQLExecDirectW
TraceSQLForeignKeys
TraceSQLFetchScroll
TraceSQLGetConnectAttrW
TraceSQLColumnPrivileges
TraceSQLDisconnect

msvcrt

_vsnwprintf
??8type_info@@QBEHABV0@@Z
_snprintf
_cwscanf
_cputs
??0__non_rtti_object@@QAE@ABV0@@Z
getc
__set_app_type
_ismbbkprint
exit
__p__commode
_rmtmp
_aligned_realloc
__getmainargs
atan2
_pwctype
_mktime64
putc
_flushall
__crtCompareStringW
_wtmpnam
_execv
setlocale
_adj_fdiv_m32
_strset
labs
?before@type_info@@QBEHABV1@@Z
_ismbblead
_chdir

user32

MessageBoxA
EndDialog

shell32

SHGetMalloc

Sections

.text
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 346KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 170KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4fdadaaf7910a5a938da80cb805e0d44

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

schannel

wintrust

odbctrac

msvcrt

user32

shell32

Sections

.text Size: 342KB - Virtual size: 342KB

.rdata Size: 346KB - Virtual size: 346KB

.data Size: 170KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 342KB - Virtual size: 342KB

.rdata
Size: 346KB - Virtual size: 346KB

.data
Size: 170KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B