6e76f633ae4284892e8e52c521c33048

Sharing

Copy URL Twitter E-mail

General

Target

6e76f633ae4284892e8e52c521c33048
Size

57KB
MD5

6e76f633ae4284892e8e52c521c33048
SHA1

5661be59886e7a3771f926504b5c08af564f24ab
SHA256

0e2dad3d167e00bba928d704811f5259163855a72758be611997554c4a981b2c
SHA512

92a003bcb9d1de40f3e88b9f5b614bf6e85da0774618348d8a8bcd7fa98088a2827a56461ba5b2b746b7116f2c21b71b503c3ee1fcd1ca678799626ae5023993
SSDEEP

384:mwe9qIe9ch0Jyp5OH6+woazAPZnB29UtJuRbhAfWr8n2NvZGIql+lopTgpYv4i98:mwe9Zh0JD6QlPyK2NZWpGYwfsttE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6e76f633ae4284892e8e52c521c33048

Files

6e76f633ae4284892e8e52c521c33048
.exe windows:4 windows x86 arch:x86

d59bbfde18e9f003c8c8dcdc698957f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeInformationA
lstrcatA
SetEvent
Sleep
ResetEvent
lstrcpyA
lstrlenA
FindClose
FindNextFileW
FindFirstFileW
WaitForMultipleObjects
Process32NextW
OpenProcess
lstrcmpiA
Process32FirstW
CreateToolhelp32Snapshot
CloseHandle
InterlockedDecrement
DebugBreak
OutputDebugStringA
LoadResource
SizeofResource
FindResourceA
GetCurrentDirectoryW
FreeLibrary
LoadLibraryA
GetCurrentThreadId
InitializeCriticalSection
GetFileAttributesW
GetFileSize
CreateFileW
WriteFile
GetModuleHandleA
MultiByteToWideChar
LockResource
WideCharToMultiByte
InterlockedIncrement
GetStartupInfoA

user32

GetDlgItem
EnableWindow
PostMessageA
PostThreadMessageA
DefWindowProcA
DialogBoxParamA
EndDialog
LoadStringW
SetDlgItemTextW
GetSystemMetrics
LoadImageA
ShowWindow
UpdateWindow
SendMessageA
LoadStringA
CharNextA
wvsprintfA
FindWindowA
GetMessageA
DispatchMessageA

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

oleaut32

SysFreeString
SysAllocStringLen
VariantClear

comctl32

InitCommonControlsEx

shfolder

SHGetFolderPathW

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_mbscmp
memcmp
_purecall
__p__fmode
_wfopen
_mbsstr
_controlfp
memmove
_except_handler3
_ismbcdigit
wcslen
??2@YAPAXI@Z
memcpy
_beginthreadex
strstr
fclose
wcscmp
wcscpy
calloc
free
strcpy
memset
wcscat
fread
strncpy
sprintf
atoi
__CxxFrameHandler
_EH_prolog
strlen
__set_app_type

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d59bbfde18e9f003c8c8dcdc698957f3

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

comctl32

shfolder

msvcrt

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 28KB - Virtual size: 28KB

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 28KB - Virtual size: 28KB