6e1b095284b9929004ecc6571f458c55

Sharing

Copy URL Twitter E-mail

General

Target

6e1b095284b9929004ecc6571f458c55
Size

207KB
MD5

6e1b095284b9929004ecc6571f458c55
SHA1

92560eb6d6c6bb2596e882a1efe9a9e55a60dba7
SHA256

35d5e186d04d8fb81c9bfbfdc04e42c71760cb7573493e0af37c552485fd6ad0
SHA512

1f4afa34ae6635214f50dd6c24f98ac3d041c1cfdad49777888c590fd6ac8113d7e6a0ee5f56ffe103798529149f493d1309fbf6370cb1c08681fc5776970c94
SSDEEP

6144:R7WvaTc/aWsX4zjb48uq2ar/FklIQHHGs8d:UvaeaVIzjb4K2axOHHzk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6e1b095284b9929004ecc6571f458c55

Files

6e1b095284b9929004ecc6571f458c55
.exe windows:6 windows x86 arch:x86

0bfc9ddffa82e5ef76809ae7f47f37bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
IsValidSid
GetLengthSid
GetTokenInformation
UpdateTraceW
ControlTraceW
StopTraceW
EnableTraceEx
RegEnumKeyExW
StartTraceW
RegQueryValueExW
QueryTraceW
RegFlushKey
CloseTrace
ProcessTrace
OpenTraceW
ConvertSidToStringSidW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegSetValueExW
RegCreateKeyExW
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetNamedSecurityInfoW
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
RevertToSelf
ImpersonateLoggedOnUser
TraceEvent

kernel32

GetProductInfo
GetVersionExW
CompareFileTime
WriteFile
CreateFileW
GetLocalTime
GetModuleHandleW
GetTickCount
SetThreadPriority
GetCurrentThread
CreateMutexW
GetCommandLineW
HeapSetInformation
GetLogicalProcessorInformation
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryW
GetUserDefaultLCID
GetSystemDefaultUILanguage
GlobalFree
GetUserGeoID
GetSystemInfo
OpenMutexW
ReleaseMutex
GetThreadPriority
FileTimeToSystemTime
FileTimeToDosDateTime
GetTempFileNameW
WaitForMultipleObjects
GetTempPathW
GetLongPathNameW
SetLastError
WideCharToMultiByte
CreateDirectoryW
GetFileAttributesW
GetFileSizeEx
SetFilePointerEx
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
VirtualAlloc
UnmapViewOfFile
VirtualFree
ResetEvent
CreateThread
FreeLibraryAndExitThread
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
GetFileSize
ReadFile
DuplicateHandle
SetEvent
EnterCriticalSection
LeaveCriticalSection
RaiseException
GetEnvironmentVariableW
GetModuleFileNameW
LocalAlloc
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
DeleteFileW
GetFileAttributesExW
FindNextFileW
CloseHandle
FindFirstFileW
FindClose
MoveFileExW
GetSystemTime
SystemTimeToFileTime
GetLastError
GlobalMemoryStatusEx
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CheckElevationEnabled
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

EnumDisplayMonitors
GetSystemMetrics
GetMonitorInfoW
GetMessageW
TranslateMessage
DispatchMessageW
RegisterClassExW
CreateWindowExW
SystemParametersInfoW
LoadIconW
LoadStringW
DefWindowProcW
GetCursorPos
LoadMenuW
PeekMessageW
MsgWaitForMultipleObjects
PostMessageW
DestroyMenu
TrackPopupMenuEx
SetForegroundWindow
SetMenuDefaultItem
GetSubMenu

msvcrt

_lock
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_callnewh
malloc
_CxxThrowException
free
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
memcpy
??0exception@@QAE@XZ
wcschr
towupper
__CxxFrameHandler3
memset
_vsnwprintf
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler4_common
_controlfp
memmove
realloc
ceil
_ftol2
_vsnprintf
_purecall
__set_app_type
_unlock
?what@exception@@UBEPBDXZ
__dllonexit
__p__commode
__p__fmode

shlwapi

StrToIntExW
PathFindFileNameW
PathCombineW
PathAppendW
ord437
PathFileExistsW
StrToInt64ExW
PathRemoveExtensionW
StrStrIW

ntdll

WinSqmEventWrite

tdh

TdhGetPropertySize
TdhGetProperty

ole32

CoCreateGuid
StringFromGUID2

shell32

CommandLineToArgvW
Shell_NotifyIconW
SHGetFolderPathW
SHGetFolderPathAndSubDirW

winhttp

WinHttpCrackUrl
WinHttpWriteData
WinHttpReceiveResponse
WinHttpSetCredentials
WinHttpCloseHandle
WinHttpGetDefaultProxyConfiguration
WinHttpGetProxyForUrl
WinHttpSetOption
WinHttpQueryHeaders
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSetStatusCallback
WinHttpTimeFromSystemTime
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest

winbrand

BrandingFormatString

wevtapi

EvtRender
EvtNext
EvtQuery
EvtCreateRenderContext
EvtClose

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken

wer

WerReportSubmit
WerReportCreate
WerReportSetParameter
WerReportCloseHandle

powrprof

PowerDeterminePlatformRole

oleaut32

SysAllocString
SysFreeString
SysStringLen
SysAllocStringLen

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.sdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0bfc9ddffa82e5ef76809ae7f47f37bb

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

shlwapi

ntdll

tdh

ole32

shell32

winhttp

winbrand

wevtapi

wtsapi32

wer

powrprof

oleaut32

Sections

.text Size: 151KB - Virtual size: 151KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 23KB - Virtual size: 23KB

.reloc Size: 11KB - Virtual size: 10KB

.sdata Size: 20KB - Virtual size: 20KB

.text
Size: 151KB - Virtual size: 151KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 23KB - Virtual size: 23KB

.reloc
Size: 11KB - Virtual size: 10KB

.sdata
Size: 20KB - Virtual size: 20KB