606f36e841f653e077d0be0a158e1eac1885a37551adb90da7ec27bb006d1a84

Sharing

Copy URL Twitter E-mail

General

Target

606f36e841f653e077d0be0a158e1eac1885a37551adb90da7ec27bb006d1a84
Size

1.7MB
MD5

67f8fe715f28ef9de83599bfbaabcfaf
SHA1

da1d43569af84e51adea664e675fc6ce5376cb97
SHA256

606f36e841f653e077d0be0a158e1eac1885a37551adb90da7ec27bb006d1a84
SHA512

5c71b2041126e042d44a5ebee3a9226ea2df23fa135b1872293a595b35bbfe0f53593b6d79b96fa43555c41983da9e638604b89b3d5204e3f3071af6da4e01ae
SSDEEP

49152:t8vrhoJJtwlIlaEPcEAisI9eDYUkgD7/D:mrhoJTmIwEPZAs8Dnn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
606f36e841f653e077d0be0a158e1eac1885a37551adb90da7ec27bb006d1a84

Files

606f36e841f653e077d0be0a158e1eac1885a37551adb90da7ec27bb006d1a84
.dll windows:5 windows x86 arch:x86

0a6c331009fc3a0aaf28ab1e40b2215c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

b:\wmz9nl\7d.pdb

Imports

winmm

midiInMessage

crypt32

CryptProtectData

ole32

CoWaitForMultipleHandles
CoRevertToSelf

netapi32

NetUserGetGroups
NetApiBufferReallocate

msvfw32

ICCompress

user32

BringWindowToTop
ValidateRgn
IsWindowUnicode
GetMenuItemCount
KillTimer
GetWindowTextW
TrackPopupMenuEx
GetSubMenu
SetWindowLongW

wininet

InternetGetCookieW

urlmon

CoInternetSetFeatureEnabled

setupapi

SetupCreateDiskSpaceListW

advapi32

RegDisablePredefinedCache
MapGenericMask
SaferCreateLevel
DuplicateTokenEx
NotifyChangeEventLog
CryptDestroyKey
ImpersonateSelf
CreateProcessAsUserW

shell32

ExtractIconW

rpcrt4

I_RpcFreeBuffer

oleaut32

VarR8FromDec
VARIANT_UserMarshal

gdi32

GetTextExtentExPointI
SetRectRgn
GetAspectRatioFilterEx
CreatePatternBrush
SetROP2

kernel32

SetStdHandle
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LoadLibraryA
CloseHandle
CreateFileA
WriteFile
VirtualAlloc
VirtualFree
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FindNextChangeNotification
GetModuleFileNameA
GetBinaryTypeA
LoadLibraryW
GetProcAddress
GetModuleHandleA
GetUserDefaultLCID
GlobalFree
GetEnvironmentStringsW
SetTimeZoneInformation
SetThreadExecutionState
SetThreadPriority
EscapeCommFunction
FindVolumeClose
OutputDebugStringA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsSetValue
SetLastError
GetCurrentThreadId
GetLastError
Sleep
HeapFree
ExitProcess
MultiByteToWideChar
ReadFile
InitializeCriticalSectionAndSpinCount
RtlUnwind
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapAlloc
HeapReAlloc

clusapi

ClusterOpenEnum

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a6c331009fc3a0aaf28ab1e40b2215c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

crypt32

ole32

netapi32

msvfw32

user32

wininet

urlmon

setupapi

advapi32

shell32

rpcrt4

oleaut32

gdi32

kernel32

clusapi

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 40KB - Virtual size: 45KB

.rsrc Size: 4KB - Virtual size: 888B

.reloc Size: 24KB - Virtual size: 20KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 40KB - Virtual size: 45KB

.rsrc
Size: 4KB - Virtual size: 888B

.reloc
Size: 24KB - Virtual size: 20KB