6f4de71d164f9fd083287a07a176e415

Sharing

Copy URL Twitter E-mail

General

Target

6f4de71d164f9fd083287a07a176e415
Size

2.9MB
MD5

6f4de71d164f9fd083287a07a176e415
SHA1

a879b3f270cc138cbbc6d99ae53873c69e4e5849
SHA256

58bafdda92009ab3f02749cca85d65f7d49c5e99f4b23375becdaec6a062d08d
SHA512

4ad99fa888f415d906976612b81fe3e800f443de2155542eba55ab8d0eb4e6e3ee3d333c0fb7da8628d2f4282ad1472de0b1fe2627b6a65ccd95235496e206a4
SSDEEP

49152:pgGRQ2aKHQljjYE1Rh44vioo5RBY72rFQaRLZBeR2rSowZtXybpnbe2u0T9X/oIX:jCNICr1IzRBYyfemwUbe2ugX/k6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f4de71d164f9fd083287a07a176e415

Files

6f4de71d164f9fd083287a07a176e415
.exe windows:5 windows x86 arch:x86

9fc44464cf722c69c35b221dd17a908a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileInformationByHandle
CreateFileA
SetConsoleMode
GetFullPathNameA
PeekNamedPipe
LocalFree
ReadConsoleInputA
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
CreatePipe
OpenProcess
CreateProcessW
GetDriveTypeW
GetExitCodeProcess
GetExitCodeThread
SetThreadPriority
CloseHandle
GetCurrentThreadId
GetLastError
GetVersionExW
GetSystemTimeAsFileTime
Sleep
SetEvent
WaitForSingleObject
HeapFree
GetCurrentProcess
CreateEventA
HeapAlloc
DuplicateHandle
GetProcessHeap
GetTickCount
InterlockedIncrement
InterlockedDecrement
GetConsoleWindow
CreateDirectoryW
GetTempPathW
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
ExpandEnvironmentStringsW
GetProcessTimes
FlushConsoleInputBuffer
GlobalMemoryStatus
SwitchToThread
OpenFileMappingA
CreateFileMappingA
MapViewOfFileEx
UnmapViewOfFile
GetSystemInfo
GetVersion
GetModuleHandleA
WideCharToMultiByte
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLocaleInfoW
CreateFileW
ReadFile
WriteFile
SetFilePointer
GetFileAttributesW
GetFileType
GetFileAttributesExW
SetFileTime
SetEndOfFile
SetFileAttributesW
CopyFileW
MoveFileW
DeleteFileW
RemoveDirectoryW
GetCurrentDirectoryW
GetLongPathNameW
GetLogicalDriveStringsW
FindFirstFileW
FindClose
FindNextFileW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetVersionExA
GetComputerNameW
CreateEventW
CreateMutexW
ReleaseMutex
ResetEvent
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
TlsAlloc
TlsFree
TlsGetValue
GetCurrentProcessId
OpenEventA
TlsSetValue
ResumeThread
SystemTimeToFileTime
SetWaitableTimer
CreateWaitableTimerA
GetCommandLineW
HeapSetInformation
RaiseException
GetCPInfo
RtlUnwind
LCMapStringW
CompareStringW
ExitThread
CreateThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapSize
ExitProcess
GetStdHandle
HeapCreate
GetACP
GetOEMCP
IsValidCodePage
SetLastError
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoW
QueryPerformanceCounter
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
SetConsoleCtrlHandler
GetTimeZoneInformation
FreeLibrary
LoadLibraryW
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleW
SetEnvironmentVariableA
GetStringTypeExA
LCMapStringA
LoadLibraryA
FormatMessageA

user32

GetProcessWindowStation
MessageBoxA
GetUserObjectInformationW
LoadStringA
ShowWindow
GetDesktopWindow

advapi32

ReportEventW
OpenServiceW
StartServiceCtrlDispatcherW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CryptEnumProvidersA
CryptReleaseContext
CryptDestroyKey
CryptGetProvParam
CryptAcquireContextA
CryptGetUserKey
CryptExportKey
CryptDestroyHash
CryptSignHashA
CryptSetHashParam
CryptCreateHash
CryptDecrypt
StartServiceW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
ControlService
RegisterServiceCtrlHandlerW
SetServiceStatus
QueryServiceStatus
RegisterEventSourceW
CryptGenRandom
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

shell32

ShellExecuteW

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateInstance

iphlpapi

GetAdaptersInfo

shlwapi

PathFileExistsW
PathAddBackslashW
PathCombineW

wintrust

WinVerifyTrust

winhttp

WinHttpGetIEProxyConfigForCurrentUser

ws2_32

send
shutdown
closesocket
listen
bind
getpeername
accept
recv
WSAGetLastError
__WSAFDIsSet
inet_addr
ntohl
getservbyname
htons
ntohs
sendto
getsockname
recvfrom
select
setsockopt
getsockopt
socket
ioctlsocket
gethostbyname
gethostbyaddr
gethostname
WSASetLastError
WSACleanup
WSAStartup
connect

crypt32

CertGetCertificateContextProperty
CertOpenStore
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertDuplicateCertificateContext
CertFreeCertificateContext

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 584KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 193KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9fc44464cf722c69c35b221dd17a908a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

iphlpapi

shlwapi

wintrust

winhttp

ws2_32

crypt32

version

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 584KB - Virtual size: 584KB

.data Size: 65KB - Virtual size: 92KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1024B - Virtual size: 896B

.reloc Size: 193KB - Virtual size: 196KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 584KB - Virtual size: 584KB

.data
Size: 65KB - Virtual size: 92KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1024B - Virtual size: 896B

.reloc
Size: 193KB - Virtual size: 196KB