6fd42dee4893d0f24db1d833fc9a8ad0

Sharing

Copy URL Twitter E-mail

General

Target

6fd42dee4893d0f24db1d833fc9a8ad0
Size

83KB
MD5

6fd42dee4893d0f24db1d833fc9a8ad0
SHA1

7e8c6ea4bcaad0ef05b1280556b3235ea11f4143
SHA256

d3a35151450dc5e117c32af998e061733e91a3650a1d015e9632882b8bcac7c9
SHA512

6b044d3ee78787911fb482ed1fc2c1e6594f87e87c3399a68bb10ff1b8d534c412b3d75556463fd063d9f787671a28a67838612f3d7bf704d0ae0f4cf8e4b75e
SSDEEP

768:1Af8zIx01CcXkUedG5mnn39Jb+ONM5ft4N4juaHmm:ZIx0ZXkUK5u+aHd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fd42dee4893d0f24db1d833fc9a8ad0

Files

6fd42dee4893d0f24db1d833fc9a8ad0
.dll windows:4 windows x86 arch:x86

2ad39fc6ff24b5dd61338931288ca803

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReleaseMutex
VirtualFreeEx
VirtualAllocEx
FindClose
FindNextFileA
lstrcmpiA
lstrcatA
GetCurrentProcess
Module32First
VirtualProtectEx
GetModuleHandleA
MultiByteToWideChar
CreateMutexA
DeleteFileA
GetModuleFileNameA
CopyFileA
TerminateProcess
DisableThreadLibraryCalls
IsBadReadPtr
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
WriteFile
GetTempPathA
LocalAlloc
InitializeCriticalSection
CreateFileA
GetFileSize
ReadFile
LocalFree
GetLastError
CloseHandle
GetCurrentProcessId
WaitForSingleObject
Sleep
LoadLibraryA
GetProcAddress
WinExec
lstrcpyA
lstrlenA
GetTickCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection

user32

GetDC
ReleaseDC
IsRectEmpty
GetWindowRect
GetForegroundWindow
GetWindowTextA
OpenWindowStationA
wsprintfA
GetWindowThreadProcessId
SetThreadDesktop
OpenDesktopA

gdi32

GetObjectA
DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
CreateDCA
GetDIBits
RealizePalette
SelectPalette
GetStockObject

advapi32

CryptReleaseContext
SetSecurityDescriptorDacl
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
OpenProcessToken
LookupPrivilegeValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

msvcp60

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

ws2_32

htons
ioctlsocket
connect
select
recv
send
getpeername
closesocket
WSAStartup
gethostbyname
socket

msvcrt

free
malloc
atol
strstr
sscanf
isprint
strchr
wcscmp
_splitpath
_purecall
__dllonexit
_onexit
_mbscmp
_beginthreadex
_mbsnbcmp
_mbsnbcpy
strcat
sprintf
strlen
_itoa
strncpy
atoi
memcmp
strcpy
??2@YAPAXI@Z
__CxxFrameHandler
memcpy
memset

shlwapi

StrStrIA

imagehlp

MakeSureDirectoryPathExists

wininet

HttpEndRequestA
HttpQueryInfoA
InternetReadFile
HttpSendRequestExA
InternetWriteFile
HttpOpenRequestA
HttpAddRequestHeadersA
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetAttemptConnect

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdiplusShutdown
GdipSaveImageToFile
GdiplusStartup
GdipAlloc
GdipFree
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCloneImage
GdipDisposeImage

Exports

Exports

Install
_Install@16

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 48.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shard
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ad39fc6ff24b5dd61338931288ca803

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcp60

ws2_32

msvcrt

shlwapi

imagehlp

wininet

gdiplus

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 28KB - Virtual size: 48.1MB

.CRT Size: 512B - Virtual size: 4B

shard Size: 10KB - Virtual size: 9KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 28KB - Virtual size: 48.1MB

.CRT
Size: 512B - Virtual size: 4B

shard
Size: 10KB - Virtual size: 9KB

.reloc
Size: 18KB - Virtual size: 18KB