c6ce5ed78862fb1db2c33a8bc1e00156

Sharing

Copy URL Twitter E-mail

General

Target

c6ce5ed78862fb1db2c33a8bc1e00156
Size

3.4MB
MD5

c6ce5ed78862fb1db2c33a8bc1e00156
SHA1

76811a6a4cc3d102198ea692a4eb5c875fb13398
SHA256

7bfefd279bac63174411e93b37d6be5dbc2d5f4c4a6f7e81db9495ebe2ce54b9
SHA512

36e7b099c3c570ba91e6dd59540f67c6bae299286e4a0e33b3b71196fa64bd5ab0c99ef63625d63c0486e8865d8cdf0fa32bc4553efbd50fd4b5becd5fdb5ad5
SSDEEP

98304:W6EbnVXebwogL/ioB6WmE+0ddxU/4kCX:9EbnVObwogL/Jxddx6h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c6ce5ed78862fb1db2c33a8bc1e00156

Files

c6ce5ed78862fb1db2c33a8bc1e00156
.exe windows:4 windows x86 arch:x86

822998488656a52ad29aa1fd24cd6d25

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

ntdll

NtAllocateVirtualMemory

advapi32

StartServiceW
EnumDependentServicesW
ControlService
OpenSCManagerW
ReportEventA
CloseServiceHandle
DeregisterEventSource
OpenServiceA
OpenServiceW
ChangeServiceConfigA
RegQueryValueExW
RegEnumKeyA
QueryServiceLockStatusW
RegQueryValueExA
RegSetValueExW
RegOpenKeyExA
StartServiceA
RegCreateKeyExW
ChangeServiceConfigW
RegCloseKey
RegDeleteValueW
RegisterEventSourceA
QueryServiceLockStatusA
RegOpenKeyA
RegOpenKeyExW
QueryServiceStatus
OpenSCManagerA
RegQueryValueA

kernel32

SetLastError
WideCharToMultiByte
OutputDebugStringA
GetEnvironmentVariableA
CreateEventA
lstrcpyW
CreateProcessW
SetFileAttributesA
lstrlenW
GetDriveTypeW
lstrcpynA
DeleteCriticalSection
CreateThread
lstrcmpiW
InterlockedCompareExchange
InitializeCriticalSection
EnterCriticalSection
GetLogicalDrives
lstrlenA
LocalAlloc
CopyFileA
GetModuleHandleA
DeleteFileA
GetDriveTypeA
WaitForSingleObject
SleepEx
GetSystemWindowsDirectoryA
ReleaseSemaphore
GetCommandLineA
GetExitCodeProcess
GetLocalTime
QueryPerformanceCounter
LeaveCriticalSection
lstrcpyA
GetComputerNameA
SetUnhandledExceptionFilter
DisableThreadLibraryCalls
lstrcatW
LoadLibraryA
MultiByteToWideChar
GetSystemTimeAsFileTime
SetEvent
GetVersionExA
GetComputerNameW
SetErrorMode
TerminateProcess
MoveFileA
OpenEventA
LocalFree
UnhandledExceptionFilter
lstrcmpA
GetTickCount
lstrcpynW
GetProcAddress
GetSystemDirectoryA
GetCurrentProcessId
CreateSemaphoreW
CreateProcessA
CloseHandle
GetCurrentThreadId
lstrcmpiA
GetTempFileNameA
lstrcmpW
CreateFileA
Sleep
FreeLibrary
GetLastError
MoveFileExA

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW

samlib

SamAddMemberToAlias

msvcrt

_adjust_fdiv
malloc
wcscpy
printf
_stricmp
strrchr
strstr
_wcsicmp
wcslen
fwprintf
strncat
free
fopen
swprintf
_initterm
strtok
_snprintf
fprintf
sprintf
fclose
_vsnwprintf
_onexit
wcscmp
__dllonexit
fflush
strncpy

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

user32

LoadStringW
wsprintfA
wsprintfW
CharPrevA
CharNextA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3.2MB - Virtual size: 15.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

822998488656a52ad29aa1fd24cd6d25

Headers

File Characteristics

Imports

ntdll

advapi32

kernel32

rpcrt4

samlib

msvcrt

version

user32

Sections

.text Size: 4KB - Virtual size: 4KB

.data Size: 3.2MB - Virtual size: 15.5MB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 156KB - Virtual size: 155KB

.rdata Size: 35KB - Virtual size: 34KB

.text
Size: 4KB - Virtual size: 4KB

.data
Size: 3.2MB - Virtual size: 15.5MB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 156KB - Virtual size: 155KB

.rdata
Size: 35KB - Virtual size: 34KB