b6c11cf2c7e91ab4478a0d3d984bcc98

Sharing

Copy URL Twitter E-mail

General

Target

b6c11cf2c7e91ab4478a0d3d984bcc98
Size

407KB
MD5

b6c11cf2c7e91ab4478a0d3d984bcc98
SHA1

81449b802f67592b7e0e593d16337faac9eb74d5
SHA256

44344b9d2b932fd81c112b6fc02762301e1a104c75be357b1e064f235787f7f0
SHA512

a3e0ec685d005ab42bc83dc5f48612ae9c51d5e6cc47550ecdb1a84c8e51fcc9528a2b88e401e43dae11c0afa074e8ddc4d3037a874099d7ea131f7534d12657
SSDEEP

12288:G/3kVEE81bBf4wL5sIZYtuebGtKy9yS8YZdY:G/3kl8xBwwL5s6Ytu3tAbmY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6c11cf2c7e91ab4478a0d3d984bcc98

Files

b6c11cf2c7e91ab4478a0d3d984bcc98
.exe windows:4 windows x86 arch:x86

e489869b1266792a124b9e1f0a6fdd59

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

ChooseFontW
FindTextW

advapi32

CryptDestroyHash
RegQueryInfoKeyA
RegLoadKeyA
CryptDecrypt
RegCreateKeyA
CryptAcquireContextA
CryptDestroyKey
RegOpenKeyExW
LookupPrivilegeValueA
LogonUserA
LookupSecurityDescriptorPartsA
RegOpenKeyA
RegEnumKeyExA
StartServiceA
CryptVerifySignatureW
RegRestoreKeyA
RegDeleteValueA
RegSetValueExA
DuplicateToken
CryptGetHashParam
RegOpenKeyW
CryptImportKey
DuplicateTokenEx
RegQueryValueExW

kernel32

IsBadWritePtr
GetVersion
GetCurrentProcess
WriteProfileStringW
GetModuleHandleA
GetCPInfo
TlsSetValue
GetStartupInfoA
GetSystemTimeAsFileTime
HeapFree
GetCurrentProcessId
LCMapStringW
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
WaitNamedPipeA
SetLastError
GetProcAddress
GetEnvironmentStringsW
LoadLibraryA
EnumSystemLocalesA
VirtualAlloc
RtlUnwind
VirtualFree
GetCommandLineA
VirtualLock
FreeEnvironmentStringsA
GetLogicalDriveStringsA
OpenSemaphoreA
FileTimeToSystemTime
InterlockedExchange
GetEnvironmentStrings
GetStdHandle
WideCharToMultiByte
HeapReAlloc
GlobalFindAtomA
Sleep
MultiByteToWideChar
SetConsoleScreenBufferSize
GetLastError
InitializeCriticalSection
TlsGetValue
VirtualAllocEx
GetStringTypeW
GetCurrentThreadId
GetOEMCP
EnterCriticalSection
LCMapStringA
LeaveCriticalSection
TlsAlloc
VirtualQuery
HeapAlloc
UnhandledExceptionFilter
CopyFileExA
SetHandleCount
GetTickCount
HeapDestroy
WriteFile
FreeEnvironmentStringsW
GetCurrentThread
DeleteCriticalSection
GetStringTypeA
TlsFree
ExitProcess
GetTempPathW
TerminateProcess
GetACP
HeapCreate
SetConsoleTitleA
EnumSystemLocalesW

wininet

InternetShowSecurityInfoByURLW
HttpSendRequestExW
DeleteUrlCacheContainerW
InternetAutodial
InternetConfirmZoneCrossing

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e489869b1266792a124b9e1f0a6fdd59

Headers

File Characteristics

Imports

comdlg32

advapi32

kernel32

wininet

Sections

.text Size: 122KB - Virtual size: 122KB

.rdata Size: 4KB - Virtual size: 22KB

.data Size: 276KB - Virtual size: 276KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 122KB - Virtual size: 122KB

.rdata
Size: 4KB - Virtual size: 22KB

.data
Size: 276KB - Virtual size: 276KB

.rsrc
Size: 3KB - Virtual size: 2KB