6855bb59597a856c992af6999983915d

Sharing

Copy URL Twitter E-mail

General

Target

6855bb59597a856c992af6999983915d
Size

248KB
MD5

6855bb59597a856c992af6999983915d
SHA1

8e10511423b35aa475b25b92e95ad0a6117695f6
SHA256

3a17da79a4a42571e4ccfdc4b84664cac337aa5d7249e9995ef1f5045f1ac0f3
SHA512

f88c8b99ebee3ce827b8c70f0108c074b8c198666e1ad9cf0ebaabc0e5c26e0be513c2d8d661c660907df71301618597f1958f143f72e367c19e61ff660da5bb
SSDEEP

1536:0jVho+nxDg5w7HRxKXqYkbu/GTh3LEFbhdFAUXZutll+ymKMBp4EhqrK1ye:0jVGSDkIbbu/0hHUXstll+ymKY3C9e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6855bb59597a856c992af6999983915d

Files

6855bb59597a856c992af6999983915d
.exe windows:4 windows x86 arch:x86

c19e2860e8d60bd5c41aace15c5b272b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
gethostname
gethostbyname
inet_ntoa
WSACleanup

kernel32

GetTimeZoneInformation
CreateFileA
ReadFile
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetLocaleInfoA
IsBadCodePtr
IsBadReadPtr
VirtualQuery
InterlockedExchange
LoadLibraryA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetFileType
VirtualProtect
GetSystemTime
CreateThread
GetSystemDirectoryA
MoveFileA
DeleteFileA
lstrlenA
GetModuleFileNameA
GetSystemInfo
SetEndOfFile
CompareStringW
CompareStringA
SetEnvironmentVariableA
SetFilePointer
RaiseException
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
WriteFile
HeapSize
HeapReAlloc
ExitProcess
RtlUnwind
GetFileAttributesA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLastError
FindFirstFileA
FindNextFileA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
SetUnhandledExceptionFilter
GetACP
GetOEMCP
GetCPInfo
CloseHandle
GetProcAddress
TerminateProcess
GetCurrentProcess

user32

GetSystemMetrics
EndDialog
ShowWindow
SendMessageA
PostQuitMessage
DialogBoxParamA
DrawTextA
CreateWindowExA
RegisterClassExA
LoadBitmapA
LoadStringA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
LoadIconA
LoadCursorA
DestroyWindow
BeginPaint
GetDC
EndPaint
DefWindowProcA
UpdateWindow

gdi32

GetObjectA
SelectObject
CreateDIBSection
DeleteDC
BitBlt
CreateBitmap
SetBkColor
SetTextColor
StretchBlt
CreateFontA
DeleteObject
CreateCompatibleDC

shell32

ShellExecuteA

wininet

InternetReadFile
HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetGetConnectedState

winmm

timeGetTime

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c19e2860e8d60bd5c41aace15c5b272b

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

shell32

wininet

winmm

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 176KB - Virtual size: 172KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 176KB - Virtual size: 172KB