6620ec1f02d5d7797df7f4dc66c862fb

Sharing

Copy URL Twitter E-mail

General

Target

6620ec1f02d5d7797df7f4dc66c862fb
Size

220KB
MD5

6620ec1f02d5d7797df7f4dc66c862fb
SHA1

4108b281bf50ec79090dfd6a9c49ca8c75457712
SHA256

db9e9e862fe37baa312a583934e641a90dd4a586e521c6cd218dd526f18e84db
SHA512

584cfc014e11e42e8fcbc9473c72fb6ab6b26294cd5c7d39bc7fd2faa7e27db02dedeae3354a98a6baa6406725fb18a85bcca216b63c2e8f8c39b9cc88dd2819
SSDEEP

6144:78B2FEfcyGSOnbbDwMKMXDROfGb1/MqqDLuN:u/3GbUM3TqnuN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6620ec1f02d5d7797df7f4dc66c862fb

Files

6620ec1f02d5d7797df7f4dc66c862fb
.dll windows:4 windows x86 arch:x86

cdd1af59a8e14ecca40ca9e38531d0fa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateThread
ResumeThread
TlsGetValue
TlsSetValue
FormatMessageA
GetSystemInfo
InterlockedExchange
GetModuleHandleA
GetFileSize
MoveFileExA
LocalAlloc
LocalLock
LocalUnlock
LocalFree
LoadLibraryA
FreeLibrary
CreateDirectoryA
GetProcAddress
MultiByteToWideChar
SetErrorMode
LoadLibraryExA
GetSystemDirectoryA
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameA
InterlockedCompareExchange
Sleep
CloseHandle
GetCurrentProcessId
GetTickCount
CopyFileW
IsDBCSLeadByte
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
LocalReAlloc
lstrcpynA
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalFree
WideCharToMultiByte
IsDBCSLeadByteEx
SearchPathW
WriteFile
CreateFileW
GetFullPathNameW
lstrcpyW
GetSystemDirectoryW
MulDiv
lstrlenA
DeleteFileW
GetTempFileNameW
GetTempPathW
WaitForSingleObject
ReleaseMutex
DeviceIoControl
CreateFileA
GetProcessHeap
ReleaseSemaphore
VirtualProtect
GetFileSizeEx
GetCommandLineA

user32

ReleaseDC
MessageBoxA
IntersectRect
CharUpperBuffA
GetDC

advapi32

RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyW
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA

ole32

CoFreeLibrary

msvcrt

sprintf
malloc
_vsnprintf
fclose
free
vfprintf
memcpy
memset
_except_handler3
__CxxFrameHandler
isspace
isalnum
fflush
wcsstr
wcscpy
mbstowcs
wcscmp
qsort
swprintf
wcslen
_stricmp
vsprintf
strncat
putc
fprintf
fputs
wcscat
strchr
_adjust_fdiv
_vsnwprintf
strtoul
_initterm
_fsopen

Sections

.text
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cdd1af59a8e14ecca40ca9e38531d0fa

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

msvcrt

Sections

.text Size: 144KB - Virtual size: 140KB

.rdata Size: 40KB - Virtual size: 36KB

.data Size: 16KB - Virtual size: 58KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 144KB - Virtual size: 140KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 16KB - Virtual size: 58KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 8KB - Virtual size: 4KB