a06d8c97087be627ee7752a6a4add000

Sharing

Copy URL Twitter E-mail

General

Target

a06d8c97087be627ee7752a6a4add000
Size

503KB
MD5

a06d8c97087be627ee7752a6a4add000
SHA1

b6bdaa9491bf15a95db4e5fc109d1925342eca59
SHA256

9f52bc6c911811d64fb0f8246d6ad6e4d2909c35f5f8439804d9a5e333834fee
SHA512

25e83949b61332f8a22f722f0c228b2eb36630431cda26dd4839a83399429f5a774df9915042790e12791454e86c59043dcf4baaeeccfcaadfd46682cc85ce2d
SSDEEP

12288:5JRoYGva106/TygxAGrTwKjCyQgB2jnOt0IkKVNzX5kz1W:5Jj/TlAGrT7fB/5dGz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a06d8c97087be627ee7752a6a4add000

Files

a06d8c97087be627ee7752a6a4add000
.exe windows:4 windows x86 arch:x86

66a2bfe1a2f247a35939bdf52b0c949b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\etrod\tftmfdd\hsssdiiyxt\aqntariki\eoch\oll.pdb

Imports

shell32

SHEmptyRecycleBinA
SHGetMalloc
DragQueryPoint
DragFinish
ExtractIconExA

comctl32

InitCommonControlsEx

user32

RegisterClassA
ImpersonateDdeClientWindow
GetMenuItemRect
DialogBoxIndirectParamA
GetUserObjectInformationA
ShowCursor
DrawIconEx
FindWindowW
LoadAcceleratorsA
GetDlgCtrlID
RegisterClassExA
GetMenuItemCount
ChangeMenuA
CharPrevExA
IsDialogMessage
GetPriorityClipboardFormat
DefMDIChildProcA
DispatchMessageW
DdeGetData
CreateWindowStationW
CharNextA
DrawTextA
DrawTextExW

comdlg32

ChooseColorA
PageSetupDlgW
PageSetupDlgA
ChooseFontA

advapi32

RegQueryValueExW
RegCloseKey
RegReplaceKeyW
RegEnumKeyExA
RegFlushKey
RegQueryValueW
ReportEventW
CryptVerifySignatureA
LookupPrivilegeValueW
RegNotifyChangeKeyValue
CryptGetProvParam
InitiateSystemShutdownA
GetUserNameW
RegQueryValueExA
LookupSecurityDescriptorPartsA
CryptSetProviderExW
RegDeleteKeyA
RegOpenKeyA
CryptEncrypt
CreateServiceA
RevertToSelf
InitializeSecurityDescriptor

kernel32

EnterCriticalSection
CreateFileA
InterlockedExchange
FreeResource
EnumSystemLocalesA
FreeEnvironmentStringsW
ExitProcess
GetLastError
GetProcessAffinityMask
FreeLibrary
GetOEMCP
HeapDestroy
GetEnvironmentStrings
GetVersionExA
GetEnvironmentStringsW
LCMapStringW
SetFilePointer
CompareStringW
IsValidCodePage
WriteFile
GetConsoleMode
GetCurrentProcessId
GetTickCount
GetDateFormatA
HeapAlloc
WriteConsoleOutputCharacterA
LeaveCriticalSection
GetTimeFormatA
GlobalHandle
SetUnhandledExceptionFilter
HeapReAlloc
InterlockedDecrement
GetCPInfo
EnumDateFormatsA
LocalAlloc
TlsAlloc
GetLocaleInfoW
GetCurrentThread
GetStringTypeA
SetThreadAffinityMask
GetStartupInfoA
GetStdHandle
InterlockedExchangeAdd
VirtualAlloc
IsValidLocale
GetFileType
TlsSetValue
WriteConsoleW
GetSystemTimeAsFileTime
GetLocaleInfoA
TlsGetValue
WideCharToMultiByte
GetCurrentProcess
HeapFree
GetStringTypeW
LCMapStringA
SetStdHandle
HeapSize
GetExitCodeProcess
UnhandledExceptionFilter
TerminateProcess
SetConsoleScreenBufferSize
CreateNamedPipeW
VirtualFree
GetConsoleCP
GlobalSize
CloseHandle
GetConsoleOutputCP
OpenFileMappingW
CreateMutexA
InitializeCriticalSection
FreeEnvironmentStringsA
VirtualQuery
Sleep
GetProcAddress
GetTimeZoneInformation
GetACP
ReadFile
lstrcpy
GetCommandLineA
GetCurrentThreadId
SetLocalTime
OpenMutexA
DeleteCriticalSection
SetEnvironmentVariableA
FoldStringW
GetUserDefaultLCID
CreateEventA
HeapCreate
MultiByteToWideChar
SetLastError
QueryPerformanceCounter
LoadLibraryA
IsDebuggerPresent
InterlockedIncrement
GetFullPathNameW
WriteConsoleA
GetModuleFileNameA
FlushFileBuffers
lstrcpyW
GetProcessHeap
TlsFree
FillConsoleOutputCharacterA
RtlUnwind
SetConsoleCtrlHandler
CompareStringA
GetModuleHandleA
SetHandleCount

Sections

.text
Size: 331KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66a2bfe1a2f247a35939bdf52b0c949b

Headers

File Characteristics

PDB Paths

Imports

shell32

comctl32

user32

comdlg32

advapi32

kernel32

Sections

.text Size: 331KB - Virtual size: 330KB

.rdata Size: 56KB - Virtual size: 83KB

.data Size: 106KB - Virtual size: 105KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 331KB - Virtual size: 330KB

.rdata
Size: 56KB - Virtual size: 83KB

.data
Size: 106KB - Virtual size: 105KB

.rsrc
Size: 9KB - Virtual size: 8KB