b6866ceeceb6ddc87aa9772f8040fccf

Sharing

Copy URL Twitter E-mail

General

Target

b6866ceeceb6ddc87aa9772f8040fccf
Size

84KB
MD5

b6866ceeceb6ddc87aa9772f8040fccf
SHA1

9bbbfc57e2e8202493c4d41b6f1f411692628b10
SHA256

06f6f5b350e6f265e6c4b8e6f384731a9b1bc09886f7c8426df69cbdd2600c73
SHA512

36e8a598319413f0a234456bdfb1cb2b7f876cc5cb8abf0cbaa6fbed45b3046f6a65506ea6fc69fefb97e445509712213b68edde0e48c0941d342cfdcc82094f
SSDEEP

1536:mHJjGeHsX/56rQUrdrh41eNbsWd5GkNZ6sZvve8/1Gy8V8+7U:mH4eHQ5SP6uvva57

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6866ceeceb6ddc87aa9772f8040fccf

Files

b6866ceeceb6ddc87aa9772f8040fccf
.exe windows:5 windows x86 arch:x86

1b874da837dd07a9f624cb40c5ef509e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
ExitThread
GetEnvironmentStrings
lstrcmp
SetComputerNameExW
FillConsoleOutputAttribute
FindNextVolumeMountPointA
FillConsoleOutputCharacterW
CreateMailslotA
TerminateJobObject
LoadLibraryA
DnsHostnameToComputerNameW
GetSystemTimeAsFileTime
LZOpenFileW
OpenEventW
VirtualAlloc
GetDiskFreeSpaceExA
ReadDirectoryChangesW
GetProcAddress
SetThreadLocale
GetExitCodeProcess
SetFileShortNameA
BaseUpdateAppcompatCache
SetLocalPrimaryComputerNameW
Module32NextW
GetLogicalDrives
GetModuleHandleW
GetLongPathNameA
GetConsoleCommandHistoryLengthW
GetConsoleCP
FindActCtxSectionGuid
GetSystemPowerStatus
QueryPerformanceCounter
SetConsoleCursor
CmdBatNotification
SystemTimeToTzSpecificLocalTime
ExpandEnvironmentStringsW
EndUpdateResourceA
lstrlen
OpenMutexW
GetCurrentProcessId
SetCommBreak
ShowConsoleCursor
GetLastError
GetShortPathNameW
GetExitCodeThread
SetConsoleInputExeNameW
GetHandleInformation
ReadConsoleOutputA
CallNamedPipeA
GetCurrentThreadId
CloseHandle
_hread
GetConsoleAliasesLengthA
ReleaseMutex
GetModuleHandleExA
GetConsoleInputExeNameA
SetConsoleScreenBufferSize
SetUserGeoID

msvcrt

_ui64toa
_lock
_statusfp
_global_unwind2
_ismbbgraph
_mbscat
??4exception@@QAEAAV0@ABV0@@Z
_wmakepath
_strset
_vsnwprintf
?what@exception@@UBEPBDXZ

msi

MsiGetTargetPathA
MsiUseFeatureExW
MsiQueryFeatureStateFromDescriptorA
MsiLocateComponentA
MsiProvideQualifiedComponentExW
MsiGetFeatureInfoW
MsiInstallMissingComponentA
MsiEnumComponentCostsW
MsiReinstallFeatureA
MsiDatabaseCommit
MsiGetFeatureCostW

expsrv

rtcRound
__vbaGosubReturn
rtcIsMissing
__vbaEraseKeepData
__vbaVarLateMemStAd
__vbaCopyBytesZero
__vbaStr2Vec
__vbaStrI2
rtcSLN
__vbaVarLateMemCallLdRf
rtcMidCharBstr

user32

EndDialog

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b874da837dd07a9f624cb40c5ef509e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

msi

expsrv

user32

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 16KB - Virtual size: 50KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 264B

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 16KB - Virtual size: 50KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 264B