c6ef3597ab26592b5230698221657ab6[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

c6ef3597ab26592b5230698221657ab6.bin
Size

203KB
MD5

c6ef3597ab26592b5230698221657ab6
SHA1

53225fec24507cb7703aff67f0d02a83e4e24a30
SHA256

73a0a9e8fc1a2f59f5022a3dfd433d56dae9b1acf4ed066488de771a44708044
SHA512

fd9f7ea5f99f786b3a3d2ed512208546710d330eee56270731d2c18482e38b42df4158445c231b4e5c62bb861f7215984dd204c5324fd9ef912b438705f8dbed
SSDEEP

3072:+0lk92ApId78LGqLldGLKtxHSEutEIT+pCp8U08Uqgo+x5PJMut/52m:+AsdI1KGelsKtxH/pICwpUIk5BL/8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c6ef3597ab26592b5230698221657ab6.bin

Files

c6ef3597ab26592b5230698221657ab6.bin
.exe windows:4 windows x86 arch:x86

0129070e9ba303aa9a85607378b050ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipDisposeImage
GdipAlloc
GdipGetImageThumbnail
GdiplusStartup
GdipCreateBitmapFromStreamICM
GdiplusShutdown
GdipFree
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdipCloneImage

kernel32

GetProcAddress
WriteFile
lstrlenA
DosPathToSessionPathW
LocalAlloc
InterlockedDecrement
GetTickCount
VirtualFree
ResetEvent
CreateThread
GetModuleFileNameW
lstrcmpiW
FreeLibrary
SetEvent
DeleteCriticalSection
LoadLibraryW
GetCurrentThreadId
RaiseException
GetCurrentProcessId
lstrcpynW
GetProcessId
InterlockedIncrement
CloseHandle
GlobalAlloc
GetThreadLocale
GetThreadPriority
GetSystemInfo
GlobalUnlock
lstrlenW
GetSystemTimeAsFileTime
GetLastError
ReleaseSemaphore
QueryPerformanceCounter
GetACP
GetCurrentProcess
SetThreadPriority
EnumResourceTypesA
MultiByteToWideChar
ProcessIdToSessionId
VirtualAlloc
CreateSemaphoreW
DuplicateHandle
OutputDebugStringW
WaitForSingleObject
GetVersionExA
ExitProcess
GetCurrentThread
GetLocaleInfoA
InitializeCriticalSection
CreateFileW
GlobalFree
GetVersionExW
DisableThreadLibraryCalls
WaitForMultipleObjects
EnterCriticalSection
GetModuleHandleW
lstrcpyW
GlobalLock
CreateEventW
LeaveCriticalSection
GlobalReAlloc
LocalFree
Sleep
lstrcmpW
InterlockedExchange
GetModuleFileNameA

user32

KillTimer
wvsprintfW
GetQueueStatus
PeekMessageW
UnregisterClassA
PostThreadMessageW
GetDC
IsWindowVisible
RegisterWindowMessageW
TranslateMessage
ReleaseDC
SetTimer
EnableWindow
GetWindowRect
wsprintfW
UnregisterClassW
DispatchMessageW
SetParent
MsgWaitForMultipleObjects

winmm

waveInGetDevCapsW
waveInGetNumDevs
mixerClose
mixerGetLineInfoW
mixerGetLineControlsW
mixerSetControlDetails
mixerOpen
mixerGetControlDetailsW
timeSetEvent
timeGetTime
mixerGetNumDevs
mixerGetDevCapsW

gdi32

GetDIBits
CreateCompatibleDC
GetStockObject
StretchDIBits
SetStretchBltMode
CreateDIBSection
RealizePalette
GetObjectW
SelectPalette
SelectObject
BitBlt

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0129070e9ba303aa9a85607378b050ab

Headers

File Characteristics

Imports

gdiplus

kernel32

user32

winmm

gdi32

Sections

.text Size: 120KB - Virtual size: 120KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 77KB - Virtual size: 76KB

.tls Size: 1024B - Virtual size: 80KB

.text
Size: 120KB - Virtual size: 120KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 77KB - Virtual size: 76KB

.tls
Size: 1024B - Virtual size: 80KB