f6fcb764bbd3e7aa1394d1a4d95dc105

Sharing

Copy URL Twitter E-mail

General

Target

f6fcb764bbd3e7aa1394d1a4d95dc105
Size

144KB
MD5

f6fcb764bbd3e7aa1394d1a4d95dc105
SHA1

5e174efd92fe3b265042c8f911ed9d3f8e7706a3
SHA256

44d81c91a122d7f22143a2f622ce7add420cbeb948dce5ba80837df9f24539f4
SHA512

e3babcc87ee50828bee3f0358f43a2cfec1ab321bf9282840a180e29638496a69a8f2548feb9b200bfdaba1e641928988cbb99d1b7ac5280c47f4fb85710c81b
SSDEEP

3072:svIbSf+NARFGr9P75lKfyASruAzXpbbRj43RiIl9/9pIawNi4g:svIWf+SRF69PmdSrBzZbtj4gc/9Gawob

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6fcb764bbd3e7aa1394d1a4d95dc105

Files

f6fcb764bbd3e7aa1394d1a4d95dc105
.dll windows:4 windows x86 arch:x86

9f531556602fe53353973f6a1d3a9ad6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenEventA
LeaveCriticalSection
GetVolumeInformationA
OpenFileMappingA
Sleep
InterlockedIncrement
GetProcessHeap
HeapFree
TerminateProcess
InterlockedDecrement
CreateMutexW
LoadLibraryA
GetCurrentProcess
WaitForSingleObject
EnterCriticalSection
CreateEventA
LocalFree
CopyFileA
GetModuleFileNameA
GetCommandLineA
MapViewOfFile
UnmapViewOfFile
GetTickCount
GetModuleHandleA
CreateProcessA
InterlockedCompareExchange
CreateDirectoryA
GlobalFree
GetComputerNameA
CloseHandle
CreateFileA
WriteProcessMemory
GetProcAddress
HeapAlloc
SetLastError
GetLastError
GlobalAlloc
WriteFile
CreateFileMappingA
ReadProcessMemory
ExitProcess

ole32

CoCreateGuid
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoSetProxyBlanket
OleCreate
CoUninitialize
OleSetContainedObject

user32

DefWindowProcA
DestroyWindow
ScreenToClient
CreateWindowExA
GetWindowThreadProcessId
SetWindowsHookExA
SetWindowLongA
GetWindow
GetWindowLongA
FindWindowA
KillTimer
ClientToScreen
DispatchMessageA
GetMessageA
RegisterWindowMessageA
GetParent
SetTimer
GetSystemMetrics
PostQuitMessage
TranslateMessage
SendMessageA
PeekMessageA
GetCursorPos
GetClassNameA
PostMessageA
UnhookWindowsHookEx

oleaut32

SysAllocStringLen
SysStringLen
SysAllocString
SysFreeString

shlwapi

UrlUnescapeW
StrStrIW

advapi32

SetTokenInformation
DuplicateTokenEx
OpenProcessToken
RegDeleteKeyA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
GetUserNameA

shell32

SHGetFolderPathA

Exports

Exports

SystemNetCmds

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f531556602fe53353973f6a1d3a9ad6

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 119KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB