f6f95838637ab4960b8a5e2d1342ec49

Sharing

Copy URL Twitter E-mail

General

Target

f6f95838637ab4960b8a5e2d1342ec49
Size

15KB
MD5

f6f95838637ab4960b8a5e2d1342ec49
SHA1

70bd31e031096bd17bd1d1bc527bd973563cba36
SHA256

e8623995c902db27aae44780fa48e505c9a3035cc8455af2a8a3bcf9f6366d66
SHA512

c69f6b1bf391a24439132fb45604a3c8fab897649263941279a7d3ad9c3f6fbe532273fee6edee9c8680d9f6201ecd4d5b9b28728b973401a738321fe94ecc64
SSDEEP

384:h681is6JpqLqtS2wIc9nIN344sEC2HaWWQ93sdWx:V1iVnqLqtbwIc9AI4syaICq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6f95838637ab4960b8a5e2d1342ec49

Files

f6f95838637ab4960b8a5e2d1342ec49
.exe windows:4 windows x86 arch:x86

fc9228ba8b1575ff8391ff285b450662

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetAddConnection2A
WNetCancelConnection2A

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
DeleteService
StartServiceA
CloseServiceHandle
CreateServiceA
OpenServiceA
OpenSCManagerA
StartServiceCtrlDispatcherA

shell32

SHChangeNotify
ShellExecuteExA

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
gets
_splitpath
_mbsicmp
__p___argc
__p___argv
_mbsnbicmp
_iob
fprintf
fflush
printf
sprintf
_beginthread

kernel32

LocalFree
WaitNamedPipeA
CreateFileA
GetStdHandle
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterA
SetConsoleCursorPosition
ExitThread
TerminateProcess
ReleaseMutex
CreateThread
GetShortPathNameA
GetEnvironmentVariableA
lstrcpyA
lstrcatA
SetPriorityClass
GetCurrentThread
SetThreadPriority
SetProcessPriorityBoost
CreateEventA
SetConsoleCtrlHandler
GetComputerNameA
FormatMessageA
GetCurrentProcessId
SetConsoleTitleA
Sleep
SetLastError
GetCurrentDirectoryA
GetLastError
SetEvent
OpenEventA
InterlockedDecrement
CloseHandle
DisconnectNamedPipe
WriteFile
ReadFile
InterlockedIncrement
GetModuleFileNameA
ConnectNamedPipe
CreateNamedPipeA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
CopyFileA
GetTempPathA
GetSystemDirectoryA
GetCurrentProcess

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc9228ba8b1575ff8391ff285b450662

Headers

File Characteristics

Imports

mpr

advapi32

shell32

msvcrt

kernel32

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 1000B

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 1000B