b6bb32aaf86756b44cae459cdc66ccd6

Sharing

Copy URL Twitter E-mail

General

Target

b6bb32aaf86756b44cae459cdc66ccd6
Size

152KB
MD5

b6bb32aaf86756b44cae459cdc66ccd6
SHA1

9d6e85d6dcd0dd44e2f7dd8e5cde8f27211d394a
SHA256

7bc6fc47c51ef110dfce511afe49aafdac7a3bbe0cea09e9279ee125fe7ef446
SHA512

64f884910affab037628522d94ac7ea26f252b2589ca19010aa3c053770ceb258f7bff8b60b936576c03e6260597fe682214e98e4373f9dea020d5634ced4f93
SSDEEP

3072:fuJc6amuiZDYYPGpknJxS1wfCX7z/eMvr8ZchVdINH3/FrPPtL6W0X/zfZaE0md0:WJLcibGcK+CLzWgrCmwp/Fb0B7Zpx0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Док-ы 7 августа.exe

Files

b6bb32aaf86756b44cae459cdc66ccd6
.rar
Док-ы 7 августа.exe
.exe windows:5 windows x86 arch:x86

60b3f788cfd9addd5e48af0ed9e44e62

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
CloseHandle
GetDriveTypeW
HeapAlloc
WriteFile
GetSystemDirectoryA
LoadLibraryW
FindResourceExW
SetConsoleTitleA
GetEnvironmentVariableA
WriteConsoleA
CreateProcessW
OpenFileMappingA
GetEnvironmentVariableW
GetVolumeInformationA
AllocConsole
LoadLibraryA
GetCurrentProcessId
CreateThread
CreateMailslotW

cmutil

CmMoveMemory
CmRealloc
CmAtolA
CmFree

shlwapi

UrlUnescapeW
PathCombineA
UrlCanonicalizeA
PathIsRootW
UrlHashA
UrlIsNoHistoryA
UrlIsOpaqueW
UrlCreateFromPathW
UrlGetPartA
UrlEscapeA
UrlIsW
UrlGetLocationW
UrlCompareW
PathCompactPathW

advapi32

ControlService
CloseTrace
RegEnumKeyW
CryptSignHashA
ReadEventLogA
RegLoadKeyA
RegDeleteValueW
RegRestoreKeyW
RegOpenKeyW
RegCreateKeyExW
RegReplaceKeyA
IsValidSid

user32

PeekMessageW
CreateDesktopW
DispatchMessageA
IsCharUpperW
MessageBoxW
GetDlgItemTextA
FindWindowA
LoadCursorA
GetFocus
CharToOemW
DialogBoxParamA
GetMessageW
PostMessageA

ctl3d32

Ctl3dRegister
Ctl3dGetVer
Ctl3dCtlColor

crypt32

CertDuplicateCRLContext
CertDuplicateStore
CertFreeCTLContext
CertFindCRLInStore
CertCreateContext
CertNameToStrA
CertFindExtension
CertCloseStore
CertControlStore
CertDeleteCRLFromStore
CertOpenStore
CryptEncryptMessage
CryptFindOIDInfo
CertOIDToAlgId
CertCreateCRLContext

cfgmgr32

CMP_Report_LogOn
CM_Add_IDA
CM_Add_Range
CM_Add_Empty_Log_Conf

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.kdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

60b3f788cfd9addd5e48af0ed9e44e62

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

cmutil

shlwapi

advapi32

user32

ctl3d32

crypt32

cfgmgr32

Sections

.text Size: 6KB - Virtual size: 5KB

.kdata Size: 21KB - Virtual size: 20KB

.rsrc Size: 167KB - Virtual size: 167KB

.text
Size: 6KB - Virtual size: 5KB

.kdata
Size: 21KB - Virtual size: 20KB

.rsrc
Size: 167KB - Virtual size: 167KB