00b6c954b661a3cbdb5e73f4ac60d847 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

00b6c954b661a3cbdb5e73f4ac60d847
Size

2.5MB
MD5

00b6c954b661a3cbdb5e73f4ac60d847
SHA1

ef4b94344de467f0813d85f8edb449f6d2ed760b
SHA256

e220995354912ba4e705283b3da336d86f1bd7ef0230eb62b7deba6aeffd08ab
SHA512

b991711dfd8948da6139355b7dd62931793e03df09e7171929624d6bf362e317f3eae1b63f29be0c916e2fff349d73834188983092e840520caa5980222d92af
SSDEEP

24576:qiz7+Qp3QlRP177wKYpBGPRiXnDkdb+V7qZ+2qROd3mSXx/uoZDJIzj7zRt:JPk1nwKWGoXnwd+GZZd3mSXpZDqz/zn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00b6c954b661a3cbdb5e73f4ac60d847

Files

00b6c954b661a3cbdb5e73f4ac60d847
.exe windows:4 windows x86 arch:x86

9913aafd2f0e148f51d8bd32839a7f4b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDiskFreeSpaceExA
LoadLibraryExA
GetCurrentProcess
GetNumberFormatW
QueryDosDeviceW
GetTapeParameters
GetSystemDirectoryW
SetStdHandle
VirtualQueryEx
GetSystemTimeAsFileTime
CreateDirectoryExA
ExitProcess
VirtualFree

user32

SetWindowRgn
GetKeyboardLayoutNameW
SetMenuItemBitmaps
OemToCharA
RegisterClipboardFormatW
EnableWindow

ole32

StgSetTimes
ReadClassStm

advapi32

CryptReleaseContext
LogonUserA
QueryServiceStatus
RegConnectRegistryW
RegReplaceKeyW
ChangeServiceConfigA
BuildTrusteeWithNameW
RegDeleteKeyW
AccessCheck
IsValidSid
SetSecurityDescriptorDacl
GetLengthSid
RegQueryValueA
RevertToSelf
CloseEventLog
CryptEncrypt
GetUserNameW
RegEnumKeyExW
RegOpenKeyExA
PrivilegeCheck
AllocateLocallyUniqueId

comctl32

ImageList_GetImageInfo
PropertySheetW
ImageList_AddMasked

Sections

.text
Size: 691KB - Virtual size: 691KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 394KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ