b6d8573c637b7d36d48df6f8bcd53568

Sharing

Copy URL Twitter E-mail

General

Target

b6d8573c637b7d36d48df6f8bcd53568
Size

220KB
MD5

b6d8573c637b7d36d48df6f8bcd53568
SHA1

20ad156d589fba93b89c10fa149ea8eb94b109fd
SHA256

e5775125b4b67f1f65dbdb45e1050d480b637c2aa48b33d724df4428669d5dfa
SHA512

e8f030259393fcafed45004d8dcffe736096bbfca772031672aead657789c899f3897e669034c64a1f1123392f4d305a694e71564695d735d2fc874e87c6d6e0
SSDEEP

6144:aRzPFDYgU1dmSuvTccPeDCmaHKHXihjW3vrGPxLFf:aRJM1MSuvDPeDCRq38jW3vrGPzf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6d8573c637b7d36d48df6f8bcd53568

Files

b6d8573c637b7d36d48df6f8bcd53568
.exe windows:4 windows x86 arch:x86

e72b028b7043400f91a5a5179dafb986

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

imagehlp

ImageRvaToVa
ImageGetDigestStream
ImageNtHeader
ImageDirectoryEntryToData

kernel32

SizeofResource
GlobalAlloc
FormatMessageW
LocalFree
GetTempPathW
DebugBreak
FindFirstFileW
GetFileInformationByHandle
LoadLibraryExW
GetFileSize
RemoveDirectoryA
lstrlenA
QueryPerformanceCounter
IsDebuggerPresent
ReadFile
HeapSize
CreateFiberEx
GetFileAttributesW
RaiseException
GetProcessHeap
FindClose
_lread
MultiByteToWideChar
GetStringTypeExW
BeginUpdateResourceW
CreateFileW
EnumResourceLanguagesW
LockResource
DeleteCriticalSection
TerminateProcess
CreateFileMappingA
HeapDestroy
SetFilePointer
GetFileAttributesA
UpdateResourceW
GetCurrentProcessId
GetLocaleInfoA
GetCurrentDirectoryW
lstrcmpiA
InterlockedDecrement
CreateFileA
InterlockedCompareExchange
_llseek
EscapeCommFunction
Sleep
EnterCriticalSection
GetLastError
InterlockedExchange
_lwrite
EndUpdateResourceW
EnumResourceNamesW
GetCommandLineW
WriteFile
InterlockedIncrement
GetProcAddress
GetVersionExA
FreeLibrary
EnumResourceNamesA
CreateDirectoryW
WideCharToMultiByte
UnhandledExceptionFilter
SetLastError
LoadLibraryA
AreFileApisANSI
SetFileAttributesW
GetFullPathNameA
GetVersion
GetTickCount
GetModuleHandleW
GetThreadLocale
GetOEMCP
GlobalLock
MoveFileW
CopyFileA
FreeResource
SetUnhandledExceptionFilter
CopyFileW
UnmapViewOfFile
FindFirstFileA
GetCurrentThreadId
_lclose
FindNextFileW
ExitProcess
FindNextFileA
LoadLibraryExA
GetFullPathNameW
LeaveCriticalSection
GlobalUnlock
DeleteFileW
FatalExit
HeapFree
SetFileAttributesA
SetEndOfFile
DeleteFileA
HeapAlloc
InitializeCriticalSection
HeapReAlloc
FindResourceExW
GetEnvironmentVariableA
GetCurrentProcess
GetSystemDirectoryA
FindResourceW
lstrlenW
LoadResource
MapViewOfFile
GetSystemTimeAsFileTime
OutputDebugStringA
GetACP
GlobalFree
CreateDirectoryA
RemoveDirectoryW
GetTempFileNameW
CloseHandle
GetVersionExW
EnumResourceTypesW
lstrcpyA

psapi

GetProcessMemoryInfo

user32

wsprintfW
MonitorFromWindow
CharNextA
CharNextW

advapi32

CryptCreateHash
CryptAcquireContextA
CryptGetHashParam
CryptHashData
CryptReleaseContext
CryptDestroyHash

shell32

CommandLineToArgvW

msvfw32

ICInfo

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e72b028b7043400f91a5a5179dafb986

Headers

File Characteristics

Imports

imagehlp

kernel32

psapi

user32

advapi32

shell32

msvfw32

Sections

.text Size: 200KB - Virtual size: 199KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 15KB - Virtual size: 14KB

.lib Size: 512B - Virtual size: 324KB

.text
Size: 200KB - Virtual size: 199KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 15KB - Virtual size: 14KB

.lib
Size: 512B - Virtual size: 324KB