6e2f07340e0e91714d0739e380b1310e

Sharing

Copy URL Twitter E-mail

General

Target

6e2f07340e0e91714d0739e380b1310e
Size

169KB
MD5

6e2f07340e0e91714d0739e380b1310e
SHA1

6b99ba0990b60f461bd70dccaf448f95640cbfd4
SHA256

83a216a6a6a736799ca55a905564372487a2e693f14867fad2c9eb1e241cdb2f
SHA512

7331172d2912605a1f566c0ad9b419394c81e17d199de373a29408cf78bcdf396e47645ffe2a6f32d12e6546c2c6d3bcf1a4f9a45a0a2da24da5724cc370c80c
SSDEEP

3072:rbfFzR4kaWa6FPOeSlzYBvvR96XKTbt7JPrUKRJONS9H955FiFUbHDz0pCZGmuGn:PfFFMPzYBxdULWr3zHDZGpGH8lTfavN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6e2f07340e0e91714d0739e380b1310e

Files

6e2f07340e0e91714d0739e380b1310e
.exe windows:6 windows x86 arch:x86

83b4446f3f4ae0d23e7ca8e6c44d48d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundW

kernel32

SetEndOfFile
HeapReAlloc
HeapSize
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
MultiByteToWideChar
CloseHandle
FlushFileBuffers
CreateFileW
GetProcessHeap
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
LCMapStringW
CompareStringW
HeapFree
HeapAlloc
GetFileType
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetModuleHandleExW
lstrcmpW
GetModuleFileNameW
WriteFile
GetStdHandle
ReadFile
RaiseException
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RtlUnwind
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetConsoleOutputCP
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileAttributesExW
GetFileSizeEx
LocalFree
GetCommandLineW
VirtualProtect
FindNextFileA
GetCommandLineA
GetLogicalDrives
LockFileEx
WriteConsoleW
ExitProcess
DecodePointer

comdlg32

ReplaceTextW
PrintDlgExW
GetOpenFileNameA
GetOpenFileNameW
FindTextW
PageSetupDlgW

loadperf

LoadPerfCounterTextStringsW
LoadPerfCounterTextStringsA

shell32

SHGetSpecialFolderPathW
SHGetDiskFreeSpaceA
ShellExecuteA
CommandLineToArgvW
SHGetFolderPathW
DragFinish

pdh

PdhGetDataSourceTimeRangeW
PdhGetCounterInfoA
PdhGetDefaultPerfObjectW
PdhParseInstanceNameW
PdhRemoveCounter
PdhVbIsGoodStatus
PdhConnectMachineW
PdhVbGetOneCounterPath
PdhGetDefaultPerfObjectA
PdhEnumObjectsW

user32

SendMessageW
SetWindowTextW
ShowWindow
IsWindow
SetFocus
wsprintfW
SetWindowLongW
PostQuitMessage
GetSysColorBrush
GetDC
GrayStringA
GetWindowTextLengthW
GetWindowRect
FillRect
GetSystemMetrics
RedrawWindow
MapWindowPoints
GetClientRect
DrawTextW
InvalidateRect
GetWindowTextW
DefWindowProcW
CreateWindowExW
GetMenuItemInfoW
SetWindowPlacement
GetNextDlgGroupItem
SetScrollRange
MessageBoxIndirectA
EnumDisplaySettingsW
IsWindowVisible
SetWindowPos
LoadImageA
LoadCursorW
TranslateMessage
RegisterClassW
DispatchMessageW
GetMessageW
LoadImageW

rpcrt4

NDRSContextUnmarshall
RpcSmSetThreadHandle
I_RpcNsBindingSetEntryNameW
RpcEpRegisterNoReplaceW
RpcObjectSetType
NdrNonConformantStringUnmarshall
RpcServerUseAllProtseqsEx
NdrEncapsulatedUnionMarshall
I_RpcIfInqTransferSyntaxes
I_RpcGetBufferWithObject
RpcMgmtEpEltInqDone
RpcServerUseAllProtseqs

mscms

GetPS2ColorRenderingIntent
GetColorDirectoryW
IsColorProfileTagPresent
InstallColorProfileW
GetStandardColorSpaceProfileW
GetCountColorProfileElements
EnumColorProfilesA
SetColorProfileElementSize

gdi32

SetTextColor
CreateFontW
GetObjectW
SetBkMode
SelectObject
BitBlt
SetBkColor
GetStockObject
CreateSolidBrush
CreateCompatibleDC

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83b4446f3f4ae0d23e7ca8e6c44d48d6

Headers

DLL Characteristics

File Characteristics

Imports

winmm

kernel32

comdlg32

loadperf

shell32

pdh

user32

rpcrt4

mscms

gdi32

Sections

.text Size: 128KB - Virtual size: 128KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: 128KB - Virtual size: 128KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B