6fb859cc2c6a935e450cdb37aa968b68

Sharing

Copy URL Twitter E-mail

General

Target

6fb859cc2c6a935e450cdb37aa968b68
Size

546KB
MD5

6fb859cc2c6a935e450cdb37aa968b68
SHA1

e9f717504d8533b1ba5750dc41e1e3186bae816d
SHA256

2ee2ad48cea393f668a3869c370fc452809081191c5fc9f6093256a2bdf1318e
SHA512

43c5d622b31e81e6e165af107186120eb7437891d1e3a4eaa00fec97a4226670b77b7618550310cd0d8d754804dcae1198fe4d5cfac82206d7069decf79fdb5e
SSDEEP

12288:9ssrWZazEAPsTVTLgQTcFjq/UjRmTB/jK6MUeTs2W:qsruiE+sRRTy3jR+L4TnW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fb859cc2c6a935e450cdb37aa968b68

Files

6fb859cc2c6a935e450cdb37aa968b68
.exe windows:4 windows x86 arch:x86

2540bf6032613ea3339107089d8edd9c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
strncpy
_strnicmp
strncmp
_strdup
free
memmove
strlen
strcpy
strcat
strstr
malloc
memcpy
memcmp
_stricmp
sscanf
strcmp
tolower
fread
longjmp
_setjmp3
sprintf
fabs
ceil
floor
fclose
abort
_snprintf
__p__iob
fprintf
_CIpow
strtod
fmod
sin
cos
abs

kernel32

GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
GetVersion
EnterCriticalSection
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
GetVersionExA
LoadLibraryA
GetProcAddress
DeleteCriticalSection
CreateThread
GetCurrentThreadId
Sleep
HeapAlloc
HeapFree
HeapReAlloc
GetCurrentProcessId
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
CreateProcessA
GetEnvironmentVariableA
SetEnvironmentVariableA
PeekNamedPipe
ReadFile
GetLastError
CreateFileA
SetFilePointer
SetEndOfFile
WriteFile
GetFileSize
TlsAlloc
TlsSetValue
GetTickCount
TlsGetValue
HeapSize
FreeLibrary
SetLastError
GetTempPathA
SetCurrentDirectoryA
GetDriveTypeA
FindFirstFileA
FindClose
GetFileAttributesA
DeleteFileA
MoveFileA
CopyFileA
WriteConsoleA
GlobalAlloc
GlobalFree
InterlockedCompareExchange
InterlockedExchange
WaitForMultipleObjects
GetCurrentThread
CreateSemaphoreA
ReleaseSemaphore

comctl32

InitCommonControls
CreateStatusWindowA
InitCommonControlsEx
ImageList_Destroy
ImageList_Remove
ImageList_AddMasked
ImageList_Create
ImageList_Add
ImageList_ReplaceIcon
ImageList_GetIconSize

user32

FindWindowA
ShowWindowAsync
GetShellWindow
GetWindowDC
ReleaseDC
GetDC
GetDesktopWindow
CharLowerA
CharUpperA
GetPropA
RemovePropA
FillRect
GetIconInfo
DrawStateA
GetParent
GetClientRect
SendMessageA
InvalidateRect
CallWindowProcA
SetPropA
SetWindowLongA
DestroyWindow
ShowWindow
IsZoomed
GetWindowLongA
MoveWindow
MessageBoxA
GetWindowThreadProcessId
IsWindowVisible
IsWindowEnabled
GetForegroundWindow
EnableWindow
EnumWindows
SetWindowTextA
GetWindowTextLengthA
GetWindowTextA
GetSysColor
GetSysColorBrush
CreateWindowExA
ValidateRect
GetWindowRect
MapWindowPoints
RedrawWindow
ScreenToClient
SetWindowPos
UpdateWindow
ReleaseCapture
BeginPaint
EndPaint
SetCapture
GetSystemMetrics
DefWindowProcA
DrawFrameControl
GetWindow
SetActiveWindow
UnregisterClassA
DestroyAcceleratorTable
LoadIconA
LoadCursorA
PeekMessageA
MsgWaitForMultipleObjects
GetMessageA
GetActiveWindow
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
IsIconic
RegisterClassA
AdjustWindowRectEx
CreateAcceleratorTableA
GetMenu
SetCursorPos
LoadImageA
SetCursor
SystemParametersInfoA
GetKeyState
PostMessageA
GetCursorPos
SetFocus
GetFocus
IsChild
GetClassNameA
EnumChildWindows
DefFrameProcA
DestroyIcon
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx

gdi32

SetTextColor
SetBkColor
TextOutA
BitBlt
GetObjectA
GetObjectType
DeleteObject
IntersectClipRect
GetStockObject
CreatePen
SelectObject
MoveToEx
LineTo
CreateCompatibleBitmap
CreateDCA
CreateCompatibleDC
DeleteDC
StretchBlt
CreateDIBSection
CreateSolidBrush
SetDIBits
GdiSetBatchLimit
GdiGetBatchLimit
GetDIBits
CreateBitmap
SetPixel
GetTextExtentPoint32A
SetBkMode
SetTextAlign
SetStretchBltMode
SetBrushOrgEx
GetPixel
CreateFontIndirectA
GetTextMetricsA

advapi32

RegCreateKeyExA
RegConnectRegistryA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExA
RegDeleteValueA
RegEnumValueA
RegQueryValueExA

ole32

CoInitialize
RevokeDragDrop

shell32

ShellExecuteExA

wsock32

closesocket
WSACleanup
WSAStartup
ioctlsocket
recvfrom
socket
inet_addr
gethostbyname
htons
connect
recv
send
sendto
WSAGetLastError

winmm

timeBeginPeriod
timeEndPeriod

Sections

.code
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 284KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2540bf6032613ea3339107089d8edd9c

Headers

File Characteristics

Imports

msvcrt

kernel32

comctl32

user32

gdi32

advapi32

ole32

shell32

wsock32

winmm

Sections

.code Size: 20KB - Virtual size: 20KB

.text Size: 212KB - Virtual size: 211KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 284KB - Virtual size: 285KB

.rsrc Size: 2KB - Virtual size: 2KB

.code
Size: 20KB - Virtual size: 20KB

.text
Size: 212KB - Virtual size: 211KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 284KB - Virtual size: 285KB

.rsrc
Size: 2KB - Virtual size: 2KB