67ec5fc650eb6ba654443aa22d1bbc8f

Sharing

Copy URL Twitter E-mail

General

Target

67ec5fc650eb6ba654443aa22d1bbc8f
Size

360KB
MD5

67ec5fc650eb6ba654443aa22d1bbc8f
SHA1

0a52a24354d08fd3a9be9e786e98882b06d18fe9
SHA256

354e773da8e43d73b4bee4c2a057f7c68e7d4e4abc10b848ffcaa8b0d181275d
SHA512

f39f18fe914c913d613bc125bfce6600769e4d07ce53f492352fda6c7336c8a34ce2bcaf46638fba90b68b252967b108a9446b148781b865c6d3227567d9b592
SSDEEP

6144:y5Ek8Ji1ENcO1KMV94nW5ov7F7mRTVY0Quq+YnOmfk6yNhhHvOE+zFf4I:y5ECENcO1TV2nWwMVQuryk6YzHQzn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67ec5fc650eb6ba654443aa22d1bbc8f

Files

67ec5fc650eb6ba654443aa22d1bbc8f
.exe windows:4 windows x86 arch:x86

c6e2fe27e98efb6ef2316501cdd89669

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
WideCharToMultiByte
FindClose
GetFileSize
GetVersionExA
MultiByteToWideChar
lstrcpyA
CreateDirectoryA
FindFirstFileA
GetFileAttributesA
lstrcpynA
lstrcpynW
GetFileAttributesW
GetModuleFileNameW
lstrlenW
GetPrivateProfileStringW
OutputDebugStringA
WriteFile
FreeLibrary
LoadLibraryA
LocalFree
DeviceIoControl
GetDriveTypeA
GetVolumeInformationA
SetEvent
CreateFileMappingA
GetExitCodeThread
WaitForMultipleObjects
MapViewOfFile
UnmapViewOfFile
CreateThread
CreateEventA
GetLastError
LeaveCriticalSection
EnterCriticalSection
SetEndOfFile
InitializeCriticalSection
SetLastError
CreateSemaphoreA
CreateFileW
ReadFile
GetProcAddress
ReleaseMutex
DeleteFileW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
HeapSize
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
DeleteCriticalSection
GetStdHandle
GetModuleHandleA
GetComputerNameA
lstrlenA
GetWindowsDirectoryA
FindNextFileA
FormatMessageA
ReleaseSemaphore
SetFilePointer
WaitForSingleObject
GetTempFileNameA
OpenProcess
GetModuleFileNameA
CreateProcessA
CopyFileA
RemoveDirectoryA
DeleteFileA
GetTempPathA
lstrcmpiA
GetCurrentProcessId
CloseHandle
Sleep
CreateFileA
CreateMutexA
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
RaiseException
GetStartupInfoA
GetProcessHeap
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentThreadId
ExitThread
ExitProcess

user32

MessageBoxW
IsWindowEnabled
MapWindowPoints
UpdateWindow
EnableWindow
GetSystemMetrics
GetWindowLongA
AdjustWindowRect
LoadIconA
DispatchMessageA
InvalidateRect
SetWindowLongA
OffsetRect
PeekMessageA
ChildWindowFromPoint
wvsprintfA
GetActiveWindow
SetFocus
CopyRect
PostThreadMessageA
MessageBoxA
wsprintfA
LoadCursorA
GetDlgCtrlID
ReleaseDC
SetWindowTextA
PostMessageA
wsprintfW
DestroyWindow
CreateWindowExA
GetMessageA
RegisterClassA
ShowWindow
SetWindowPos
DefWindowProcA
GetWindowDC
GetWindowRect
TranslateMessage
IsDialogMessageA

gdi32

DeleteDC
CreateDIBSection
GetDIBits
DeleteObject
SelectObject
BitBlt
CreateCompatibleDC

advapi32

RegQueryValueW
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyW
RegOpenKeyExW
RegSetValueExW
RegSetValueA
RegOpenKeyExA
FreeSid
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
GetUserNameA
RegSetValueExA

shell32

ShellExecuteA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHGetFolderPathW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
CoTaskMemAlloc
CoInitialize
CoUninitialize
StringFromIID
CoTaskMemFree
CLSIDFromProgID
OleSetContainedObject
OleCreate
CoCreateGuid

oleaut32

VariantChangeType
SysAllocString
VariantClear
VariantCopy
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreateVector
VariantInit
SysFreeString
SysStringLen
SysAllocStringLen

wsock32

send
closesocket
WSAStartup
WSACleanup
gethostbyname
inet_ntoa
connect
ioctlsocket
select
WSAGetLastError
htons
recv
socket

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

shlwapi

UrlGetPartA
PathAppendW
SHDeleteKeyA

sensapi

IsNetworkAlive

wininet

InternetGetLastResponseInfoA
InternetOpenUrlA
InternetOpenUrlW
InternetOpenW
HttpOpenRequestA
InternetCombineUrlA
InternetReadFile
InternetConnectA
HttpQueryInfoA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
InternetGetConnectedState

urlmon

CoInternetGetSession

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6e2fe27e98efb6ef2316501cdd89669

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wsock32

version

shlwapi

sensapi

wininet

urlmon

Sections

.text Size: 164KB - Virtual size: 163KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 16KB - Virtual size: 35KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 164KB - Virtual size: 163KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 16KB - Virtual size: 35KB

.rsrc
Size: 4KB - Virtual size: 3KB