d6a35259a1ed09110767be5c9d20c315

Sharing

Copy URL Twitter E-mail

General

Target

d6a35259a1ed09110767be5c9d20c315
Size

392KB
MD5

d6a35259a1ed09110767be5c9d20c315
SHA1

a233bbffdfd213b1bdfbbdf10320d25779e25f98
SHA256

673863973e4610223c72716823c5650be683c374b7a5b8fbf010d477b0147f57
SHA512

e0a5851d7acf1afb8d01e7a541ca80ebf341487034bbc70ea6719e78cf952ce106d84805baaf08dc08a7451aedaf86ea46e033d8f7006f8d44b46cdc077a67ac
SSDEEP

6144:IcySkKsv4RLHZW0Oyt7y0ThirCpCAgszYyKa4TkxFlA/y7C1eV6o:IcyHKk4R15u0NiWxPVhlC5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6a35259a1ed09110767be5c9d20c315

Files

d6a35259a1ed09110767be5c9d20c315
.exe windows:4 windows x86 arch:x86

2ea1f105429088e21570076d32a2817a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

k:\ylymveq.PDB

Imports

advapi32

RegOpenKeyExA
CryptAcquireContextW
RegCloseKey
AbortSystemShutdownW
InitiateSystemShutdownA
CryptSetHashParam
RegNotifyChangeKeyValue
LookupAccountNameA
RegQueryMultipleValuesA
CryptDuplicateHash
RegSaveKeyA
LogonUserW
CryptGetProvParam
StartServiceW
CryptSetProviderW
CryptImportKey
CryptContextAddRef

user32

RemoveMenu
GetMenuCheckMarkDimensions
WindowFromPoint
RegisterClassExA
RegisterClassA
CharLowerBuffW
SetWindowsHookW
DdeConnect
IsWindowUnicode
GetMenuStringW
BroadcastSystemMessageW
ShowOwnedPopups
SetWindowLongW
CreateDialogIndirectParamA
DestroyIcon
DrawCaption
FillRect
DrawTextW
TranslateAcceleratorW
AppendMenuW

comctl32

ImageList_AddMasked
ImageList_DragMove
CreateToolbarEx
ImageList_Replace
MakeDragList
ImageList_SetIconSize
CreateUpDownControl
InitCommonControlsEx
ImageList_GetFlags
DestroyPropertySheetPage
ImageList_AddIcon
CreateMappedBitmap
ImageList_DragEnter
ImageList_SetFlags
ImageList_Create

kernel32

GetConsoleMode
EnterCriticalSection
CompareStringW
CreateFileA
UnhandledExceptionFilter
SetStdHandle
CompareStringA
SetFilePointer
GetCurrentThreadId
CreateMutexA
SetHandleCount
GetCommandLineW
GetStdHandle
GetModuleFileNameA
GetStringTypeA
TlsGetValue
GetModuleHandleW
GetModuleFileNameW
GetEnvironmentStrings
FreeLibrary
TlsAlloc
InterlockedIncrement
GetCommandLineA
LoadLibraryA
GetSystemTimeAsFileTime
GetTimeFormatA
ExitProcess
WideCharToMultiByte
HeapFree
VirtualFree
GetLastError
GetOEMCP
GetConsoleOutputCP
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
HeapSize
LCMapStringA
GetEnvironmentStringsW
GetLocaleInfoA
FlushFileBuffers
GetFileType
IsBadReadPtr
HeapCreate
InterlockedExchange
GetProcAddress
VirtualQuery
GetTickCount
OpenMutexA
IsValidCodePage
GetStringTypeW
FreeEnvironmentStringsW
GetCurrentThread
GetConsoleCP
GetACP
HeapReAlloc
VirtualAlloc
GetUserDefaultLCID
WriteConsoleA
SetEnvironmentVariableA
GetLocaleInfoW
TlsSetValue
GetModuleHandleA
TerminateProcess
CloseHandle
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
DeleteCriticalSection
WriteFile
EnumSystemLocalesA
SetUnhandledExceptionFilter
GetTimeZoneInformation
WriteConsoleW
GetStartupInfoA
LCMapStringW
GetCurrentProcess
TlsFree
IsDebuggerPresent
Sleep
QueryPerformanceCounter
RtlUnwind
HeapAlloc
SetLastError
LeaveCriticalSection
GetDateFormatA
HeapDestroy
IsValidLocale
GetCPInfo
ReadFile
GetCurrentProcessId

Sections

.text
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ea1f105429088e21570076d32a2817a

Headers

File Characteristics

PDB Paths

Imports

advapi32

user32

comctl32

kernel32

Sections

.text Size: 168KB - Virtual size: 166KB

.rdata Size: 72KB - Virtual size: 70KB

.data Size: 96KB - Virtual size: 105KB

.rsrc Size: 52KB - Virtual size: 50KB

.text
Size: 168KB - Virtual size: 166KB

.rdata
Size: 72KB - Virtual size: 70KB

.data
Size: 96KB - Virtual size: 105KB

.rsrc
Size: 52KB - Virtual size: 50KB