6fea660213695d45e372de933fefc8fc

Sharing

Copy URL

Twitter E-mail

General

Target

6fea660213695d45e372de933fefc8fc
Size

20KB
MD5

6fea660213695d45e372de933fefc8fc
SHA1

39fc2ac9da51618072e02fcb10eb8497edcff7ad
SHA256

31aff50eb85d6f14c926e7b01024c758fdb73a63fa67ac3d19b9c86d487680a9
SHA512

10d2715086147a6d252bf8d6f07e581d16f6b33e9fbcdd9e41b4ec98400a7b851b74517a672457a2f31decb755a385f31d5ea8ced6858ac7623d2b2b342482ea
SSDEEP

384:6oRA8jd7l0H1niWtXS0eaWekamFSMOFsPss0P3v6SJrfOVTCU3iNF73FoashLWGN:6id7GH1nZCv7FSMOFsPss0P3vdJjONC2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fea660213695d45e372de933fefc8fc

Files

6fea660213695d45e372de933fefc8fc
.dll windows:6 windows x86 arch:x86

d1bedd507b812fae5dd740692bf9e0bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

memcpy
_aullrem
_aulldiv
tolower
memset

shlwapi

PathFindFileNameW
StrStrIW
StrToIntExA

wevtapi

EvtSetChannelConfigProperty
EvtOpenChannelEnum
EvtClearLog
EvtNextChannelPath
EvtOpenChannelConfig
EvtSaveChannelConfig
EvtClose

kernel32

GetCurrentProcessId
CreateToolhelp32Snapshot
OpenThread
SuspendThread
ResumeThread
WriteProcessMemory
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
lstrlenW
InterlockedIncrement
InterlockedDecrement
GetTickCount
GetLastError
InterlockedExchangeAdd
lstrcmpiW
CloseHandle
CreateThread
GetModuleFileNameW
DisableThreadLibraryCalls
GetFileSize
lstrlenA
WideCharToMultiByte
ReadFile
CreateFileW
SetLastError
lstrcmpA
lstrcpynA
FindResourceW
LoadResource
GetCurrentProcess
GetModuleHandleExW
GetModuleHandleW
Thread32First
LoadLibraryW
ReadProcessMemory
Thread32Next
GetProcAddress
GetCurrentThreadId

user32

LockWindowUpdate
DispatchMessageW
CallWindowProcW
RegisterHotKey
SetWindowTextW
GetSystemMetrics
ReleaseCapture
CreateWindowExW
SetLayeredWindowAttributes
GetCursorPos
SetWindowPos
RedrawWindow
SetWindowLongW
GetWindowTextW
GetWindowLongW
OffsetRect
TranslateMessage
wsprintfW
PtInRect
GetClientRect
TrackMouseEvent
GetParent
SetForegroundWindow
PostMessageW
SetCapture
GetMessageW
GetWindowRect
SetTimer
DestroyWindow
ClientToScreen
wsprintfA

gdi32

SetBkMode
GetStockObject

advapi32

RegCreateKeyExW
RegSetValueExW
RegCloseKey

shell32

ShellExecuteExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1bedd507b812fae5dd740692bf9e0bf

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

shlwapi

wevtapi

kernel32

user32

gdi32

advapi32

shell32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: - Virtual size: 112B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: - Virtual size: 112B

.reloc
Size: 1KB - Virtual size: 1KB