06021b9930c82bf692355e3f45c51a73

Sharing

Copy URL Twitter E-mail

General

Target

06021b9930c82bf692355e3f45c51a73
Size

41KB
MD5

06021b9930c82bf692355e3f45c51a73
SHA1

862084f86deb98a117792603e40e442cac68749c
SHA256

8b695eb89505811a6d1d03b96a9b91972c199706bb836c56191d2e1c97809af7
SHA512

a1cdb96f49a5741868f6645de0791c44b4c89e6a8bfd73ab24d23ca9aed9bf8c50eea0f5f1a8d3c3be36703a39c863fec6864cfe9b51ab45aca726db0725486e
SSDEEP

768:5cT464ScYa72IjEZFySxi0Z04Byr7hdDDXxGyPodEy:5cT46m72s6FyJRdZPodEy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06021b9930c82bf692355e3f45c51a73

Files

06021b9930c82bf692355e3f45c51a73
.exe windows:6 windows x86 arch:x86

fa30476411854b458668bd8e2375a776

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathW

kernel32

HeapAlloc
lstrlenA
HeapFree
lstrcatA
Process32Next
GetComputerNameA
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
Sleep
SetEvent
VirtualAlloc
MultiByteToWideChar
CreateDirectoryW
CopyFileW
DeleteFileW
SetLastError
GetLastError
lstrlenW
CreateEventA
IsBadReadPtr
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
CreateProcessW
DuplicateHandle
CreateRemoteThread
CreateToolhelp32Snapshot
GetProcessVersion
GetCommandLineA
CreateMutexA
GetCurrentProcessId
OpenProcess
TerminateProcess
GetProcessHeap
lstrcatW
GetModuleFileNameW
lstrcpyW
VirtualQuery
InitializeCriticalSection
CreateFileMappingA
MapViewOfFile
CreateThread
IsProcessorFeaturePresent
ReadProcessMemory
lstrcmpiA
WideCharToMultiByte
VirtualFree
lstrcmpA
SuspendThread
CreateFileW
WriteFile
TerminateThread
ResumeThread
UnhandledExceptionFilter
Process32First
GetVersionExA
GetSystemInfo
GetModuleHandleA
GetProcAddress
LoadLibraryA
CloseHandle
GetCurrentProcess
lstrcpyA
GetTickCount
SetUnhandledExceptionFilter
ExitProcess
VirtualQueryEx

user32

TranslateMessage
DispatchMessageA
GetSystemMetrics
wsprintfA
wsprintfW
CreateWindowExA
GetMessageA
DefWindowProcA
RegisterClassExA

advapi32

AdjustTokenPrivileges
OpenProcessToken
GetUserNameA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegSetValueExW
RegNotifyChangeKeyValue
RegDeleteKeyA
LookupPrivilegeValueA

ole32

CoCreateGuid

urlmon

ObtainUserAgentString

wininet

HttpSendRequestA
InternetGetCookieA
InternetOpenUrlA
InternetReadFile
InternetOpenA
InternetCloseHandle
HttpOpenRequestA
InternetConnectA

shlwapi

StrCmpNIA
StrStrA

rpcrt4

UuidToStringA

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fa30476411854b458668bd8e2375a776

Headers

DLL Characteristics

File Characteristics

Imports

shell32

kernel32

user32

advapi32

ole32

urlmon

wininet

shlwapi

rpcrt4

Sections

.text Size: 34KB - Virtual size: 34KB

.data Size: 1024B - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 34KB - Virtual size: 34KB

.data
Size: 1024B - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB