c6bcd79e4d42dd3592974f5a16b972d6

Sharing

Copy URL

Twitter E-mail

General

Target

c6bcd79e4d42dd3592974f5a16b972d6
Size

32KB
MD5

c6bcd79e4d42dd3592974f5a16b972d6
SHA1

b08db0c1b2f46a15244269f426b0745d2524ea8f
SHA256

cff5d3ba96f71c415215c0e5e21cd9ba4c8afe8ff51954496169406e739eec4c
SHA512

20f57f385be11ac16022483f2f0c8c267806eec53426456d3cb897bf5886c7fecb3c8e8a15892a52367f6fa4f6e071bac15194eeb3112b1464ef99de6163ecea
SSDEEP

768:WaG/yLPArALxNzMHS/cuQV8FAaytyGZZPoVa9Im:Wd/yLPArAtNzMy/FQV8FA5/oiIm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c6bcd79e4d42dd3592974f5a16b972d6

Files

c6bcd79e4d42dd3592974f5a16b972d6
.exe windows:4 windows x86 arch:x86

d6617dd9aff57767e8f0e8ebd2ce9ba5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpA
GetDriveTypeA
GetLogicalDriveStringsA
WriteFile
CopyFileA
UnmapViewOfFile
GetDiskFreeSpaceA
ExitProcess
GetModuleFileNameA
GetModuleHandleA
GetSystemDirectoryA
SetCurrentDirectoryA
GetCurrentProcess
SetFileTime
GetFileTime
GetCurrentDirectoryA
lstrlenA
SetSystemTime
GetSystemTime
LoadLibraryA
CreateEventA
DeviceIoControl
FreeLibrary
GlobalFree
LoadLibraryExA
GlobalAlloc
GetProcAddress
GetSystemDirectoryW
SizeofResource
LoadResource
FindResourceA
FindNextFileA
GetLastError
FileTimeToLocalFileTime
FindFirstFileA
lstrcpynA
FindClose
CreateFileA
GetFileSize
SetFilePointer
GetWindowsDirectoryA
ReadFile
CloseHandle
lstrcatA
GetTempFileNameA
lstrcpyA
WaitForSingleObject
GetVersion
CreateProcessA
CreateThread
Sleep
DeleteFileA
GetStartupInfoA
GetEnvironmentStrings
WideCharToMultiByte
SetHandleCount
GetEnvironmentStringsW
VirtualAlloc
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
GetFileType
GetStdHandle
HeapCreate
VirtualFree
FreeEnvironmentStringsW
HeapFree
FreeEnvironmentStringsA
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
HeapReAlloc
GetCommandLineA
HeapDestroy

user32

wsprintfA

advapi32

RegSetValueExA
OpenSCManagerA
OpenServiceA
StartServiceA
CloseServiceHandle
RegCreateKeyExA
RegCreateKeyA
RegQueryValueExA
RegCloseKey
RegRestoreKeyA
RegOpenKeyExA
RegSaveKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CreateServiceA

shell32

StrStrA
StrChrA
StrRChrA

ws2_32

WSACleanup
setsockopt
socket
htons
inet_addr
connect
WSAStartup
closesocket
gethostname
gethostbyname
inet_ntoa
send
recv
WSAGetLastError

shlwapi

StrCatW
PathFileExistsA
StrToIntA

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d6617dd9aff57767e8f0e8ebd2ce9ba5

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

shlwapi

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 3KB - Virtual size: 3KB