c6a34fd1062a73ca4b10df001c716a5e

Sharing

Copy URL Twitter E-mail

General

Target

c6a34fd1062a73ca4b10df001c716a5e
Size

417KB
MD5

c6a34fd1062a73ca4b10df001c716a5e
SHA1

6d70af8b4cf933ffb37cedc7744be89762b0fa79
SHA256

0b5e1bd88fce442da89b8a6651525d57b360d2c0219546cd4ed4146cf82c8acd
SHA512

e17c0b13062e94f0c91e4d1313004f869afeb984a573ce13f8d5434041ee82b71633c461055a3081bab0bf4bb4d003f17464d0c09b9beb4c2e65d2b2a580972c
SSDEEP

12288:tTh6qkvHiPyohEUkmO2KKcwIVmTfeMyYGYiSRe3:tl6qkvHiPyoNO2HyypDiSRe3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c6a34fd1062a73ca4b10df001c716a5e

Files

c6a34fd1062a73ca4b10df001c716a5e
.exe windows:4 windows x86 arch:x86

de8edaaca32755a6d3543c3e2f175569

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryMultipleValuesW
CryptSignHashW
CryptGetUserKey
ReportEventA
CryptEnumProvidersW
RegSetValueW
CryptDestroyHash
DuplicateToken
CryptSetProviderW
CryptEnumProvidersA
RegCloseKey
CryptVerifySignatureA
InitiateSystemShutdownA
LookupAccountSidA
LookupAccountNameW
RegSetValueExW
RegLoadKeyA
CryptGetDefaultProviderA
CryptGetHashParam
CryptDuplicateHash
RegLoadKeyW
LookupPrivilegeValueW
RevertToSelf

kernel32

GetCurrentThread
InitializeCriticalSection
RtlUnwind
TerminateProcess
GetCurrentProcess
DeleteCriticalSection
GetTimeFormatA
EnumSystemLocalesA
LoadModule
GetEnvironmentStrings
GetStdHandle
GetFileType
HeapDestroy
GetTickCount
GetDateFormatA
GetSystemTimeAsFileTime
LoadLibraryA
GetUserDefaultLCID
SetConsoleCtrlHandler
UnhandledExceptionFilter
GetVersionExA
VirtualFree
GetACP
LCMapStringW
InterlockedDecrement
CompareStringW
IsDebuggerPresent
QueryPerformanceCounter
SetLastError
GetStringTypeW
GetTimeZoneInformation
ExitProcess
GetCurrentThreadId
GetProcessHeap
HeapFree
TlsFree
GetStringTypeA
GetCommandLineA
GetLocaleInfoA
GetPrivateProfileSectionA
FreeEnvironmentStringsW
InterlockedIncrement
IsValidLocale
SetEnvironmentVariableA
HeapReAlloc
GetLastError
FreeEnvironmentStringsA
HeapSize
GetProcAddress
FreeLibrary
WideCharToMultiByte
HeapAlloc
CompareFileTime
GetLocaleInfoW
EnterCriticalSection
GetEnvironmentStringsW
VirtualQuery
TlsGetValue
InterlockedExchange
VirtualAlloc
SetUnhandledExceptionFilter
GetModuleFileNameA
SetHandleCount
MultiByteToWideChar
GetStartupInfoA
GetCPInfo
GetOEMCP
LCMapStringA
CompareStringA
TlsSetValue
TlsAlloc
GetModuleHandleA
HeapCreate
IsValidCodePage
LeaveCriticalSection
WriteFile
Sleep
GetCurrentProcessId

gdi32

GetROP2
GetKerningPairsW
AngleArc

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 278KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de8edaaca32755a6d3543c3e2f175569

Headers

File Characteristics

Imports

advapi32

kernel32

gdi32

Sections

.text Size: 128KB - Virtual size: 127KB

.rdata Size: 8KB - Virtual size: 26KB

.data Size: 278KB - Virtual size: 277KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 128KB - Virtual size: 127KB

.rdata
Size: 8KB - Virtual size: 26KB

.data
Size: 278KB - Virtual size: 277KB

.rsrc
Size: 2KB - Virtual size: 1KB