6544a23fc79f2e18da16ae345d93b17d

Sharing

Copy URL Twitter E-mail

General

Target

6544a23fc79f2e18da16ae345d93b17d
Size

368KB
MD5

6544a23fc79f2e18da16ae345d93b17d
SHA1

9b68248234000da4f7c7a44128e7a4987847eae2
SHA256

5585ec1131020485795a4143e7cfc0d745f7fb9329ef193e78e33408a7d87a15
SHA512

0ff4c1fcb2e14fe438daaa636c52ed27f64326b1b4652a45d312dce7cba7b0e480013e0384a322f88727903906efbaeb853444b96fb86fcc5a4b9b793747964c
SSDEEP

6144:biB6xHVEa6MfzBYNMnp/IpjrPEHnLg+XUHgme9krbzsPYvADMGc5OwY:LxHVXSi18jsLB1grbaWwMbpY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6544a23fc79f2e18da16ae345d93b17d

Files

6544a23fc79f2e18da16ae345d93b17d
.exe windows:4 windows x86 arch:x86

4b6145ba3fabbb7427be4c7f1441f2cc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetComputerNameA
Sleep
GetTempPathA
GetModuleFileNameA
CloseHandle
CreateFileA
WideCharToMultiByte
lstrlenW
RaiseException
MultiByteToWideChar
GetTickCount
lstrcmpiA
GetTimeZoneInformation
GetLocalTime
GetTimeFormatA
GetDateFormatA
ReadFile
GetFileSize
InitializeCriticalSection
DeleteCriticalSection
GetLastError
InterlockedIncrement
FreeLibrary
IsDBCSLeadByte
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
GetCurrentThreadId
GetFileAttributesA
GetCurrentProcess
GetSystemTime
FindNextFileA
FindFirstFileA
ExitProcess
lstrcmpA
Module32Next
Module32First
Process32Next
Process32First
CreateToolhelp32Snapshot
GetProcessHeap
HeapFree
IsBadReadPtr
VirtualFree
VirtualProtect
VirtualAlloc
LoadLibraryA
GetProcAddress
GetShortPathNameA
lstrcatA
GetEnvironmentVariableA
lstrlenA
lstrcpyA
InterlockedDecrement
SetEndOfFile
CreateFileW
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
TlsSetValue
TlsAlloc
TlsGetValue
HeapSize
HeapCreate
HeapDestroy
GetCPInfo
LCMapStringW
LCMapStringA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
IsValidCodePage
GetOEMCP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
GetFileType
GetStdHandle
SetHandleCount
SetLastError
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteFileA
GetSystemInfo
VirtualQuery
GetCommandLineA
GetStartupInfoA
TlsFree

user32

UnregisterClassA
CharNextA
wsprintfA

advapi32

GetUserNameA
RegOpenKeyA
RegQueryValueA
OpenProcessToken
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VarBstrCmp
SysAllocStringLen
VarBstrCat
SysStringLen
SysFreeString

shlwapi

PathRemoveArgsA
PathUnquoteSpacesA

userenv

GetUserProfileDirectoryA

wsock32

send
select
recv
closesocket
htons
shutdown
connect
socket
gethostbyname
ioctlsocket
getservbyname
WSAStartup
WSACleanup

wininet

InternetConnectA
InternetOpenA
InternetCloseHandle
FtpSetCurrentDirectoryA
FtpPutFileA

Sections

.text
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 164KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b6145ba3fabbb7427be4c7f1441f2cc

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

userenv

wsock32

wininet

Sections

.text Size: 160KB - Virtual size: 156KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 164KB - Virtual size: 193KB

.rsrc Size: 4KB - Virtual size: 176B

.text
Size: 160KB - Virtual size: 156KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 164KB - Virtual size: 193KB

.rsrc
Size: 4KB - Virtual size: 176B