b9c66e01628ecd99adc607e6c0c0fb6b

Sharing

Copy URL Twitter E-mail

General

Target

b9c66e01628ecd99adc607e6c0c0fb6b
Size

266KB
MD5

b9c66e01628ecd99adc607e6c0c0fb6b
SHA1

cd86d9563484fa2cdd8e860ee4ab001de87886c4
SHA256

5b16b486eb0e7d985b1ab98aef1f166b7227986c7ca904ba9dfd174327a4a91a
SHA512

33866c113a2fe21e3cfd3e93ea63661136d358400ec55beac9b8a537d9110d880a40738a8122ff378fddb0a7f98e6a9988d85fb4b57975dc00905fba82b70103
SSDEEP

6144:IRVygn3bbDYV60rELxqlm6ccr77J78/7h5VSRlci/ImhJDrO:IVygn3sV60mqlkcr77JQjbq7a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9c66e01628ecd99adc607e6c0c0fb6b

Files

b9c66e01628ecd99adc607e6c0c0fb6b
.exe windows:4 windows x86 arch:x86

0187c6a9913756171263f3b3d45540f4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
HeapFree
GetACP
GetStartupInfoA
SetUnhandledExceptionFilter
RaiseException
GetEnvironmentVariableA
InterlockedCompareExchange
LoadLibraryW
TerminateProcess
UnhandledExceptionFilter
GetCurrentThreadId
GetThreadLocale
GetCurrentProcessId
Sleep
lstrlenW
GetProcessHeap
HeapSize
EnumSystemLanguageGroupsW
WriteFile
GetTickCount
LocalAlloc
HeapAlloc
GetStdHandle
InterlockedExchange
QueryPerformanceCounter
HeapReAlloc
MultiByteToWideChar
GetWriteWatch
GetCurrentProcess
GetSystemTime
WideCharToMultiByte
HeapDestroy
GetModuleHandleA
HeapFree
LoadLibraryExW
lstrlenA
SystemTimeToFileTime
GetSystemTimeAsFileTime
IsDebuggerPresent
GetLocaleInfoA
CreateProcessA
CloseHandle
lstrcpynW

user32

GetWindowInfo
SetWindowLongA
LoadCursorA
GetWindowLongA
GetSysColor
ReleaseDC
GetDC
IsWindow
GetDlgItem
ReleaseCapture
FillRect
SetWindowPos
SetCursor
MoveWindow
SetCapture

winmm

mciSendCommandA
sndPlaySoundA

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow

gdi32

GetDeviceCaps
BitBlt
SaveDC
SetTextColor
GetObjectA
DeleteDC
GetStockObject
CreateRectRgn
EnumFontFamiliesExA
SetBkMode
DeleteMetaFile
TextOutA
SelectObject
DeleteObject
RestoreDC
GetTextExtentPoint32A
CreateCompatibleDC
CreateFontIndirectA
Rectangle
CreateSolidBrush
CreateCompatibleBitmap

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation

advapi32

RegOpenKeyA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegEnumKeyExA
RegSetValueExA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

ole32

CoTaskMemFree
ProgIDFromCLSID
StringFromCLSID

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0187c6a9913756171263f3b3d45540f4

Headers

File Characteristics

Imports

kernel32

user32

winmm

oleacc

gdi32

shell32

advapi32

version

ole32

Sections

.text Size: 64KB - Virtual size: 64KB

.rdata Size: 3KB - Virtual size: 142KB

.data Size: 197KB - Virtual size: 197KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 64KB - Virtual size: 64KB

.rdata
Size: 3KB - Virtual size: 142KB

.data
Size: 197KB - Virtual size: 197KB

.rsrc
Size: 512B - Virtual size: 4KB