0006f9d427a63eaed65f0b56fcd63db68aa5281fd1b5f3c6fc73d443c7d8a5e6

Sharing

Copy URL Twitter E-mail

General

Target

0006f9d427a63eaed65f0b56fcd63db68aa5281fd1b5f3c6fc73d443c7d8a5e6
Size

103KB
MD5

d66e22d72abf34f6d4549337f33b4592
SHA1

0b051dc85027dc05e39e3518d9e90b8fecefc996
SHA256

0006f9d427a63eaed65f0b56fcd63db68aa5281fd1b5f3c6fc73d443c7d8a5e6
SHA512

05484cc9f17675709017f5523b251b244bdfc11d844a4e34425f66e7a641bffdd44ee80d98217d1b480f2a12c6fd12d841e3f32eba557d9925d5b9872d952a22
SSDEEP

1536:+zBHO8e2BmP8X7PuzFb1KIAWPsMC0WN9eh0CvNWxO3SJOLFUU0qXcVJ9AP:+fn/muZWZX4900CEPJOLFUU0qshw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0006f9d427a63eaed65f0b56fcd63db68aa5281fd1b5f3c6fc73d443c7d8a5e6

Files

0006f9d427a63eaed65f0b56fcd63db68aa5281fd1b5f3c6fc73d443c7d8a5e6
.exe windows:5 windows x86 arch:x86

20eb8d8fc425904e1a7c95e6b40bfa92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
CreateFileW
LoadLibraryA

user32

IsCharAlphaNumericW
GetMenu
GetKeyboardType
LoadCursorFromFileW
CloseDesktop
CharLowerA
CharUpperW
LoadIconA
GetTopWindow
CharNextW
VkKeyScanA
GetKeyboardLayout
IsCharAlphaA
IsGUIThread
GetWindowTextLengthA
InSendMessage
GetMenuCheckMarkDimensions
GetActiveWindow
GetForegroundWindow
IsCharAlphaNumericA
SwitchToThisWindow
SetWindowsHookExA
SetWindowWord
SetRect
SetClipboardData
SetClassLongA
SendInput
MessageBoxExA
LoadMenuIndirectW
LoadKeyboardLayoutW
IsWindowUnicode
InsertMenuW
HiliteMenuItem
GetMessagePos
GetClassInfoW
ExcludeUpdateRgn
EnumDisplayMonitors
EnableWindow
DrawMenuBar
DestroyAcceleratorTable
DdeGetData
WindowFromDC
GetSystemMetrics
PaintDesktop
GetWindowTextLengthW
GetDC
DestroyWindow
DestroyCursor
CloseClipboard
GetCapture
IsWindow
GetFocus
DestroyMenu
IsCharLowerW
IsMenu
VkKeyScanW
GetKBCodePage
GetDlgCtrlID
IsCharUpperW
DestroyIcon
ReleaseCapture
CharLowerW
CharNextA
CharUpperA
OpenIcon
CloseWindow
UnregisterClassA
GetAsyncKeyState

gdi32

CloseFigure
BeginPath
CreateSolidBrush
GdiArtificialDecrementDriver
EndDoc
GetFontLanguageInfo
AddFontResourceW
GetTextColor
EndPath
CancelDC
GetStretchBltMode
AbortDoc
EndPage
GetEnhMetaFileW
DeleteObject
GetStockObject
StrokePath
GetBkColor
CreateMetaFileW
GetPixelFormat
SwapBuffers
AbortPath
CloseEnhMetaFile
SetMetaRgn
GetROP2
WidenPath
CreateICW

advapi32

RegOpenKeyW
RegQueryValueExW

shell32

FindExecutableW
ShellExecuteEx
SHPathPrepareForWriteA
SHGetSpecialFolderPathW
SHGetPathFromIDListA
SHGetIconOverlayIndexW
SHGetFileInfoW
DoEnvironmentSubstW
ExtractAssociatedIconExW
ExtractIconA
ExtractIconEx
ExtractIconW
ShellExecuteW
SHAppBarMessage
SHBindToParent
SHBrowseForFolder
SHFileOperationW
SHFormatDrive

shlwapi

StrCmpNW
StrRChrA
StrRChrW
StrStrIA
StrStrIW
StrChrA
StrStrW

msvcrt

_XcptFilter
__getmainargs
__initenv
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_adjust_fdiv
_c_exit
_cexit
_controlfp
_except_handler3
_exit
_initterm
_wcsicmp
_wcsupr
exit
memmove
sprintf
wcslen

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20eb8d8fc425904e1a7c95e6b40bfa92

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

msvcrt

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 45KB - Virtual size: 45KB

.data Size: 1024B - Virtual size: 840B

.rsrc Size: 49KB - Virtual size: 49KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 1024B - Virtual size: 840B

.rsrc
Size: 49KB - Virtual size: 49KB