6c1e7e549489ad3e2b782f25b5e94e501525c0ddd0e92c079adedeea1a53a9c0

Sharing

Copy URL Twitter E-mail

General

Target

6c1e7e549489ad3e2b782f25b5e94e501525c0ddd0e92c079adedeea1a53a9c0
Size

36KB
MD5

59d580fcd88f7038e70d243868535780
SHA1

b71fdbe807eb512d7c4b2e0e9ba133462bbdefcc
SHA256

6c1e7e549489ad3e2b782f25b5e94e501525c0ddd0e92c079adedeea1a53a9c0
SHA512

f2e744975a4bfde04c51b4c32f73dfea0715dc5170d3e504f2901b5408d032e14b6f225a8c3ef3f54d9b849d1d0705b5623db9f764a0d441a97f0555c181f780
SSDEEP

768:wSfn/6vZQshffrscpKLRT8dggyifSWCVME8GdaWG:USqfDscsgsWCVjtaWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6c1e7e549489ad3e2b782f25b5e94e501525c0ddd0e92c079adedeea1a53a9c0

Files

6c1e7e549489ad3e2b782f25b5e94e501525c0ddd0e92c079adedeea1a53a9c0
.dll windows:4 windows x86 arch:x86

1a5679ee3352be6e42488b3d0d957b29

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
CloseEventLog
ReadEventLogA
GetOldestEventLogRecord
OpenEventLogA

user32

TranslateMessage
GetMessageA
UpdateWindow
ShowWindow
PostQuitMessage
DefWindowProcA
CreateWindowExA
RegisterClassA
LoadCursorA
LoadIconA
DispatchMessageA

gdi32

GetStockObject

msvcrt

??3@YAXPAX@Z
localtime
__CxxFrameHandler
fclose
fprintf
fopen
sprintf
_access
fwrite
rand
srand
time
fread
ftell
fseek
fgets
_iob
_purecall
_CxxThrowException
free
malloc
strncmp
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
atoi
_beginthreadex
??2@YAPAXI@Z
strstr
strncpy
wcstombs
_vsnprintf
strrchr
_strlwr

ws2_32

shutdown
closesocket
connect
gethostbyname
htons
inet_addr
socket
WSAGetLastError
send
recv
WSAStartup
select

iphlpapi

GetAdaptersInfo

msvcp60

??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

kernel32

LeaveCriticalSection
GetLastError
SetFilePointer
EnterCriticalSection
GetProcAddress
GlobalAlloc
FreeConsole
Sleep
LoadLibraryA

Exports

Exports

ServiceMain
Start

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a5679ee3352be6e42488b3d0d957b29

Headers

File Characteristics

Imports

advapi32

user32

gdi32

msvcrt

ws2_32

iphlpapi

msvcp60

kernel32

Exports

Exports

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 6KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 6KB

.reloc
Size: 3KB - Virtual size: 2KB