0f6e684d04a5e0fa73c2eebdc96f613f

Sharing

Copy URL Twitter E-mail

General

Target

0f6e684d04a5e0fa73c2eebdc96f613f
Size

437KB
MD5

0f6e684d04a5e0fa73c2eebdc96f613f
SHA1

af437db053e39733a6d5e12c0cca2e41b8591f22
SHA256

8ff061e7bc0390831994b893a4cd5519a3b6885f88f3ef9b29e8fffca48e7546
SHA512

5bbfc31d3e379b1b0d7b9fbce59257b8b5a93f6263a40ae85cc447ead2226cc48fb826ec987f5e868064cb295fb93975cec98f7d6d99a79304ed3f1cd118d786
SSDEEP

6144:64JfaCxBrnBBo8ttUpKF/6AK5NMv9t51qSL4exw695ddXiDXP7mp0:PvTvo8tipZlNeLRLm6bd0XP7b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f6e684d04a5e0fa73c2eebdc96f613f

Files

0f6e684d04a5e0fa73c2eebdc96f613f
.exe windows:4 windows x64 arch:x64

75ead2903766fc716e49a6e1100ad814

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

cygwin1

__assert_func
__cxa_atexit
__errno
__getreent
__locale_ctype_ptr
__locale_mb_cur_max
__main
_dll_crt0
_exit
_impure_ptr
abort
access
acl_delete_def_file
acl_extended_file
acl_free
acl_from_text
acl_get_file
acl_set_file
acl_to_text
atoi
atol
bsearch
btowc
calloc
chdir
chmod
chown
clock_gettime
close
closedir
cygwin_detach_dll
cygwin_internal
dirfd
dll_dllcrt0
dup
dup2
environ
error
execl
execlp
execv
execvp
exit
faccessat
fchdir
fchmod
fchmodat
fchown
fclose
fcntl
fdopen
fdopendir
fflush_unlocked
fgetxattr
fileno
flistxattr
flockfile
fopen
fork
fprintf
fputc
fputc_unlocked
fputs
fputs_unlocked
free
freopen
fscanf
fseeko
fstat
fstatat
fsync
ftello
ftruncate
funlockfile
futimens
fwrite
fwrite_unlocked
getc_unlocked
getcwd
getenv
geteuid
getgid
getgrgid
getgrnam
gethostbyname
getline
getpagesize
getpid
getpwnam
getpwuid
getrlimit
gettimeofday
getuid
getxattr
gmtime
gmtime_r
ioctl
isatty
iswalnum
iswcntrl
iswctype
iswprint
lchown
lgetxattr
linkat
listxattr
llistxattr
localeconv
localtime
localtime_r
lseek
lsetxattr
lstat
malloc
mbrtowc
mbsinit
mbsrtowcs
memchr
memcmp
memcpy
memmove
mempcpy
memrchr
memset
mkdirat
mkdtemp
mkfifoat
mknodat
nl_langinfo
open
openat
opendir
pathconf
pipe
posix_memalign
printf
program_invocation_name
program_invocation_short_name
putc_unlocked
putchar
puts
qsort
raise
read
readdir
readlinkat
realloc
renameat
rpmatch
setenv
setgid
setuid
setxattr
signal
sleep
snprintf
sprintf
stat
stpcpy
strcasecmp
strcat
strchr
strchrnul
strcmp
strcpy
strcspn
strdup
strerror
strerror_r
strftime
strlen
strncmp
strncpy
strndup
strrchr
strspn
strtoimax
strtok
strtol
strtoul
strtoumax
symlinkat
timegm
tolower
toupper
towlower
towupper
tzset
umask
unlinkat
unsetenv
utimensat
vasprintf
vfprintf
vsnprintf
waitpid
wcrtomb
wcscat
wcslen
wctype
wcwidth
wmemchr
wmemcpy
write

cygiconv-2

libiconv
libiconv_open

cygintl-8

libintl_bindtextdomain
libintl_dgettext
libintl_gettext
libintl_ngettext
libintl_setlocale
libintl_textdomain

kernel32

GetACP
GetModuleHandleA
GetProcAddress

Sections

.text
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75ead2903766fc716e49a6e1100ad814

Headers

DLL Characteristics

File Characteristics

Imports

cygwin1

cygiconv-2

cygintl-8

kernel32

Sections

.text Size: 312KB - Virtual size: 312KB

.data Size: 12KB - Virtual size: 11KB

.rdata Size: 56KB - Virtual size: 56KB

.buildid Size: 512B - Virtual size: 53B

.pdata Size: 11KB - Virtual size: 11KB

.xdata Size: 11KB - Virtual size: 11KB

.bss Size: - Virtual size: 5KB

.idata Size: 7KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

/4 Size: 512B - Virtual size: 16B

.text
Size: 312KB - Virtual size: 312KB

.data
Size: 12KB - Virtual size: 11KB

.rdata
Size: 56KB - Virtual size: 56KB

.buildid
Size: 512B - Virtual size: 53B

.pdata
Size: 11KB - Virtual size: 11KB

.xdata
Size: 11KB - Virtual size: 11KB

.bss
Size: - Virtual size: 5KB

.idata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

/4
Size: 512B - Virtual size: 16B