b6fda3ff33bcafad08f5c6a7f8545849

Sharing

Copy URL Twitter E-mail

General

Target

b6fda3ff33bcafad08f5c6a7f8545849
Size

288KB
MD5

b6fda3ff33bcafad08f5c6a7f8545849
SHA1

dff949e2b24544d92b2a8f322a1559a802215d38
SHA256

a2115bf8bb7646688b1e51e44bae6a1382f80101b64e12d073fbb14370f5d085
SHA512

73d3d0ef04f1cb29bcacd31d5486be3b421ef6c4768ce756114007c883d9e14686ebffed4cbfcc85def6037da7afb052f499882672c2ef3bb1ace75874c8722c
SSDEEP

6144:geph7DWI6We6YhaB05K0mCjySg3fNEoUu5Qwe/GnPbL5iuI9X:geHD4+3RSjJg3VKuIUPb8uI9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6fda3ff33bcafad08f5c6a7f8545849

Files

b6fda3ff33bcafad08f5c6a7f8545849
.exe windows:4 windows x86 arch:x86

2e0baa0c7b01191c63f9c9f86d0dd1ec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemInfo
HeapSize
IsBadWritePtr
TlsGetValue
GetProcAddress
IsValidCodePage
HeapReAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetStringTypeA
GetCurrentProcessId
VirtualProtect
GetFileSize
GetFileType
WideCharToMultiByte
GetModuleHandleA
IsValidLocale
lstrcatA
WriteFile
SetEnvironmentVariableA
GetLocaleInfoW
GetVersionExA
GetACP
GetUserDefaultLCID
LCMapStringW
FindNextFileW
GetStartupInfoW
EnumCalendarInfoW
SystemTimeToFileTime
ExitProcess
GetTickCount
lstrcatW
VirtualFree
HeapFree
GetCurrentThread
GetModuleFileNameA
GetTimeFormatA
LoadLibraryA
QueryPerformanceCounter
GetCommandLineW
VirtualAlloc
LocalLock
FreeEnvironmentStringsW
VirtualQuery
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
RtlUnwind
GetDateFormatA
GetLastError
GetOEMCP
SetLastError
ReleaseSemaphore
InitializeCriticalSection
GetCPInfo
GetSystemTimeAsFileTime
GetEnvironmentStrings
DeleteCriticalSection
VirtualUnlock
GetEnvironmentStringsW
GetLocaleInfoA
CompareStringW
TlsFree
LeaveCriticalSection
GetTimeZoneInformation
CompareStringA
GetModuleFileNameW
TlsAlloc
GetNumberFormatA
HeapDestroy
TlsSetValue
GetStartupInfoA
GetProfileStringA
InterlockedExchange
GetStringTypeW
GetStdHandle
GetCommandLineA
MultiByteToWideChar
EnumSystemLocalesA
EnterCriticalSection
LCMapStringA
HeapCreate
HeapAlloc
SetHandleCount
GlobalFlags

shell32

FindExecutableA
SHAddToRecentDocs
ExtractIconA
SHGetDataFromIDListW
ExtractAssociatedIconExA
InternalExtractIconListW
ExtractAssociatedIconExW
SHGetPathFromIDListA
ShellExecuteExW
SheChangeDirExW
ExtractIconExA
SHGetDesktopFolder
DoEnvironmentSubstA
ShellExecuteA
DragQueryFileAorW
DragQueryFile

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e0baa0c7b01191c63f9c9f86d0dd1ec

Headers

File Characteristics

Imports

kernel32

shell32

Sections

.text Size: 141KB - Virtual size: 140KB

.data Size: 137KB - Virtual size: 137KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 141KB - Virtual size: 140KB

.data
Size: 137KB - Virtual size: 137KB

.rsrc
Size: 8KB - Virtual size: 8KB