06d460fab47d320491f80ce3a90b899e

Sharing

Copy URL Twitter E-mail

General

Target

06d460fab47d320491f80ce3a90b899e
Size

424KB
MD5

06d460fab47d320491f80ce3a90b899e
SHA1

904a7be042da8e5a9535690a72c08c4799aedf85
SHA256

0b7b478c254f1777f2c7cbbb018426f792be0736577ef3e18a2be59c2ec6b8e6
SHA512

c96b46df36974ebe2e5e031a963714819c29dac8dd8bddd94ff36026865d500328804b0203a913ac898094caecada711e85df4a38cf64ea480508b0d54cb0d7d
SSDEEP

12288:+hcVbRUDy9A3W43G0llvnbSmPNahLc8U:+KVWDGA31G0lxbrPYL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06d460fab47d320491f80ce3a90b899e

Files

06d460fab47d320491f80ce3a90b899e
.exe windows:4 windows x86 arch:x86

f39f1b0eff3bb0db2a26fef43a5e604b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

BuildTrusteeWithSidW
AddAce
ElfClearEventLogFileA
ElfCloseEventLog
AdjustTokenPrivileges
SetEntriesInAccessListW
GetAccessPermissionsForObjectW
LookupPrivilegeDisplayNameA
LsaNtStatusToWinError
RegDeleteKeyA
BuildImpersonateTrusteeW
CryptDecrypt
ElfReadEventLogA
GetAccessPermissionsForObjectA
LsaLookupPrivilegeValue
GetEffectiveRightsFromAclW
CryptEncrypt

shell32

SHFileOperationA
SHGetDiskFreeSpaceA
SHGetSpecialFolderPathA
SHGetPathFromIDListW
ShellExecuteExA

gdi32

GetMetaRgn
GetViewportExtEx
EnumFontsW
GetColorSpace
GetPixelFormat
SetWindowOrgEx
GetWorldTransform
GetMiterLimit
CreateDIBSection
GetDeviceCaps
GetStretchBltMode
GetPolyFillMode
StartPage
GdiPlayScript
FlattenPath
GetObjectType
GetGraphicsMode

user32

GetClipboardFormatNameW
DefMDIChildProcA
GetDlgCtrlID
CreateDialogIndirectParamW
CharPrevW
DlgDirListW
EnumWindowStationsA
BroadcastSystemMessageA

kernel32

GetCommandLineA
VirtualFree
ReadConsoleW
SetConsoleNumberOfCommandsA
Sleep
EscapeCommFunction
OutputDebugStringW
RequestWakeupLatency
GetConsoleWindow
lstrcmpW
CreateFileMappingW
GetTempFileNameA
GetVersion
SetLocaleInfoA
WriteConsoleOutputW
WriteProfileSectionW
GetConsoleHardwareState
GetCurrentProcess
lstrcmpiA
GetAtomNameA
Beep
GetCurrentProcessId
GetWindowsDirectoryA
OpenMutexW
LocalHandle
VirtualAlloc
DeviceIoControl
HeapSummary
GetModuleHandleA
GetStartupInfoA
ExitProcess
GetQueuedCompletionStatus
EnumSystemCodePagesA
ConvertDefaultLocale
SetConsoleTitleW

msvcrt

_safe_fdivr
__p___initenv
_i64tow
_commit
_atoi64
_pctype
strftime
_mbctolower
strcat
wcstok
fmod
_mbctombb
gets
_wtempnam
pow
_heapadd
_wcsrev
_ecvt
_amsg_exit
_inp
wcschr
_initterm
iswprint
_adj_fpatan
_execl
iswcntrl
_CIexp
_ltoa
_execle
_timezone
_except_handler2

ole32

OleSetAutoConvert
CoGetMarshalSizeMax
CoRegisterClassObject
CoUnloadingWOW
UtConvertDvtd32toDvtd16
StgSetTimes
CreateStreamOnHGlobal
CoMarshalInterface
EnableHookObject
CoDosDateTimeToFileTime
IsEqualGUID
CoLockObjectExternal
CLSIDFromProgID
OleLoad

comdlg32

PageSetupDlgA

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nxt
Size: 319KB - Virtual size: 650KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rqp
Size: 96KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 810B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f39f1b0eff3bb0db2a26fef43a5e604b

Headers

File Characteristics

Imports

advapi32

shell32

gdi32

user32

kernel32

msvcrt

ole32

comdlg32

Sections

.text Size: 7KB - Virtual size: 6KB

.nxt Size: 319KB - Virtual size: 650KB

.rqp Size: 96KB - Virtual size: 316KB

.reloc Size: 1024B - Virtual size: 810B

.text
Size: 7KB - Virtual size: 6KB

.nxt
Size: 319KB - Virtual size: 650KB

.rqp
Size: 96KB - Virtual size: 316KB

.reloc
Size: 1024B - Virtual size: 810B