06f6b7848afef2e36c011dd8004aa2ee

Sharing

Copy URL Twitter E-mail

General

Target

06f6b7848afef2e36c011dd8004aa2ee
Size

272KB
MD5

06f6b7848afef2e36c011dd8004aa2ee
SHA1

fb9692c247c527eba373e61007eff56f7b3a180b
SHA256

e3ce419cc84a6cf97c8c3fbd49a0b31fbb40d1c9217d5f364c922dee2e415ef8
SHA512

8642d7dd5577a3e0f276b67d3ff9b465d2d7a76c75a287fd4b879c73d2b29400eb54609bea2808fa6dba3dbc587c00b5d71deb4dae6d24f252a3858c273ac01d
SSDEEP

6144:Sip8maheMr5g6UbmsQ9ANEo78pgK8zA5dVKAOJ0BuLo:Si2ma0Vm9SEoApgK8zA5dVK/L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06f6b7848afef2e36c011dd8004aa2ee

Files

06f6b7848afef2e36c011dd8004aa2ee
.dll windows:4 windows x86 arch:x86

866701c2e0859e3fa3d691dd0e39bfd0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetModuleHandleA
GetCurrentProcess
WriteProcessMemory
Sleep
VirtualProtect
QueryPerformanceCounter
CreateThread
DisableThreadLibraryCalls
GetModuleFileNameA
ExitProcess
WritePrivateProfileStringA
GetPrivateProfileIntA
VirtualQuery
HeapAlloc
GetProcessHeap
CloseHandle
FlushFileBuffers
ReadFile
GetLocaleInfoW
SetStdHandle
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
GetSystemInfo
VirtualAlloc
LoadLibraryA
InterlockedExchange
InitializeCriticalSection
SetFilePointer
GetOEMCP
GetACP
IsBadCodePtr
IsBadWritePtr
WideCharToMultiByte
MultiByteToWideChar
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetVersionExA
TerminateProcess
IsBadReadPtr
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
RaiseException
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter

user32

GetAsyncKeyState
wsprintfA

tier0

Msg
g_VProfCurrentProfile
?EnterScope@CVProfNode@@QAEXXZ
?ExitScope@CVProfNode@@QAE_NXZ
Error
?GetSubNode@CVProfNode@@QAEPAV1@PBDH0H@Z
GetCPUInformation
g_pMemAlloc

vstdlib

RandomSeed
Q_strncpy
Q_snprintf
RandomFloat
KeyValuesSystem
Q_strnicmp

Sections

.text
Size: 196KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

866701c2e0859e3fa3d691dd0e39bfd0

Headers

File Characteristics

Imports

kernel32

user32

tier0

vstdlib

Sections

.text Size: 196KB - Virtual size: 194KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 12KB - Virtual size: 210KB

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 196KB - Virtual size: 194KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 12KB - Virtual size: 210KB

.reloc
Size: 20KB - Virtual size: 18KB