c6f3f14fc1dfa51f5012033bb631e8b7

Sharing

Copy URL Twitter E-mail

General

Target

c6f3f14fc1dfa51f5012033bb631e8b7
Size

181KB
MD5

c6f3f14fc1dfa51f5012033bb631e8b7
SHA1

b2ef71724c96950e21d27f48caefa2730da1db2b
SHA256

dd1555e5d0984fde272074aca45887a1abebf66c5d62165ca3f837eae3c7387e
SHA512

980216c11b17cec86dfd79bfee3eb389c1e2bf18bca0f5e5a550da56a1f0e3aef05b6f30914ff7f1856a324e580bc7c25a0cc153eb0edb45201e5ce1ee6faf1e
SSDEEP

3072:OL7dWs6S9u/Ecv8Xs6xLuVeb9Ev9Db6KU5hvxVpU44mk/PhwY3Gril5B+FsSNN5c:+J+EcU5uVeb9+9Dovnp/zsPyY3GriLBc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c6f3f14fc1dfa51f5012033bb631e8b7

Files

c6f3f14fc1dfa51f5012033bb631e8b7
.exe windows:4 windows x86 arch:x86

4243a8494158bb6a7911dd8ff57abc1f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

wsprintfW
CharNextA
MonitorFromWindow
CharNextW

advapi32

CryptGetHashParam
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptReleaseContext
CryptDestroyHash

kernel32

QueryPerformanceCounter
CopyFileA
HeapReAlloc
CreateFiberEx
DebugBreak
FindResourceExW
GlobalLock
SetLastError
GetCurrentDirectoryW
LocalFree
GetVersionExW
GetCommandLineW
InterlockedExchange
lstrcmpiA
GetProcAddress
UpdateResourceW
GetProcessHeap
_lwrite
CloseHandle
LoadLibraryExW
MoveFileW
UnhandledExceptionFilter
EnumResourceLanguagesW
FindFirstFileA
GetFileAttributesA
GlobalFree
EscapeCommFunction
GetSystemDirectoryA
GetFullPathNameW
SetUnhandledExceptionFilter
FindFirstFileW
TerminateProcess
HeapDestroy
ReadFile
UnmapViewOfFile
DeleteFileW
GetFileAttributesW
GetModuleHandleW
_lclose
HeapSize
FindNextFileW
FreeResource
FindResourceW
DeleteFileA
SetFilePointer
LoadLibraryExA
GlobalUnlock
lstrlenA
GetCurrentProcess
GlobalAlloc
FormatMessageW
LoadLibraryA
GetCurrentProcessId
SizeofResource
EndUpdateResourceW
CreateDirectoryW
lstrlenW
InitializeCriticalSection
CreateFileW
InterlockedCompareExchange
CreateDirectoryA
CopyFileW
EnumResourceNamesA
AreFileApisANSI
GetVersionExA
GetEnvironmentVariableA
InterlockedDecrement
GetTempFileNameW
GetStringTypeExW
GetOEMCP
GetVersion
LeaveCriticalSection
SetEndOfFile
FatalExit
GetCurrentThreadId
CreateFileA
CreateFileMappingA
IsDebuggerPresent
LoadResource
SetFileAttributesA
BeginUpdateResourceW
FindClose
GetFileSize
GetFullPathNameA
WriteFile
HeapFree
HeapAlloc
GetACP
GetSystemTimeAsFileTime
FindNextFileA
GetLastError
WideCharToMultiByte
GetFileInformationByHandle
GetTickCount
OutputDebugStringA
MultiByteToWideChar
LockResource
_llseek
FreeLibrary
Sleep
GetThreadLocale
EnumResourceNamesW
MapViewOfFile
RemoveDirectoryW
EnterCriticalSection
SetFileAttributesW
ExitProcess
EnumResourceTypesW
DeleteCriticalSection
GetTempPathW
RaiseException
RemoveDirectoryA
InterlockedIncrement
GetLocaleInfoA
_lread
lstrcpyA

msvfw32

ICInfo

shell32

CommandLineToArgvW

imagehlp

ImageGetDigestStream
ImageNtHeader
ImageRvaToVa
ImageDirectoryEntryToData

psapi

GetProcessMemoryInfo

Sections

.text
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4243a8494158bb6a7911dd8ff57abc1f

Headers

File Characteristics

Imports

user32

advapi32

kernel32

msvfw32

shell32

imagehlp

psapi

Sections

.text Size: 155KB - Virtual size: 154KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 21KB - Virtual size: 20KB

.lib Size: 512B - Virtual size: 76KB

.text
Size: 155KB - Virtual size: 154KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 21KB - Virtual size: 20KB

.lib
Size: 512B - Virtual size: 76KB