d6ee66e466a741837e44b07312511832

General

Target

d6ee66e466a741837e44b07312511832
Size

1.1MB
MD5

d6ee66e466a741837e44b07312511832
SHA1

c107c492bab62be5624871ec1ce6cd447229402a
SHA256

c61920942f28f940bcc59a1021db1954db2078549416c09448140b8c2127988a
SHA512

65d9295348f7343d558c0abada61875f23fb462b4701ac3667f6bed25bc105bca15eabcaa387a7f85d18131cc2f13c08b1b1ecb22128fa92cdb8ec7b437fb43d
SSDEEP

24576:ss62T2RUVZipDIdgXyg+QFqZk+NhVwY1:WpDDX4nNhV9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6ee66e466a741837e44b07312511832

Files

d6ee66e466a741837e44b07312511832
.exe windows:8 windows x86 arch:x86

9bb5e914668c139429cd6ee31d372382

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

HeapFree
ConnectNamedPipe
GetStringTypeA
SetFilePointer
GetProcessHeap
WaitForMultipleObjects
HeapSize
GetEnvironmentVariableA
CloseHandle
VirtualFree
HeapCreate
HeapDestroy
InterlockedFlushSList
WriteFileEx
HeapAlloc
HeapUnlock
ExitProcess
ReadFile
InterlockedIncrement
CreateNamedPipeA
VirtualAlloc
InterlockedExchangeAdd
InterlockedDecrement
CreateFileA
VerSetConditionMask
GetSystemTimes
GetFileTime
TransactNamedPipe
HeapLock
FreeEnvironmentStringsA
GetEnvironmentStringsA
FileTimeToSystemTime
GetCurrentProcessId

odbc32

SQLSetScrollOptions
SQLPrepareA
PostComponentError
SQLAllocConnect
SQLProcedureColumnsA
SQLSetConnectOptionA
SQLGetDiagRec
SQLAllocHandle
SQLBindCol
SQLGetDiagRecA
SQLFreeEnv
SQLProcedureColumns
SQLPrepare
SQLForeignKeysA
SQLSetConnectOption
SQLBrowseConnect
SQLSetCursorName
SQLProcedures
SQLGetEnvAttr
SQLNumResultCols
CursorLibLockDesc
SQLSetDescFieldA
SQLBindParam
SQLGetStmtAttr
SQLDriverConnectA
SQLSpecialColumnsA

advpack

NeedRebootInit
DelNodeRunDLL32
FileSaveMarkNotExist
NeedReboot
FileSaveRestore
UserUnInstStubWrapper

user32

DefWindowProcA
DispatchMessageA
UpdateWindow
BeginPaint
RegisterClassA
GetMessageA
CreateWindowExA
DestroyWindow
SendMessageA
EndPaint
ShowWindow
TranslateMessage

Sections

.text
Size: 809KB - Virtual size: 809KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 302KB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9bb5e914668c139429cd6ee31d372382

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

odbc32

advpack

user32

Sections

.text Size: 809KB - Virtual size: 809KB

.data Size: 17KB - Virtual size: 16KB

.rsrc Size: 302KB - Virtual size: 3.4MB

.text
Size: 809KB - Virtual size: 809KB

.data
Size: 17KB - Virtual size: 16KB

.rsrc
Size: 302KB - Virtual size: 3.4MB