b6fc05a0a093b6d49f63b68b0bf75fd2

Sharing

Copy URL

Twitter E-mail

General

Target

b6fc05a0a093b6d49f63b68b0bf75fd2
Size

584KB
MD5

b6fc05a0a093b6d49f63b68b0bf75fd2
SHA1

7bbeacf6bfe41fc31242500103679bf840551f6b
SHA256

b146bc6b5bbcaa7946561c33c0b4f73195651017cdb1f13d4b3a277395be042e
SHA512

cdc968f3411fda93bfb76ef66d1792015dde431354cd262be3099158bbd96e6a41c71126c872cee586676e5d74f72e2b709e7ac69a0276483b8175bfe5d390bc
SSDEEP

6144:4B2Fl6IZDLjxZCFpIHOhUXTe8PV22uVVXpFs73y47xAmhSD032hRcol2bdNdoj+x:4BslZ3n7XC8PV2VjZFE7x/Sr8c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6fc05a0a093b6d49f63b68b0bf75fd2

Files

b6fc05a0a093b6d49f63b68b0bf75fd2
.dll windows:4 windows x86 arch:x86

86a939c5b40335562ba3d68cd69b14e4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Beep
FreeLibrary
GetModuleFileNameA
GetProcAddress
lstrcmpA
GetTimeFormatW
GetSystemDefaultLangID
GetVersionExA
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
SetLastError
LockResource
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
LoadResource
lstrlenA
WaitForSingleObject
IsBadReadPtr
ReleaseMutex
CompareFileTime
CloseHandle
EnterCriticalSection
SystemTimeToFileTime
LeaveCriticalSection
GetLastError
Sleep
GetSystemTime
lstrcpynA
AreFileApisANSI
GetTickCount
GetUserDefaultLCID
LocalAlloc
GetLocaleInfoW
LocalReAlloc
GetCurrentProcess
LocalFree
DeleteFileW
ExpandEnvironmentStringsA
DeleteFileA
LoadLibraryA
LoadLibraryW
CreateProcessA
CreateProcessW
CreateMutexA
CreateMutexW
SearchPathA
SearchPathW
SetFileAttributesA
SetFileAttributesW
FindResourceA
FindResourceW
GetDateFormatW
GetTimeFormatA
ExpandEnvironmentStringsW
GetDateFormatA
HeapAlloc
GetProcessHeap
HeapFree
FreeResource

secur32

DecryptMessage
ExportSecurityContext
AddCredentialsW
SaslEnumerateProfilesW
AddSecurityPackageA
DeleteSecurityContext
RevertSecurityContext
InitializeSecurityContextA
AddSecurityPackageW
AcquireCredentialsHandleA
AcceptSecurityContext
QueryCredentialsAttributesA
SaslGetProfilePackageW
SaslIdentifyPackageA
InitSecurityInterfaceA
EnumerateSecurityPackagesW
SaslEnumerateProfilesA
ImportSecurityContextW
MakeSignature
EncryptMessage
CompleteAuthToken

Exports

Exports

uteh

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 552KB - Virtual size: 548KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86a939c5b40335562ba3d68cd69b14e4

Headers

File Characteristics

Imports

kernel32

secur32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 17KB

.data Size: 552KB - Virtual size: 548KB

.rsrc Size: 4KB - Virtual size: 936B

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 17KB

.data
Size: 552KB - Virtual size: 548KB

.rsrc
Size: 4KB - Virtual size: 936B

.reloc
Size: 4KB - Virtual size: 1KB