06b71d7b8377188cb2662e6280e74bc6

Sharing

Copy URL

Twitter E-mail

General

Target

06b71d7b8377188cb2662e6280e74bc6
Size

59KB
MD5

06b71d7b8377188cb2662e6280e74bc6
SHA1

160cde7291c295e95cced0f15c07fd193eb165c2
SHA256

5b99e4cd54b24939bad166279941113c8c24bd2946bbc1abff4330453a29d90e
SHA512

993edcabae13f82d326c64a4700c8677c5abd137763a45ebc1ad21dfaeebc297fc8a58fc9a8401ab4aa1e24c6b0ebf8dcd12d037da6e981fe3b4a19701e7efcc
SSDEEP

1536:wiXJBCyOIVHy8FdSukyJihOs1KrAovXfIS7VBc:wavCyOoQLdw3vXgR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06b71d7b8377188cb2662e6280e74bc6

Files

06b71d7b8377188cb2662e6280e74bc6
.exe windows:4 windows x86 arch:x86

004a432e30df88ee6572a7bbe4e48c34

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsFileSpecA
ColorHLSToRGB
PathSearchAndQualifyA
PathStripToRootA
PathQuoteSpacesA
SHIsLowMemoryMachine
HashData
PathAppendA
SHRegOpenUSKeyA
StrIsIntlEqualA
AssocQueryStringA
StrSpnA
StrToIntExA
SHCreateStreamWrapper
PathGetDriveNumberA
SHRegEnumUSKeyA
SHRegCreateUSKeyA
PathIsRelativeA
UrlCombineA
UrlGetLocationA
UrlIsOpaqueA
StrRChrIA
PathFileExistsA
SHAutoComplete
PathFindOnPathA
PathMakePrettyA
PathCommonPrefixA
StrChrIA
StrCSpnA
SHRegWriteUSValueA
SHDeleteValueA
PathRemoveBlanksA
PathIsUNCA

kernel32

GetFileAttributesExA
WriteProcessMemory
ResetEvent
WriteFileGather
CreateNamedPipeA
RequestDeviceWakeup
GetTimeZoneInformation
GenerateConsoleCtrlEvent
SetConsoleOutputCP
_lclose
GetVersionExA
WinExec
FreeLibrary
FlushInstructionCache
GetProcessHeaps
GetExitCodeThread
EraseTape
GetFileTime
BackupSeek
DebugActiveProcess
FatalExit
SetupComm
CreateMailslotA
TlsSetValue
GetOverlappedResult
GetTempPathA
OpenFileMappingA
GlobalUnlock
GetStdHandle
IsDBCSLeadByteEx
ReadConsoleOutputA
WriteProfileStringA
LocalFree
SetDefaultCommConfigA
ReadConsoleA
FindNextChangeNotification
SetCommTimeouts
DisconnectNamedPipe
SetConsoleTextAttribute
OpenEventA
lstrlen
DeleteAtom
AreFileApisANSI
GetTickCount
UpdateResourceA
FindResourceA
EnumDateFormatsA
SetVolumeLabelA
Process32Next
GetUserDefaultLangID
lstrcmp
GetAtomNameA
QueryPerformanceCounter
IsProcessorFeaturePresent
GlobalFlags
CreateDirectoryExA
UnhandledExceptionFilter

advapi32

GetTrusteeTypeA

Sections

.ulol
Size: 22KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.voda
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nghwt
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xsbo
Size: 27KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

004a432e30df88ee6572a7bbe4e48c34

Headers

File Characteristics

Imports

shlwapi

kernel32

advapi32

Sections

.ulol Size: 22KB - Virtual size: 45KB

.voda Size: 5KB - Virtual size: 10KB

.nghwt Size: 1024B - Virtual size: 1KB

.xsbo Size: 27KB - Virtual size: 132KB

.rsrc Size: 2KB - Virtual size: 4KB

.ulol
Size: 22KB - Virtual size: 45KB

.voda
Size: 5KB - Virtual size: 10KB

.nghwt
Size: 1024B - Virtual size: 1KB

.xsbo
Size: 27KB - Virtual size: 132KB

.rsrc
Size: 2KB - Virtual size: 4KB