c6c31bbe5c780ad01f91ad02e3f4801a

Sharing

Copy URL

Twitter E-mail

General

Target

c6c31bbe5c780ad01f91ad02e3f4801a
Size

359KB
MD5

c6c31bbe5c780ad01f91ad02e3f4801a
SHA1

f64b288804e51a96832e2c546793822cf4c2e5a6
SHA256

65db7beaf8a67b689a9250bc715685c0b86447132f17df5f2242a9d895bfa879
SHA512

80dab3f36498b63ebff6fc6beba10bdc508bd1f09a9fd852660355f6ebe5f6f19503fef5a0a00a54d9cd06ad2f3b1e229f10ec421e9cb51cfa1bcb0f4804bdd6
SSDEEP

6144:eyxKNePi9F0o6rQ9Tnn3wcigiCb2rKbl4uloJsjmqIoOj:eyxy9FG2Lk4AKJ4ulhBv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c6c31bbe5c780ad01f91ad02e3f4801a

Files

c6c31bbe5c780ad01f91ad02e3f4801a
.exe windows:5 windows x86 arch:x86

1436b6bfe5ca3b68534330c258fc0f2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

imm32.pdb

Imports

msvcrt

wcscpy
wcscmp
swprintf
wcscat
_itoa
??1type_info@@UAE@XZ
_i64tow
_ui64tow
_ultow
_wtol
_ftol
_wcsicmp
wcstoul
time
_itow
wcstombs
strncmp
__CxxFrameHandler
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_snprintf
_vsnwprintf
_onexit
__dllonexit
?terminate@@YAXXZ
_adjust_fdiv
malloc
_initterm
free
vswprintf
_except_handler3
strtok
atoi
mbstowcs
memmove
wcsncpy
wcsncat
wcsstr
wcslen
isxdigit
wcschr
_snwprintf
wcsncmp
towupper
_wtoi
iswspace
fgetws
swscanf
fclose
_wfopen
fwprintf
wcscspn

ntdll

VerSetConditionMask
RtlGetNtProductType
RtlInitUnicodeString
NtSetEvent
NtOpenEvent
NtCreateEvent
RtlVerifyVersionInfo
NtDeviceIoControlFile
NtOpenFile
RtlNtStatusToDosError
NtClose
NtCreateFile

rtutils

TraceRegisterExA
TracePrintfA
TraceVprintfExA

advapi32

OpenThreadToken
RegEnumKeyExW
AdjustTokenPrivileges
StartServiceW
UnlockServiceDatabase
LockServiceDatabase
ControlService
EnumDependentServicesW
GetUserNameW
QueryServiceConfigW
ChangeServiceConfigW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegEnumValueW
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
GetTokenInformation
OpenProcessToken

gdi32

GetTextExtentPoint32W
SelectObject
DeleteObject
CreateFontIndirectW
GetObjectW
GetDeviceCaps
GetStockObject

kernel32

SetComputerNameExW
GetSystemDefaultUILanguage
GetExitCodeThread
GetComputerNameExW
IsBadReadPtr
GetModuleHandleA
VirtualFree
VirtualAlloc
DeviceIoControl
LocalAlloc
InterlockedExchange
SetThreadPriority
FreeLibraryAndExitThread
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
QueueUserWorkItem
SetEvent
CancelIo
ResetEvent
WaitForMultipleObjects
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
GetNumberFormatW
GetOverlappedResult
FileTimeToLocalFileTime
GetPrivateProfileIntW
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
DisableThreadLibraryCalls
MultiByteToWideChar
lstrlenA
CloseHandle
WriteFile
lstrlenW
CreateFileW
lstrcatW
GetTempPathW
Sleep
lstrcpyW
GetLastError
HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc
FlushInstructionCache
GetCurrentProcess
lstrcmpiW
WideCharToMultiByte
DebugBreak
GetCurrentThreadId
WaitForSingleObject
HeapDestroy
GetModuleFileNameW
lstrcpynW
GetCurrentThread
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetFileSize
GetModuleHandleW
CreateThread
LoadLibraryW
DelayLoadFailureHook
GetProcAddress
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
FormatMessageW
LockResource
CreateEventW
CreateMutexW
ExpandEnvironmentStringsW
DeleteFileW
GetSystemDirectoryW
VerifyVersionInfoW
SetLastError
LocalFree
lstrcmpA
GlobalFree
GetStringTypeExW
GetThreadLocale
lstrcmpW
OutputDebugStringW
GetUserDefaultLCID
GetUserDefaultUILanguage
ReleaseMutex
IsBadWritePtr
IsBadStringPtrW
GetSystemWindowsDirectoryW
GetFileAttributesW
GetVersionExW
GetWindowsDirectoryW
GetPrivateProfileStringW
GetPrivateProfileSectionW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeEx
CoUninitialize
CoCreateGuid
CLSIDFromString
IIDFromString
CoInitialize
CoCreateInstance
StringFromCLSID
StringFromGUID2
CoSetProxyBlanket

rpcrt4

CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
NdrStubCall2
NdrStubForwardingFunction
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_DebugServerRelease

shell32

ShellExecuteW
SHGetFolderPathW
ShellExecuteExW
SHChangeNotify
SHGetInstanceExplorer
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetMalloc
Shell_NotifyIconW
SHGetDesktopFolder
SHGetPathFromIDListW

user32

EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
DrawIconEx
EndPaint
BeginPaint
CreateMenu
RegisterClassW
SetDlgItemInt
DeleteMenu
TrackPopupMenu
InsertMenuItemW
AppendMenuW
EnableMenuItem
CharLowerBuffW
InsertMenuW
SetMenuDefaultItem
CreateDialogParamW
DialogBoxParamW
CharLowerW
ExitWindowsEx
GetCursorPos
SetMenuItemInfoW
GetMenuItemID
CheckMenuItem
FindWindowExW
GetMenuItemCount
GetMenuItemInfoW
LoadMenuW
GetWindowTextA
wvsprintfW
SetCapture
GetClassLongW
ReleaseCapture
CheckRadioButton
IsWindowVisible
SendMessageTimeoutW
IsWindowEnabled
MoveWindow
MessageBeep
GetDlgItemTextW
GetWindowThreadProcessId
GetShellWindow
InSendMessage
PostThreadMessageW
CopyIcon
DestroyMenu
RemoveMenu
GetSubMenu
LoadStringW
SetForegroundWindow
IsWindow
FindWindowW
CharNextW
GetWindowLongW
CallWindowProcW
PeekMessageW
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjects
GetDlgItem
SendMessageW
SetWindowPos
MapWindowPoints
GetClientRect
GetWindowRect
GetParent
SetWindowLongW
GetWindowTextW
GetWindowTextLengthW
wsprintfW
LoadCursorW
DefWindowProcW
EndDialog
CharUpperW
SetWindowTextW
SendDlgItemMessageW
SetDlgItemTextW
GetSystemMetrics
DestroyWindow
PostMessageW
EnableWindow
CheckDlgButton
IsDlgButtonChecked
MessageBoxW
SetCursor
WinHelpW
DestroyIcon
GetDesktopWindow
GetMessagePos
GetAsyncKeyState
SetFocus
GetFocus
SetClassLongW
ShowWindow
UpdateWindow
PostQuitMessage
GetKeyState
LoadImageW
GetDlgCtrlID
ReleaseDC
GetDC
CreateWindowExW
SetTimer
KillTimer
GetMessageW
LoadIconW
SetWindowTextA

ws2_32

WSCDeinstallProvider
WSCEnumProtocols

iphlpapi

FlushIpNetTable
NotifyAddrChange
GetAdaptersInfo

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 219KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1436b6bfe5ca3b68534330c258fc0f2c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

rtutils

advapi32

gdi32

kernel32

ole32

rpcrt4

shell32

user32

ws2_32

iphlpapi

Sections

.text Size: 88KB - Virtual size: 88KB

.rdata Size: 40KB - Virtual size: 40KB

.data Size: 219KB - Virtual size: 224KB

.bss Size: - Virtual size: 33KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 88KB - Virtual size: 88KB

.rdata
Size: 40KB - Virtual size: 40KB

.data
Size: 219KB - Virtual size: 224KB

.bss
Size: - Virtual size: 33KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB