6a3d79f41ad61de63427c5baff49e005

Sharing

Copy URL

Twitter E-mail

General

Target

6a3d79f41ad61de63427c5baff49e005
Size

800KB
MD5

6a3d79f41ad61de63427c5baff49e005
SHA1

02c53f32e73727f140e2fc7de9c9e033e87f109d
SHA256

25b773d34fb3cdaf47d12efe8b83579c6134d612050542d87e529d0ca5191dc3
SHA512

15c0e27f6e80cb34e690959addc47a9a169cc5eabf0251a05cfbeff188f28368582d45bb434c9888f134128b3ec094d3b955b6b47dca73491d9e04a8998c2710
SSDEEP

12288:LV3KhhWj6TCPmLpGGFk7ZioaZUp6I/nS049BV3KhhWj6TCPmLpGGFk7ZioaZUp6n:rj6smL+dAZE6Ignj6smL+dAZE6Ig

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

6a3d79f41ad61de63427c5baff49e005

resource
6a3d79f41ad61de63427c5baff49e005

Files

6a3d79f41ad61de63427c5baff49e005
.dll windows:4 windows x86 arch:x86

ec6233bbd99d1fc843fa65ec2c569af4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetDateFormatW
FindResourceW
LoadResource
QueryPerformanceCounter
GetModuleHandleW
OpenProcess
GetSystemDirectoryW
LoadLibraryW
Sleep
GetVersionExW
GetModuleFileNameW
CreateFileW
GetCurrentDirectoryW
GetProcAddress
VirtualProtectEx
GetCurrentThreadId
GetSystemTime
GetVolumeInformationW
FlushFileBuffers
CloseHandle
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
RtlUnwind
LoadLibraryA
OutputDebugStringW
WriteConsoleW
OutputDebugStringA
DebugBreak
WriteFile
InitializeCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
GetOEMCP
GetACP
ExitProcess
GetModuleHandleA
InterlockedDecrement
InterlockedIncrement
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapReAlloc
GetLastError
GetModuleFileNameA
FatalAppExitA
LeaveCriticalSection
EnterCriticalSection
HeapValidate
IsBadReadPtr
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection

user32

UnhookWinEvent
SetWinEventHook

ole32

OleUninitialize
OleSetContainedObject
OleInitialize

uxtheme

GetThemeBackgroundRegion
CloseThemeData
GetThemeTextExtent
OpenThemeData
DrawThemeBackground

oleacc

GetOleaccVersionInfo
AccessibleObjectFromPoint
WindowFromAccessibleObject

pdh

PdhSelectDataSourceW
PdhGetDefaultPerfObjectHW
PdhGetDefaultPerfObjectW
PdhGetFormattedCounterArrayW
PdhEnumObjectsW
PdhExpandWildCardPathW
PdhReadRawLogRecord
PdhGetCounterTimeBase
PdhBindInputDataSourceW
PdhEnumLogSetNamesW
PdhUpdateLogFileCatalog
PdhEnumObjectsHW
PdhGetCounterInfoW
PdhExpandCounterPathW
PdhConnectMachineW
PdhCloseQuery
PdhGetRawCounterArrayW
PdhGetDataSourceTimeRangeH
PdhUpdateLogW
PdhEnumMachinesW
PdhOpenLogW
PdhCollectQueryDataEx
PdhGetRawCounterValue
PdhEnumObjectItemsHW
PdhGetDefaultPerfCounterHW
PdhAddCounterW
PdhCreateSQLTablesW
PdhSetLogSetRunID
PdhOpenQueryW
PdhExpandWildCardPathHW
PdhGetFormattedCounterValue
PdhParseInstanceNameW
PdhSetQueryTimeRange
PdhRemoveCounter
PdhGetDataSourceTimeRangeW
PdhCalculateCounterFromRawValue
PdhCloseLog
PdhGetLogSetGUID
PdhFormatFromRawValue
PdhLookupPerfNameByIndexW
PdhLookupPerfIndexByNameW
PdhGetDllVersion
PdhGetLogFileSize
PdhComputeCounterStatistics
PdhBrowseCountersW
PdhEnumObjectItemsW
PdhBrowseCountersHW
PdhVerifySQLDBW
PdhGetDefaultPerfCounterW
PdhSetCounterScaleFactor
PdhParseCounterPathW
PdhValidatePathW
PdhMakeCounterPathW
PdhEnumMachinesHW
PdhSetDefaultRealTimeDataSource
PdhOpenQueryH

Exports

Exports

Broke
Necessaryearly

Sections

.text
Size: 372KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec6233bbd99d1fc843fa65ec2c569af4

Headers

File Characteristics

Imports

kernel32

user32

ole32

uxtheme

oleacc

pdh

Exports

Exports

Sections

.text Size: 372KB - Virtual size: 368KB

.data Size: 8KB - Virtual size: 84KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 372KB - Virtual size: 368KB

.data
Size: 8KB - Virtual size: 84KB

.reloc
Size: 16KB - Virtual size: 15KB